Security Information and Event Management (SIEM) is the combination of Security Information Management (SIM) and Security Event Management (SEM) systems. SEM systems store and interpret logs for real-time security event analysis which enables quick defensive action. SIM systems collect data for trend analysis and provide automated reporting. By combining these two technologies together, a SIEM provides rapid identification, analysis, and recovery from security events.
ProxyShell is a massive new exploit campaign that is targeting vulnerable Microsoft Exchange servers. The servers are publicly available and the campaign is directly responsible for a number of breaches and subsequent ransomware attacks. There have been thousands of compromised Exchange servers to date. Ransomware is simply the byproduct of unauthorized access and privilege escalation and typically has to start with something like ProxyShell providing an attacker remote access.
Often, penetration testing (or pen testing) and vulnerability scanning are used interchangeably. In doing so, the importance of each method of testing gets lost in the confusion. Both of these are significant in protecting your data and infrastructure for different reasons. In the age of digitally storing information and companies having an online network presence, it’s easy for hackers to find their way in. This is why both pen testing and vulnerability scanning are important.
Apple has issued an emergency software update after a cyber-surveillance company created invasive spyware that could infect any iPhone, iPad, Apple Watch, or Mac Computer. Toronto-based internet watchdog security group Citizen Lab said that NSO, the surveillance company which is an Israeli spyware company, developed the tool with a technique that could easily exploit Apple software.
Ransomeware can be a company’s worst nightmare. It’s not simply “getting a virus” or “clicking on a malicious email.” It is a systematic plan created by hackers to take your private information. Once they have a foothold in your private data, they use their position to blackmail you into submitting a payment. Technology to prevent ransomware has gotten better but attackers have gotten smarter and more methodical.
Throughout July and August, Kaseya released a slew of patches for this vulnerability. Bitdefender released a universal decryption key that they developed by working with law enforcement. That key, with instructions, is available to organizations that have been impacted by the attack. Although REvil popped back online after nearly two months of silence, this vulnerability is no longer a threat due to vendor patches and a widely available decryption key.
