Blog - Hexafusion Blog | Hexafusion

Hexafusion Blog

Hexafusion management team has been serving businesses in Canada and the United States since 2014, providing IT Services such as IT support, IT security, computer support and consulting to small and medium-sized businesses.

Cisco's Ash Devata on Securing the Hybrid Workforce With Zero Trust

The shift to the hybrid workforce -- some employees working from home or some other remote location, some employees back in the office, and some switching back and forth throughout the week -- has complicated enterprise security significantly. The attack surface for organizations have expanded, while visibility over the environment has dropped. In the latest Edge Chat, Ash Devata, vice president and general manager of Cisco Zero Trust and Duo Security, and Dark Reading's Terry Sweeney discuss how to enable the hybrid workforce with zero trust. (The transcript of the conversation is below.)

0 Comments
Continue reading

Ground Labs Research Reveals 71% of American Consumers are Unaware of Data Protection Laws

Austin, Texas – December 14, 2021 – With data breaches on the rise along with consumer demand for privacy and control over their own data, governments have in turn adopted new data protection regulations — and businesses are feeling the pressure. Now, new consumer research from Ground Labs uncovers a disconnect between what consumers know, what they want, and what businesses are providing.

0 Comments
Continue reading

Attackers Target Log4J to Drop Ransomware, Web Shells, Backdoors

Threat actors, including at least one nation-state actor, are attempting to exploit the newly disclosed Log4j flaw to deploy ransomware, remote access Trojans, and Web shells on vulnerable systems. All the while, organizations continue to download versions of the logging tool containing the vulnerability.

0 Comments
Continue reading

Propane Gas Distributor Hit With Ransomware

Propane gas distributor Superior Plus Corp. today disclosed that it was a victim of a ransomware attack on Dec. 12. 

0 Comments
Continue reading

Ransomware Hits Virginia Legislative Agencies

Virginia legislative agencies and commissions were forced to shut down their computer systems and websites due to a ransomware attack that started on Sunday, local news sources report.

0 Comments
Continue reading

Tool Overload & Attack Surface Expansion Plague SOCs

Security analysts and other professionals continue to suffer from burnout due to a lack of staff and too many tools, among other issues, new data shows. Now, three-quarters (72%) of security analysts have rated the pain of doing their jobs as a 7 or higher on a 10-point scale, with a score of 10 indicating that performing their jobs is a horribly painful experience. 

0 Comments
Continue reading

New ransomware now being deployed in Log4Shell attacks

The first public case of the Log4j Log4Shell vulnerability used to download and install ransomware has been discovered by researchers.

Last Friday, a public exploit was released for a critical zero-day vulnerability named 'Log4Shell' in the Apache Log4j Java-based logging platform. Log4j is a development framework that allows developers to add error and event logging into their Java applications.

0 Comments
Continue reading

Microsoft Patches Zero-Day Spreading Emotet Malware

Microsoft today released its final Patch Tuesday rollout of 2021 with 67 security fixes, one of which patched a zero-day vulnerability spreading Emotet malware and five of which are now publicly known but not yet exploited.

0 Comments
Continue reading

DHS announces 'Hack DHS' bug bounty program for vetted researchers

The Department of Homeland Security (DHS) has launched a new bug bounty program dubbed "Hack DHS" that allows vetted cybersecurity researchers to find and report security vulnerabilities in external DHS systems.

"As the federal government's cybersecurity quarterback, DHS must lead by example and constantly seek to strengthen the security of our own systems," said DHS Secretary Alejandro N. Mayorkas.

0 Comments
Continue reading

Windows 11 KB5008215 update released with application, VPN fixes

Microsoft has released the Windows 11 KB5008215 cumulative update to fix security vulnerabilities and bugs introduced in previous versions.

KB5008215 is a mandatory cumulative update containing security updates, performance improvements, and bug fixes for Windows 11 21H2.

0 Comments
Continue reading

Microsoft fixes Windows AppX Installer zero-day used by Emotet

Microsoft has patched a high severity Windows zero-day vulnerability exploited in the wild to deliver Emotet malware payloads.

The bug, a Windows AppX Installer spoofing security flaw tracked as CVE-2021-43890, can be exploited remotely by threat actors with low user privileges in high complexity attacks requiring user interaction.

0 Comments
Continue reading

Microsoft December 2021 Patch Tuesday fixes 6 zero-days, 67 flaws

Today is Microsoft's December 2021 Patch Tuesday, and with it comes fixes for six zero-day vulnerabilities and a total of 67 flaws. These updates include a fix for an actively exploited Windows Installer vulnerability used in malware distribution campaigns.

0 Comments
Continue reading

December 2021 Patch Tuesday is rolling out to devices on Windows 10 version 2004, version 20H2, version 21H1 and version 21H2

December 2021 Patch Tuesday is rolling out to devices on Windows 10 version 2004, version 20H2, version 21H1 and version 21H2. As per the official release notes, Microsoft has published two cumulative updates - KB5008212 (newer versions) and KB5008206 (older versions).

0 Comments
Continue reading

Microsoft rolls out end-to-end encryption for Teams calls

Microsoft announced today the general availability of end-to-end encryption (E2EE) support for one-to-one Microsoft Teams calls.

The company started the roll-out of E2EE support for Teams calls in public preview two months ago, on October 21. 

0 Comments
Continue reading

Source Code Leaks: The Real Problem Nobody Is Paying Attention To

At 10:30 p.m. PST on Oct. 6, Twitch released the following statement on its corporate blog: "We have learned that some data was exposed to the internet due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party."

0 Comments
Continue reading

Hackers steal Microsoft Exchange credentials using IIS module

Threat actors are installing a malicious IIS web server module named 'Owowa' on Microsoft Exchange Outlook Web Access servers to steal credentials and execute commands on the server remotely.

0 Comments
Continue reading

Combat Misinformation by Getting Back to Security Basics

For generations, technology has generally been viewed as an enabler of positive social change, rarely creating more problems than it solves. But in recent years, there's an emerging realization that technology has a darker side: Connecting everyone through the Internet has enabled widespread and instantaneous distribution of fake news, weaponizing misinformation as an existential threat to democratic society. During the last 18 months, distortions regarding the COVID-19 virus, the pandemic, and vaccines have spread like wildfire, polarizing citizens and unnecessarily multiplying death tolls across the world.

0 Comments
Continue reading

Log4j Zero Day Vulnerability: CISA Mitigation, Patch Guidance

 

The U.S. CISA (Cybersecurity and Infrastructure Security Agency) hosted a national call with critical infrastructure stakeholders on December 13, 2021. Among the topics covered: How to organize a mass effort to patch the Apache Log4j vulnerability, and mitigate potentially cyberattacks that exploit the Log4Shell issue.

0 Comments
Continue reading

Kronos Ransomware Cyberattack Details: Log4j Related?

Kronos & Ultimate Software merged to form UKG in 2020. Hackers attacked UKG’s Kronos on December 11, 2021.

HR software company Kronos has suffered a ransomware attack, and a private cloud restore may take “several weeks,” parent business UKG said. So far, it’s unclear whether the Kronos ransomware attack is related to the Log4j vulnerability that MSSPs and cybersecurity professionals are scrambling to mitigate worldwide.

0 Comments
Continue reading

Apache Vulnerability: Java Log4j Zero Day Details, Log4Shell Patches and Updates

An Apache software vulnerability — known as is CVE-2021-44228 — is triggering concern across the Internet, SC Media reports. Chatter about the vulnerability — which affects a Java logging package known as Log4j — has spilled over into the MSP and MSSP markets, where companies such as BlackPoint Cyber, Huntress and others are weighing in with analysis about potential Log4Shell-related attacks.

0 Comments
Continue reading

By accepting you will be accessing a service provided by a third-party external to https://hexafusion.com/

Customer Login

News & Updates

Contact us

Learn more about what Hexafusion can do for your business.

Hexafusion
250 - 997 Seymour Street
Vancouver, British Columbia V6B 3M1