The Arraya Blog

Heads up: Microsoft and the National Security Agency (NSA) just sounded the alarm on a newly-discovered Windows vulnerability, one that has left potentially hundreds of millions of devices open to attack. Designated CVE-2020-0601, it affects certificate validation within devices running Windows 10, Windows Server 2016, Windows Server 2019, and Windows Server version 1803. Essentially, attackers […]

During the summer of 2017, pharmaceutical giant Merck was one of countless companies, around the world hit by the most devastating cyber-attack in history: NotPetya. Initially masquerading as ransomware, NotPetya turned out to be far worse: a strain of malware designed to destroy systems rather than hold them hostage. The toll NotPetya inflicted on Merck […]

Here’s something we can all be thankful for this holiday season: Larger cyber security budgets are reportedly on their way! In a recent FireEye study, 76% of participants said they expect their security budgets to increase in 2020. That’s obviously encouraging for those fighting the good fight and bad news for those on the other […]

Here’s an encouraging stat: Nearly all (99%) of email-based threats like phishing are totally harmless in and of themselves. In order to become dangerous, they require some type of user interaction, whether that’s clicking on a link, opening an attachment, etc. Yet, email remains a highly popular and lucrative attack vector. In fact, phishing ranks […]

No entity, no matter the size, can afford cyber security blind spots. The recent string of ransomware attacks targeting local governments has underscored that point. Hackers have gone after major cities like Baltimore and they’ve hit places the average person is less familiar with, like Lake City, FL. Despite the risks, many small-to-midsized municipalities, businesses, […]

Raise your hand if you’ve heard someone describe Microsoft as a “security company” at some point in the last few years. We can’t say for sure – maybe because your Microsoft desktop is so secure – but we’re guessing there are plenty of hands in the air. We get it. Given cyber security’s status as […]

These days, everybody is looking for a cyber security silver bullet. Organizations want something flashy, new, and most importantly, capable of besting any threat or malicious actor that may cross its path. TACACS+ is none of those things. In truth, that perfect cyber security cure-all may never materialize. Instead, the most successful security postures use […]

Most cybersecurity experts will advise employees to keep their personal information off their company-issued devices. In fact, most companies’ acceptable use policies require it. Yet, despite the ample warnings and policies, employees continue to use their work devices for decidedly non-work purposes. With the growing popularity of remote working, road-warriors, bring your own device (BYOD), […]

Earlier this month, Microsoft issued an exciting announcement regarding passwords. Now, “exciting” and “passwords” aren’t two things that normally find themselves together in the same sentence. However, this news is the most significant change in Microsoft’s password policy recommendations in nearly three decades. In a recent blog post, Microsoft announced plans to remove regular mandatory […]

Last week, Citrix became the latest victim of a high-profile data breach while Equifax, a perennial cyber security punching bag, was raked over the coals by Congress. Both stories represent valuable learning opportunities for organizations seeking to avoid a similar fate. Let’s review each story, then we’ll share some insights into how companies can protect […]