Headquartered in Charlotte, NC, nGuard is a privately-held, cyber security services firm. Founded in 2002, nGuard has provides advanced services… Continue Reading
Search Results for:
The Banking and Finance industry is a crucial part of the global economy, but it is also a high-value target… Continue Reading
Sign up for nGuard Security Advisories filter Sign up for nGuard Security Advisories In depth analysis and mitigation of the… Continue Reading
Our team is comprised of professional security engineers, consultants, auditors, project managers and account executives who come from a wide… Continue Reading
nGuard has extensive experience working with companies to develop a robust security & privacy program. nGuard can help your organization… Continue Reading
The recent crackdown on the LockBit ransomware gang marks a significant milestone in the global fight against cybercrime. The U.S…. Continue Reading
Cyberattacks in 2024 have had a widespread impact, with major breaches affecting industries ranging from finance to critical infrastructure. Attackers… Continue Reading
Even with the abundance of documentation available to your organization, PCI DSS compliance may seem like a tall mountain to… Continue Reading
It’s no secret that most organizations that endeavor to achieve any level of PCI compliance find it more difficult than… Continue Reading
In recent weeks, the cybersecurity community has been abuzz with discussions surrounding a critical vulnerability identified as CVE-2023-20198. This vulnerability, affecting… Continue Reading
If you are not familiar with NSO Group, nGuard released a Security Advisory in August detailing the history of the… Continue Reading
As cyberattacks increase worldwide, insurance companies are tightening their cyber insurance policy requirements. This is due to the 80% rise… Continue Reading
In a recent settlement with the Federal Communications Commission (FCC) announced on September 17th, AT&T has agreed to pay $13… Continue Reading
A serious vulnerability in Fortinet’s FortiNAC network access control suite (CVE-2022-39952) is now being exploited by hackers to add a… Continue Reading
Microsoft Outlook users should be aware of a new critical vulnerability that has been discovered by Microsoft Threat Intelligence analysts. CVE-2023-23397 is… Continue Reading
In a world where cyber threats loom large, even giants like Boeing are not immune to the relentless onslaught of… Continue Reading
What Happened? Initial Attack DetailsOn June 19, CDK Global, a major provider of car dealership management software, was struck by… Continue Reading
A Chinese state-sponsored hacking group known as “Volt Typhoon” has been conducting a cyberespionage campaign targeting military and government organizations… Continue Reading
SummaryThe Center for Internet Security (CIS) Critical Security Controls is a list of security best practice guidelines that organizations have… Continue Reading
SummaryLast month, nGuard released a security advisory detailing the latest version (v8) of the Center for Internet Security (CIS) Critical Security Controls…. Continue Reading
SummaryLast month, nGuard released a security advisory called CIS Controls v8 (Part 2) where we covered controls 7-12. This time, we are… Continue Reading
As the cyber landscape faces ever-growing cyber threats, critical infrastructure entities continue to be prime targets. This Security Advisory explores… Continue Reading
As of February 7th, 2024, three technology giants in the dynamic landscape of InfoSec: Cisco, Fortinet, and VMware, have recently… Continue Reading
Cisco has recently identified and patched a severe vulnerability in its Unity Connection product, posing a significant risk for unauthorized… Continue Reading
Introduction In 2023, threat actors heightened their focus on exploiting zero-day vulnerabilities, impacting organizations across the globe. This surge in… Continue Reading
Cobalt Strike is a powerful toolset being used by offensive security firms across the globe. With built in tools for… Continue Reading
On Friday May 7th Colonial Pipeline suffered a cyberattack involving ransomware, causing them to shutdown their IT systems and temporarily… Continue Reading
SummaryThis is a follow up to a previous Security Advisory. For the initial timeline please visit Colonial Pipeline Timeline of Events…. Continue Reading
On September 22nd, the Cybersecurity & Infrastructure Security Agency (CISA) released an alert regarding a spike in the use of… Continue Reading
SummaryThis month, Microsoft released security patches for multiple zero-day exploits targeting on-premise Exchange servers. CVE-2021-26855 allows a malicious attacker to… Continue Reading
ZeroLogon (CVE-2020-1472) is an immensely critical privilege escalation vulnerability affecting all versions of Windows Servers. A defect in the cryptography used… Continue Reading
The Outage Explained On July 19, 2024, a routine update to CrowdStrike Falcon’s sensor configuration (version 7.11) inadvertently unleashed chaos… Continue Reading
Summary Over the past few years, cybercriminals have brought more sophisticated ransomware attacks against organizations leading to potentially catastrophic damages…. Continue Reading
In a new revelation, China-backed hacking group Volt Typhoon has maintained persistent access to major U.S. critical infrastructure for at… Continue Reading
The healthcare industry, with its vast repositories of sensitive patient data, has always been an attractive target for cybercriminals. Recent… Continue Reading
SummaryWith the recent breach of the Oldsmar Florida Water Treatment Plant, China warning India they have the ability to turn the lights… Continue Reading
The rapid growth of artificial intelligence has introduced groundbreaking innovations, but also new security risks. DeepSeek AI, a China-based company… Continue Reading
Threats Are on The RiseAs tensions rise on the border separating Russia and its south-west neighbor Ukraine, threats of cyber… Continue Reading
In this article, we will be discussing several recent developments in cybersecurity. First, we will cover the FortiOS SSLVPN Buffer… Continue Reading
ys to exploit businesses’ trust in electronic signatures, like using fake DocuSign templates. At the same time, there are new… Continue Reading
IntroductionIt is no secret that critical infrastructure is on cyber watch here in the United States. On March 7th, the… Continue Reading
The FBI was given permission last week by the United States Department of Justice (DOJ) to remove web shells that… Continue Reading
Late last week, Attorney General Merrick Garland announced that the FBI was removing malware from computer systems around the world in an… Continue Reading
As security researchers continue to delve into the issues surrounding the SolarWinds breach, additional implications and vulnerabilities are coming to… Continue Reading
As cyberattacks have increased over the past years and months, many regulated industries have begun to require compliance with various… Continue Reading
SummaryEarlier this month, hackers successfully carried out an attack against an Oldsmar, Florida water treatment facility, coming awfully close to… Continue Reading
Over the last week there have been several major stories in the international community involving Russia, Iran and China. Russian… Continue Reading
Since the introduction of the European Union’s General Data Protection Regulation (GDPR) in May of 2018, they have handed out… Continue Reading
Typosquatting is a cybersecurity issue where individuals may unintentionally land on fraudulent websites due to minor spelling errors when entering… Continue Reading
NSO Group continues to stay at the top of the headlines as 2022 carries on. There have been 3 noteworthy… Continue Reading
This is a 3-part series on how nGuard most commonly gains an initial foothold on your internal network, then takes… Continue Reading
In this 3-part series we are demonstrating how nGuard most commonly gains an initial foothold on internal networks, then takes… Continue Reading
In this 3-part series we are demonstrating how nGuard most commonly gains an initial foothold on internal networks, then takes… Continue Reading
In recent weeks, Microsoft has been at the center of numerous cybersecurity incidents, highlighting the ongoing challenges faced by tech… Continue Reading
The Internet of Things (IoT) is quickly growing into one of the largest markets in technology. The number of devices… Continue Reading
Lapsus$ is a hacking group that first appeared in December of 2021 when they were extorting Brazil’s Ministry of Health…. Continue Reading
SummaryRemember when someone discovered a misconfigured database exposed to the internet that left the information of 500 million LinkedIn users… Continue Reading
Overview On December 10th, 2021, CVE-2021-44228 (Log4Shell) was released affecting the Log4j Java logging framework. This vulnerability received the highest… Continue Reading
Understanding the AT&T Data BreachIn a major cybersecurity incident, AT&T recently disclosed a significant data breach impacting more than 110 million customers….. Continue Reading
In recent weeks, a major data breach caused by the exploitation of a vulnerability in the popular file transfer tool MOVEit,… Continue Reading
In today’s digital age, cyber threats loom large, and even industry stalwarts like MGM Resorts can find themselves under siege…. Continue Reading
Microsoft is reporting that nearly 70,000 sources spread across the globe are responsible for one of the largest cyber-attacks in… Continue Reading
Earlier this month two new zero-day exploits, CVE-2022-41040 and CVE-2022-41082, were released and code named ProxyNotShell due to similarities to… Continue Reading
The Midnight Blizzard attack on Microsoft, attributed to the Russian hacking group APT29 or Cozy Bear, stands as a stark… Continue Reading
OverviewCVE-2022-30190, known as Follina, was released by Microsoft on Monday, May 30th, 2022. The vulnerability resides within the Microsoft Support… Continue Reading
Recently, Microsoft has made significant strides in enhancing its cybersecurity posture while also grappling with challenges that highlight vulnerabilities in… Continue Reading
In the latest Patch Tuesday release from Microsoft, the tech giant has rolled out vital updates, fortifying a total of… Continue Reading
September 11th, 2024 This article serves as the latest update to our ongoing coverage of Microsoft’s controversial Windows Recall feature…. Continue Reading
In recent months, the financial services industry has been rocked by a series of high-profile data breaches, exposing millions of… Continue Reading
What Is It?Multi-factor authentication (MFA) prompt bombing is a specific social engineering attack that bombards its victims with countless MFA… Continue Reading
Unraveling the ThreatIn the dynamic world of cybersecurity, vulnerabilities can crop up in the most unexpected places. As we’ve seen… Continue Reading
Recent cyber incidents involving Chinese and Iranian threat actors highlight the growing intersection of cyber espionage with geopolitical tensions. China’s Salt… Continue Reading
IntroductionThe international cybersecurity community is continually challenged to stay one step ahead of new threats in an ever-changing cyber landscape…. Continue Reading
What Happened? In one of the largest data breaches ever recorded, National Public Data (NPD), a consumer data broker, has… Continue Reading
nGuard continues to enhance its Managed Intrusion Prevention Services (MIPS) with the announcement of support for Cisco FirePOWER™ IPS version… Continue Reading
The Managed Integrity Monitoring Service provides nGuard clients with vital 24x7x365 monitoring of changes to web servers, DNS servers, and… Continue Reading
The nSight Remediation Database (nRdb) is a key deliverable provided to clients in all nGuard security assessments. It provides a… Continue Reading
Today, nGuard reported very strong growth in cyber security assessment and penetration testing services. For FY2019 Q1, nGuard achieved a… Continue Reading
On February 26, 2024, the U.S. National Institute of Standards and Technology (NIST) unveiled Cybersecurity Framework (CSF) Version 2.0, marking… Continue Reading
IntroductionThe National Institute of Standards and Technology (NIST) has announced that the SHA-1 algorithm, one of the first widely used… Continue Reading
Initial ReportOn October 27th it was reported by Dark Reading that organizations have five days to get ready for what the OpenSSL Project defined… Continue Reading
On June 27, 2017, an ongoing cyberattack was discovered that utilized a variant of a prior, widespread, ransomware exploit known… Continue Reading
The Open Web Application Security Project (OWASP) is a non-profit organization focused on improving the security of web application software…. Continue Reading
Overview of the VulnerabilityRecently, Palo Alto Networks identified a critical zero-day vulnerability in their firewall software, PAN-OS versions 10.2, 11.0,… Continue Reading
Conventional wisdom says passwords should be longer than 8 characters, they should contain complexity with upper case, lower case, numbers,… Continue Reading
In honor of World Password Day on May 2nd, government entities and tech giants are making big moves to raise… Continue Reading
The world of cybersecurity has been shaken by the discovery of a significant vulnerability in Linux systems, known as “Looney… Continue Reading
On March 31, 2022, the PCI Security Standards Council (PCI SSC) issued version 4.0 of the PCI Data Security Standard… Continue Reading
Recently, a set of vulnerabilities were identified which affect millions of Internet-of-Things (IoT) devices using software developed by a company… Continue Reading
The U.S. Securities and Exchange Commission (SEC) has taken a step towards increasing transparency and investor protection by announcing new… Continue Reading
With the U.S. presidential election just around the corner, cyber threats from foreign actors have escalated, targeting critical election infrastructure,… Continue Reading
On Monday, CNN reported that nine organizations spread across multiple sectors have been breached by what is believed to be foreign hackers. Palo… Continue Reading
SummaryHas your organization been a target of ransomware? Did you pay the ransom? If so, did you get all your… Continue Reading
By now you are likely aware that a SolarWinds Orion security breach has impacted over 18,000 government agencies and businesses…. Continue Reading
In this advisory, we delve into the recent breaches of global telecom providers by Chinese state-sponsored group Salt Typhoon, challenges in removing… Continue Reading
In the last week of August 2020, the FBI successfully detained and arrested a Russian citizen that was attempting to… Continue Reading
Who is the NSO Group? The NSO Group is an Israeli cyber intelligence firm that, according to their website, “creates… Continue Reading
The Information Security Forum (ISF) has released its predictions regarding the top five global security threats businesses will face in… Continue Reading
It’s another busy week in the world of cybersecurity and nGuard wants to keep our advisory readers up-to-date. This week, nGuard… Continue Reading
It’s another busy week in the world of cybersecurity and nGuard wants to keep our advisory readers up to date. This… Continue Reading
Russia has launched a full-scale military invasion into the country of Ukraine and with that comes the increased risk of… Continue Reading
Over the past week there have been many hot topics in the cybersecurity world. This edition of This Week in… Continue Reading
In this edition of “This Week in Cybersecurity” (TWiC), we take a look into four significant incidents: a cyber-attack on… Continue Reading
In the past few weeks, the cybersecurity landscape has been marked by significant incidents affecting both governmental institutions and private… Continue Reading
Information security is, and always will be, a constant exercise in risk discovery and follow-up risk reduction. No matter the… Continue Reading
The nGuard Security Advisory for this week covers several important topics related to cyber security threats. The Cybersecurity and Infrastructure… Continue Reading
Over the past few weeks there have been several hot topics and time sensitive advisories released. In this edition of… Continue Reading
Over the past few weeks, we have seen some interesting stories develop in the world of cyber security. It seems… Continue Reading
The past couple of weeks have been busy ones for the world of cybersecurity. Multiple companies have disclosed serious hacks… Continue Reading
In this edition of This Week in Cybersecurity, we will discuss how phishers are using Telegram to sell phishing kits… Continue Reading
In this edition of This Week in Cybersecurity (TWiC), we have updates on the SolarWinds breach, Salesforce data leak and… Continue Reading
Over the past week there have been many hot topics in cybersecurity. This edition of This Week in Cybersecurity includes… Continue Reading
Over the past week there have been many hot topics in cybersecurity. This edition of This Week in Cybersecurity includes… Continue Reading
Over the past week there have been many hot topics in cybersecurity. This edition of This Week in Cybersecurity includes… Continue Reading
FBI Investigating Data Breach Affecting U.S. House of Representatives Members and Staff The Federal Bureau of Investigation (FBI) is investigating… Continue Reading
In this week’s edition of TWIC (This Week in Cybersecurity), we delve into the most significant stories and developments in… Continue Reading
In this edition of This Week in Cybersecurity, we bring you a comprehensive overview of the latest developments and pressing… Continue Reading
In a significant update, the National Institute of Standards and Technology (NIST) has revised its approach to password management. The 2024… Continue Reading
On October 10, 2022, Fortinet, Inc released a new advisory for CVE-2022-40684 which affects the FortiOS, FortiProxy and FortiSwitchManager products. Each of… Continue Reading
Weak Security Controls Last week, multiple government agencies released a joint Cybersecurity Advisory to raise awareness about insufficient security configurations, weak controls,… Continue Reading
Yesterday afternoon Bleeping Computer reported on a critical Windows zero-day affecting all flavors of Windows client and server operating systems…. Continue Reading
Most security professionals will advise the number one way attackers gain an initial foothold on a network is, and continues… Continue Reading
Target: Water Utilities Water Utilities play a critical role in our society. They provide fresh, potable water to residents,… Continue Reading
nGuard continues to observe weak passwords in widespread use across its customer-base, regardless of industry or size. “It’s a major… Continue Reading
The White House issued a stark warning to U.S. governors regarding the escalating risk of “disabling” cybercrimes targeting water systems… Continue Reading
IntroductionIn early October, a significant breach at genetic testing giant 23andMe compromised the personal data of 6.9 million users. This… Continue Reading