As I’m writing this blog, malicious actors are actively exploiting vulnerabilities in the Microsoft Exchange Server software. These were zero-day exploits, which means that even organizations that were diligent in their patching were vulnerable. So far the estimates are that more than 60,000 organizations have been compromised.

As enterprises fast track cloud adoption plans without security considerations, we’ve seen the dangers of cloud misconfigurations and how it continues to cost millions in lost data and revenue for failure to comply. In this blog we’ll explain how to spot the telltale signs and secure your clouds with adequate Cloud Security Posture Management (CSPM).

Amazon’s AWS Systems Manager, better known as SSM to long-time AWS users, was announced at the end of 2017, replacing the similarly named EC2 Systems Manager that had launched a year prior. Similar to other AWS products, System Manager provides a broad spectrum of features instead of a focused and opinionated product.

(Guest Blog) For decades, companies have relied on perimeter protection solutions to restrict their digital resources. These included passwords to authenticate users, intrusion detection systems and firewalls. With time, passwords became inadequate in preventing unauthorized access, and most shifted to two-factor authentication systems like one-time SMS codes or tokens. This change significantly enhanced security, but the approach only focused on securing the perimeter.

Hancitor (AKA CHanitor, Tordal) is a popular macro-based malware distributed via malicious Office documents delivered through malspam. In the latest campaigns, particularly active between October and December 2020, the malware has been distributed via DocuSign-themed emails asking the victims to review and sign a document. The fake DocuSign link downloads a Microsoft Word document whose malicious macro, once enabled, installs the Hancitor malware.