433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (727) 493-2351

Multicloud Data Protection Mitigates Risk for DevOps Teams

Critical cloud development data could be an unintended casualty in the unbridled rush to get new application services to market.
http://news.poseidon-us.com/SgnSpG

BrandPost: The Unrelenting Rise of Botnet Threats

As the world has moved to scalable online services for everything from video streaming to gaming to messaging, it’s really no surprise that malware has followed close behind. Specifically, threats such as botnets are evolving and scaling at such speeds that it’s more important than ever to proactively manage potential security threats.  Botnets, a portmanteau or blend of the phrase robot networks, are collections of malware-infected computing resources that can be used to attack any connected target system. They’re a growing risk for every organization, enabling cyber criminals to steal passwords and gain access to corporate systems, deploy disruptive attacks that shut down entire network, or even hijack corporate data with ransomware. To read this article in full, please click here
http://news.poseidon-us.com/SgnKPD

Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026)

Cisco has acknowledged one critical (CVE-2023-20025) and two medium-severity (CVE-2023-20026, CVE-2023-20045) vulnerabilities affecting some of its Small Business series of routers, but won’t be fixing them as the devices “have entered the end-of-life process.” Proof-of-concept exploit code for CVE-2023-20025 and CVE-2023-20026 is available online, but there is currently no indication of any of these flaws being exploited by attackers. About the vulnerabilities CVE-2023-20025 is an authentication bypass vulnerability in the web-based management interface of Cisco … More → The post Cisco won’t fix router flaws even though PoC exploit is available (CVE-2023-20025, CVE-2023-20026) appeared first on Help Net Security.
http://news.poseidon-us.com/SgmDmC

Cybercriminals bypass Windows security with driver-vulnerability exploit

The Scattered Spider cybercrime group has recently been observed attempting to deploy a malicious kernel driver using a tactic called bring your own vulnerable driver (BYOVD) — a warning to security professionals that the technique, which exploits longstanding deficiencies in Windows kernel protections, is still being employed by cybercriminals, according to cybersecurity company CrowdStrike. In this latest BYOVD attack, which was observed and stopped by CrowdStrike’s Falcon security system, Scattered Spider attempted to deploy a malicious kernel driver via a vulnerability — CVE-2015-2291 in MITRE’s Common Vulnerability and Exposures program — in the Intel Ethernet diagnostics driver for Windows (iqvw64.sys). To read this article in full, please click here
http://news.poseidon-us.com/Sgl40P

Replacing On-Premises File Servers with SharePoint Online: Five Common Pitfalls

Check out this insightful discussion where we will examine the pros and cons of potential options, starting with SharePoint Online. Hear from Liam Cleary, Microsoft MVP and Karl Becker, Director of Egnyte’s Value Engineering Group and former Director of Global IT at Merkle B2B!
http://news.poseidon-us.com/Sgkbt6

Study shows attackers can use ChatGPT to significantly enhance phishing and BEC scams

Security researchers have used the GPT-3 natural language generation model and the ChatGPT chatbot based on it to show how such deep learning models can be used to make social engineering attacks such as phishing or business email compromise scams harder to detect and easier to pull off. The study, by researchers with security firm WithSecure, demonstrates that not only can attackers generate unique variations of the same phishing lure with grammatically correct and human-like written text, but they can build entire email chains to make their emails more convincing and can even generate messages using the writing style of real people based on provided samples of their communications. To read this article in full, please click here
http://news.poseidon-us.com/SgkVhF

Master Class: Bringing Intelligent Communication, Collaboration and Engagement with Microsoft Teams

Today’s new modern workforce requires businesses to provide employees with tools they need to collaborate and work productively to address the universal shift to remote work. Vonage’s integration with Microsoft Teams connects distributed workers through enterprise grade voice, SMS, MMS and AI while leveraging existing Microsoft investments. Learn more!
http://news.poseidon-us.com/SgkQCr

Passive detection of internet-connected systems affected by vulnerabilities from the CISA KEV catalog, (Wed, Jan 11th)

CISA’s Know Exploited Vulnerabilities (KEV) catalog is a wonderful resource for vulnerability and patch management. If you have not come across it yet, it is – as the name suggests – a list of vulnerabilities that are currently known to be actively exploited in the wild, which is published by the US Cybersecurity & Infrastructure Agency (CISA)[1]. It was started back in 2021[2] and currently contains 870 vulnerabilities[3].
http://news.poseidon-us.com/SgjJg9

Ransomware Protection Instant Recovery

Veeam has multiple recovery options which allow you to optimize your recovery processes, and quickly and simultaneously restore multiple machines. Granular options allow the recovery of a single file to applications, entire volumes or servers, reducing the costs of downtime and mitigating the risk associated with a cyber‑attack.
http://news.poseidon-us.com/SggYGQ