Thought Leadership

Contrary to the promises of the various security appliance providers, there is no single solution in information security to defend against the various attack vectors available to threat actors (TAs). However, we recommend that businesses adopt Defense in Depth, a strategy of applying multiple layers of defensive mechanisms to better protect an organizations’ valuable

On Thursday, September 29th, Microsoft publicly disclosed two unpatched vulnerabilities impacting on-premises Microsoft Exchange servers that were capable of granting remote access to threat actors. These zero-day vulnerabilities have been identified as CVE-2022-41040, which is a Server-Side Request Forgery (SSRF) vulnerability, and CVE-2022-41082, which allows remote code execution (RCE) when PowerShell is accessible to the attacker.

Improvements to cybersecurity practices top the to-do lists of many businesses these days, thanks to the ever-changing information technology (IT) security threat landscape. One of the most crucial investments an organization can make is replacing their traditional, or legacy, antivirus solutions with next-generation antivirus (NGAV). Combined with the proper

Microsoft recently announced that it will disable some of its legacy email authentication protocols later this year. This change will affect users with older phones or those with email setups using one of these protocols. Legacy, or basic, authentication allows users to connect to a mailbox using only a username and a password and

In the wake of the Russian military invasion of Ukraine, fear of cyberwarfare has risen among the American public, many of whom still have the Colonial Pipeline ransomware attack fresh on their minds. In response, the U.S. government is seeking not only to address these events, but also to raise awareness and security compliance for