News & Resources

Dive into our resource hub and explore top cybersecurity
topics along with what we do and what we can do for you.

Blog | Mar 23, 2023

Flash Notice: Patch Immediately - PoC Exploit Publicly Available for Microsoft Word RCE Vulnerability

A proof-of-concept (PoC) exploit for CVE-2023-21716, a severe RCE vulnerability found in Microsoft Word, is now accessible to the public.

Learn More

Threat Report | Mar 3, 2023

Flash Notice: Cisco IP Phone Vulnerabilities

Cisco has released security updates for vulnerabilities impacting its IP Phone 6800, 7800, 7900, and 8800 Series products.

Learn More

News | Mar 2, 2023

Security Concerns Continue Surrounding Tik Tok

WATE News –- Mike Wilkinson, director of digital forensics and incident response at Avertium explains whether these security concerns are valid or not.

Learn More

Blog | Mar 2, 2023

Securing the Customer Channel: 2 Critical Things for Retailers to Know

Explore the challenges retailers face and take a look at 2 critical factors retailers must know to protect the customer channel and build trust with them.

After emerging in January 2022, Royal ransomware is a ransomware strain that is being distributed by ransomware threat actors from previous operations.

A Windows zero-day vulnerability is allowing threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-web security warnings.

Learn More

Threat Report | Oct 25, 2022

Iranian Cyber Threats - APT42 & HomeLand Justice

CISA and the FBI recently warned that Iranian threat actors APT42 and HomeLand Justice have been consistently improving their offensive cyber capabilities.

Google released a patch for their 5th zero-day vulnerability in 2022. CVE-2022-2856 is a high-severity bad input validation vulnerability impacting Chrome.

Learn More

News | Aug 16, 2022

Avertium Ranks No. 781 on the 2022 Inc. 5000 Annual List of America's Fastest-Growing Private Companies

Today, Inc. revealed that Avertium is #781 on its annual Inc. 5000 list, the most prestigious ranking of the fastest-growing private companies in America.

Learn More

Threat Report | Aug 9, 2022

An In-Depth Look at the APT, Evilnum

Learn More

Threat Report | Jul 27, 2022

Healthcare Ransomware Threats - MedusaLocker & Maui

FBI, CISA, + more recently issued joint warnings for Maui and MedusaLocker ransomware. Both are currently responsible for many cyber attacks in healthcare.

Learn More

Blog | Jul 14, 2022

Flash Notice: [CVE-2022-22047] Microsoft Zero-Day Actively Exploited, Impacting Server & Client Windows Platforms

A zero-day, local privilege escalation vulnerability was found in the latest Widows 11 & Windows Server 2022 releases. It's being tracked as CVE-2022-22047

Learn More

Blog | Jul 13, 2022

Flash Notice: New Ransomware Family, HavanaCrypt, Disguises Itself as Fake Google Update

Researchers at Trend Micro discovered a new ransomware family that’s being delivered as a fake Google software update - HavanaCrypt.

Learn More

Threat Report | Jul 12, 2022

An In-Depth Look at Ransomware Gang, LockBit 3.0

As of 3/2022, the ransomware gang, LockBit, has re-branded itself as LockBit 3.0. LockBit 3.0, also known as LockBit Black, is active and in the wild.

Learn More

News | Jul 11, 2022

Facing Ransomware, Healthcare Systems Can't Use 'Hope as a Strategy'

Chief Healthcare Executive -- Cyberattacks have become an increasingly dangerous threat to hospitals. Healthcare systems must take action.

Learn More

Threat Report | Jul 6, 2022

An In-Depth Look at Chinese APT ToddyCat

ToddyCat is a new APT, has been active since December 2020, and has attacked several high-profile organizations within the government and military sectors.

Learn More

Blog | Jul 6, 2022

Google Chrome Zero-Day Vulnerability Exploit [CVE-2022-2294]

Over the 4th of July weekend, Google released a patch for a high-severity zero-day Chrome vulnerability. Learn everything you need to know in our blog.

Learn More

Threat Report | Jun 28, 2022

How the Tables Have Turned - Russia vs. Ukraine Part Three

Over the past 5 months, things have changed. It appears that Russia and Ukraine are now on equal footing regarding the Russia vs. Ukraine cyber war.

Learn More

Blog | Jun 27, 2022

Flash Notice: [CVE-2022-29499] Critical Zero-Day Vulnerability Found in Mitel VoIP Appliance

A ransomware attack was deployed against an unnamed mark using Mitel’s VoIP appliance as an entry point. CVE-2022-29499 is actively being used in the wild

Learn More

Threat Report | Jun 21, 2022

An In-Depth Look at Chinese APT, Aoqin Dragon

Active since 2013, the APT Aoqin Dragon flew under the radar for ten years before researchers at Sentinel Labs identified their activity.

Learn More

Threat Report | Jun 14, 2022

An In-Depth Look at the Data Extortion Group, Karakurt

This month, CISA issued a warning about a data extortion group called Karakurt. Let's take a detailed look at the group and their tactics.

During Patch Tuesday, Microsoft fixed a zero-day Windows vulnerability. However, the patch was bypassed and led to a new privilege elevation vulnerability named ‘InstallerFileTakeOver’.

Learn More

Blog | Nov 19, 2021

Flash Notice - APT Group Exploits FatPipe Zero-Day Vulnerability for 6 Months

The FBI issued a notice yesterday warning that APT has been exploiting a zero-day vulnerability in FatPipe’s router clustering and load balancer products.

Learn More

Blog | Nov 19, 2021

Flash Notice - Emotet Botnet is Back with New Spam Campaigns

Last seen in January 2021, after law enforcement took them down, Emotet is back & is using TrickBot to install Emotet malware on infected Windows systems.

Learn More

Blog | Nov 17, 2021

Flash Notice - BotenaGo Botnet Could Affect Millions of Routers & IoT Devices

A new botnet named BotenaGo has been seen in the wild targeting a number of IoT devices & routers. BotenaGo can exploit up to 30 different vulnerabilities.

Learn More

Threat Report | Nov 16, 2021

HIVE Ransomware: Everything You Need To Know (Attacks & Analysis)

Hive has a variety of techniques and tactics that are challenging for cyber security professionals to defend and mitigate. Learn more.

Learn More

Ebook | Nov 15, 2021

Creating a Business-First Incident Response Plan

Breaches are no longer a simple ransom to be paid. The ripple effect that follows an attack can leave a long-lasting impact if your company is not prepared.

Learn More

Threat Report | Nov 11, 2021

TIR-20211004 An In-Depth Look at Ransomware Gang, Conti

News | Sep 30, 2021

Avertium’s Paul Caiazzo Named “CISO of the Year” in 2021 CyberSecurity Breakthrough Awards Program

Chief Information Security Officer, Paul Caiazzo, has been named “CISO of the Year” in the fifth annual CyberSecurity Breakthrough Awards program.

Learn More

News | Sep 29, 2021

Avertium and Black Kite Announce Strategic Partnership in New Approach to Attack Surface Monitoring

Watch Now

Whitepaper | Sep 15, 2021

Strengthening Cybersecurity with Consensus: How to Build Positive Board Relationships

For CISOs looking to strengthen their cybersecurity posture, board buy-in is a helpful ally. This free guide details tangible action steps that CISOs can take.

Guide | Sep 15, 2021

8 Steps to Take if You've Been Breached

When it comes to a security breach, fast detection, mitigation and response are vital for reducing impact. This guide gives a formal, methodical approach.

Learn More

Infographic | Sep 15, 2021

5 Ways to Prevent Ransomware

Avertium offers five ways for your security team to prevent ransomware.

9 essential steps to managing third-party vendor risk that every information security professional can adopt for their organization.

Learn why XDR is more than technology in order to achieve a proactive and more mature security posture.

Webinar | Sep 15, 2021

Navigating Cybersecurity & Managing Data Breach Risks

Webinar providing tips on how to secure your company network, endpoints and remote workers in a remote working model.

Watch Now

Webinar | Sep 15, 2021

5 Essential Steps to Creating a Relevant Incident Response Plan

Incident response templates are readily available online but how well do they work for your company's specific policies, procedures, and workflows?

Watch Now

Checklist | Sep 15, 2021

The Ultimate Incident Response Plan Checklist

A cybersecurity incident response plan for a data breach takes thoughtful planning. Learn what's needed with this incident response (IR) planning checklist.

Learn More

Ebook | Sep 14, 2021

Leveraging Zero Trust Architecture to Contain & Combat Ransomware

Gain visibility on who's on your network by signing up to download our free eBook discussing how you can contain ransomware utilizing Zero Trust.

Learn More

Threat Report | Sep 14, 2021

TIR-20210913 TEAMTNT – “CHIMAERA” CRYPTOMINING MALWARE CAMPAIGN TARGETS SERVERS

TeamTNT released a new campaign known as "Chimaera" meant to cryptomine malware and is actively targeting several operating systems and applications.

Learn More

Blog | Sep 9, 2021

Lockbit 2.0 Ransomware: An In-Depth Look At Lockfile & LockBit

Emerging in July 2021, LockFile has compromised over 300 servers in an ongoing ransomware campaign. Learn more!

Learn More

Blog | Sep 9, 2021

Flash Notice – Microsoft Issues Warning for Remote Code Execution Vulnerability

A statement has been released by Microsoft warning users of a remote code execution vulnerability in Office 365 and Office 2019 on Windows 10.

Learn More

Blog | Aug 24, 2021

Threat Actor Profile – “BlackMatter” Ransomware

BlackMatter began making its presence known as a ransomware-as-a-service (RaaS) gang in 2021. Read more for indicators of compromise and our recommendations.

Learn More

Blog | Aug 18, 2021

Email Phishing Campaigns (Beware Of These Scams)

We discuss the similarities between Photo Copyright email phishing campaigns and SharePoint phishing campaigns. Learn more!

Learn More

Blog | Aug 13, 2021

Flash Notice – The PrintNightmare Continues

These disappointing developments coincide with reports of ransomware groups exploiting the PrintNightmare family of vulnerabilities in the wild.

Learn More

Blog | Aug 10, 2021

XDR: Tech Stack, Service, Process, or All Three?

What is eXtended Detection Response (XDR)? Is it a process, a tech stack, or a service? How does it differ from MDR and EDR?

Learn More

Blog | Aug 3, 2021

Microsoft Exchange Server Breach is Formally Attributed to China by the U.S

The extensive breach of Microsoft Exchange Server early this year has been formally attributed to China by the United States & several allies.

Learn More

Blog | Aug 3, 2021

President Biden’s Executive Order on Cybersecurity: What it does & What it doesn’t do

The growing need for cybersecurity has brought onto a new executive order. Read more to learn about what this means and where it falls short.

Learn More

Blog | Jul 28, 2021

A Zero Trust Network Architecture (ZTNA) POV with Appgate

As Zero Trust becomes more relevant, Appgate x Avertium leads the way in accelerating the customer's Zero Trust journey.

Learn More

Blog | Jul 22, 2021

July 4th Post Mortem on PrintNightmare and REvil

The latest noteworthy exploit leveraged a vulnerability in Microsoft’s Print Spooler Service to target IT Solutions company, Kaseya.

Learn More

Blog | Jul 16, 2021

Flash Notice: SonicWall Warns of Imminent Ransomware Attack Against EOL Products

Learn More

Threat Report | Mar 30, 2021

A report in the Firefox vulnerability and the fake technical support page scam that attempts to steal credentials with our recommended countermeasures.

Learn More

Latest

News & Resources

SUBSCRIBE

Everything You Need to Know About HIPAA Compliance

Threat Hunting Recognized by NIST as an Official Cybersecurity Discipline

Government & Law Enforcement Crack Down On Cybercrime

Strengthening Cybersecurity: HITRUST CSF v11 2023 Updates

Flash Notice: Critical Outlook Vulnerability for Windows is Easy to Exploit

Compromising a Network Through Active Directory Certificate Services

Flash Notice: Fortinet FortiOS Vulnerability Exploited by Attackers

Flash Notice: Critical Fortinet Vulnerability Impacts FortiOS and FortiProxy

Flash Notice: High Severity Vulnerability Found in Veeam Backup and Replication

Hackers Behind Oakland Ransomware Attack Dump Data on City Employees

2023 Ransomware Group Trends

Flash Notice: Patch Immediately - PoC Exploit Publicly Available for Microsoft Word RCE Vulnerability

Flash Notice: Cisco IP Phone Vulnerabilities

Security Concerns Continue Surrounding Tik Tok

Securing the Customer Channel: 2 Critical Things for Retailers to Know

Moving Beyond Email - Alternative Vehicles for Social Engineering

Cyber Threats Unveiled: SSH Scanning and XorDDos Propagation

A Closer Look at QakBot

Flash Notice: Four Vulnerabilities Found in Cisco Security Products

Avertium Recognized on CRN's 2023 MSP 500 List

The Top Three Cyber Threats Defined in Manufacturing

Flash Notice: Critical Vulnerabilities Found in FortiNAC and FortiWeb

TIR-20230213 Threat Actors, Car Systems, and Weak API Security

Flash Notice: Microsoft Patches Three Zero-Day Vulnerabilities

Flash Notice: Apple Patches Two Vulnerabilities, Including a Zero-Day

Flash Notice: Beware - QakBot Group Infects Microsoft's OneNote with QakNote Malware

A Warning to Employers: Callback Phishing is on the Rise

Everything You Need to Know About Cross-Site Request Forgery (CSRF)

Flash Notice: Thousands of Unpatched VMware Servers Hit by Two-Year Old Vulnerability

Flash Notice: Cisco Command-Injection Vulnerability Found in Production Equipment

Flash Notice: Critical QNAP NAS Vulnerability

Everything You Need to Know About the Data Extortion Group, RansomHouse

The Rise of Cyber Fusion – A Holistic Cybersecurity Approach

Hive Ransomware: Modern, Efficient Business Model

Flash Notice: Apple Zero-Day Impacts Older iPhones and iPads

Flash Notice: UPDATE - Zoho ManageEngine Vulnerability Exploited in the Wild

The Basics of Cybersecurity Maturity

CVE-2014-2383: LFI/RFI Escalation to RCE

Flash Notice: Microsoft Patch Tuesday Addresses 11 Critical Vulnerabilities & 1 Zero-Day

Flash Notice: High-Severity JsonWebToken Library Vulnerability

MITM Attacks - EvilProxy and Evilginx

Who are LockBit Gang? The Group Behind the Ransomware and Apology to SickKids Hospital

Flash Notice: High-Severity Fortinet Vulnerabilities Impact FortiTester and FortiADC

Flash Notice: Zoho Manage Engine Vulnerability - Patch Now

An In-Depth Look at Play Ransomware

Flash Notice: Critical Linux Kernel Vulnerability Can Lead to Remote Code Execution

End of the Year Recap and What to Expect for 2023

TIR-20221219: Stay Vigilant with Cybersecurity During the Holidays

Flash Notice: Critical VMware Vulnerabilities

Avertium Advances its Cyber Fusion Capabilities by Adding Microsoft Security Expertise

Flash Notice: Critical Remote Code Execution Vulnerability Found in SPNEGO

Flash Notice: Critical Citrix Zero-Day Exploited by Attackers

Flash Notice: Critical Fortinet Zero-Day Vulnerability Exploited in the Wild

Everything You Need to Know About Royal Ransomware

2023 Cybersecurity Landscape: 8 Lessons for Cybersecurity Professionals

Flash Notice: Google Patches Actively Exploited Zero-Day

An Update on HIVE Ransomware

Flash Notice: Oracle Vulnerability Actively Exploited

The Pitfalls of Online Chat Features

An In-Depth Look at the North Korean Threat Actor, ZINC

Flash Notice: Two High-Severity Vulnerabilities Found in F5 BIG-IP and BIG-IQ Products

Everything You Need to Know to Create An Effective Incident Response Plan

Managed Security Services Market Worth $49.6 Billion by 2027, Report Says

An Update on LockBit 3.0

About Microsoft 365 E5 License including Defender for Endpoint

Flash Notice: Citrix and VMware Disclose Critical Vulnerabilities, Could Impact Remote Workspaces

MFA Breaches & MFA Fatigue

Avertium Names Bill Carroll New Chief Executive Officer

Flash Notice: OpenSSL Project - Two High Severity Vulnerabilities

An In-Depth Look at Lorenz Ransomware

Flash Notice: Cisco VPN Vulnerabilities Exploited in the Wild

Avertium Named Microsoft Security Solutions Partner

Flash Notice: Windows Zero-Day Exploited - JavaScript Files Bypass Security Warnings

Iranian Cyber Threats - APT42 & HomeLand Justice

2022 Common Indicators of a Phishing Attempt

Breaking Down Barriers with Detection-as-Code

“Microsoft Patches Zero-Days Impacting Microsoft Office and Windows”