United States, Australia, Canada, New Zealand and United Kingdom cybersecurity authorities, including the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), Australian Cyber Security Centre (ACSC), Canadian Centre for Cyber Security (CCCS), New Zealand National Cyber Security Centre (NZ NCSC) and United Kingdom’s National Cyber Security Centre (NCSC-UK) issued a joint Cybersecurity Advisory yesterday detailing the most exploited technology vulnerabilities from 2021. The advisory provides details on the top 15 Common Vulnerabilities and Exposures (CVEs) routinely exploited by malicious cyber actors in 2021, as well as other CVEs frequently exploited.

U.S., Australian, Canadian, New Zealand, and UK cybersecurity authorities report that malicious cyber actors aggressively targeted newly disclosed critical software vulnerabilities against broad target sets, including public and private sector organizations worldwide in 2021. To a lesser extent, malicious cyber actors continued to exploit publicly known, dated software vulnerabilities across a broad spectrum of targets.

Important to note is that three of the top 15 routinely exploited vulnerabilities were also routinely exploited in 2020. As the agencies note, their continued exploitation indicates that many organizations fail to patch software in a timely manner and remain vulnerable to malicious cyber actors.

Apple has released two patches for two zero-day vulnerabilities affecting macOS and iOS. The vulnerabilities could allow threat actors to disrupt or access kernel activity and may be under active exploit.

Law firms, accountancy firms and corporate law departments are bombarded from the outside and the inside by threats every day. Threat management has become a full-time task.

With more than two years of a pandemic behind us, many law firms – and many other businesses, for that matter – had expected to be back to the office more fully by now. The latest variant of COVID-19 changed those plans. Now, law firms are facing the fact that they must be prepared to be flexible for the foreseeable future. Indeed, the latest geopolitical disruptions in Eastern Europe demonstrate just how deeply uncertain our world remains. In the face of myriad challenges, how can law firm administrators and IT professionals remain nimble? Let's briefly look at key aspects of accessibility, hardware, software, and data security that will help law firms maintain continual operation in the new reality.

Innovative Computing Systems is aware of the newly discovered critical zero-day vulnerability in Log4j. Log4j is an open-source software utilized by many software vendors. The impact is widespread but only specific software is vulnerable.

We've been asked to share our expertise and predictions by a number of different media outlets in the past month. Here are a few highlights:

New survey results from 500 IT leaders and 3,000 employees in the United States and United Kingdom reveal 94 percent of organizations have experienced insider data breaches in the last year. Further, almost three-quarters (74 percent) of organizations have been breached because of employees breaking security rules, and 73 percent have been the victim of phishing attacks. The vast majority (84 percent) were caused by human error.

Microsoft recently reported the Windows Print Spooler PrintNightmare vulnerability that enables attackers to take over affected servers via remote code execution with system privileges. 

Updated with recording on 7 July 2021:

Join Innovative Computing Systems and cybersecurity partner Sophos for a free webinar to learn how Managed Threat Response enhances your firm's information security. 

Just about anywhere you look these days, there are articles about a company getting hacked or a breach gets reported. As you read through the news story, the author throws around terms and jargon that can get confusing. Let’s go through some of the common terms and how they interact.

You've heard patching your systems is important, but what does that really mean? In the following, Innovative RMM Administrator Tallon DeHart explains Microsoft's patching schedule and why your firm needs to regularly apply manufacturer updates. 

Innovative Computing Systems has received notice of a vulnerability within specific versions of FortiGate Firewalls' firmware that is currently being exploited by malicious actors. It is recommended that any FortiGate on an affected firmware version be upgraded as soon as possible to mitigate potential risk.

In order to secure your firm’s network and patch this vulnerability, we recommend updating your FortiGate soon. As the update process will take about 30 minutes and require a loss of access to your FortiGate, you should plan to do so after your normal business hours. 

If you require our assistance or would like our team to perform the firmware upgrade, please contact us at 1-800-541-0450 or sales@innovativecomp.com to coordinate a date and time to secure your firm's FortiGate against this vulnerability.