Kristine Luque, Author at Velox Systems

Enhancing Your IT with Robust Cybersecurity Services

  When we think of big-picture IT, we often conceptualize fixing existing problems and troubleshooting future issues with workplace technology. However, how many of us consider cybersecurity as an essential part of our IT strategy? Protecting against malicious attacks that could cripple or even shutter our business is increasingly crucial, as recent news stories have […]

Microsoft Rolls Out Updates Addressing 51 Vulnerabilities, Featuring Critical MSMQ Vulnerability

In the realm of cybersecurity, Microsoft’s Patch Tuesday updates for June 2024 stand as a formidable bulwark against a myriad of vulnerabilities, encompassing 51 crucial fixes, including one Critical and 50 Important patches. Complementing this endeavor are the resolution of 17 vulnerabilities in the Chromium-based Edge browser, strengthening defenses against potential exploits. Notably, none of […]

Insights from IT Nation Secure 2024: Key Takeaways for Velox Systems

This past weekend, three of our team members attended the “IT Nation Secure 2024” Conference at the Gaylord Palms Resort and Convention Center near Orlando, Florida. Hosted by ConnectWise, an IT service platform integral to our daily operations, this security conference brought together companies like Velox to attend expert-led classes on cybersecurity. A notable guest […]

MozCon Revelations That Will Shift Cybersecurity Mindset

  Last week, as the marketing specialist at Velox Systems, I had the opportunity to attend the MozCon conference in Seattle, Washington. This national conference brings together experts in cybersecurity and marketing from around the world, featuring high-caliber keynote speakers and numerous networking and breakout sessions. During my time at the conference, I learned several […]

Unveiling the Stealth: How Threat Actors Harness Microsoft Graph API for Malicious Intent

In a digital landscape where innovation meets nefarious intent, threat actors have honed their craft, wielding tools like the Microsoft Graph API as a double-edged sword. This sophisticated tactic, highlighted by the Symantec Threat Hunter Team, a division of Broadcom, sheds light on a concerning trend: the exploitation of seemingly benign technologies for malicious ends. […]

Unveiling Social Engineering: Defending Against Digital Deception

In the realm of cybersecurity, alongside the familiar threats of malware and data breaches, lies a cunning adversary: social engineering. This tactic manipulates human psychology to extract sensitive information or gain unauthorized access. Let’s explore what social engineering entails, its common tactics, and how to shield against its deceptive allure. What is Social Engineering? Social […]

CISA Issues Alert: Active Exploitation of Microsoft SharePoint Vulnerability by Hackers

In the dynamic realm of cybersecurity, constant vigilance is essential to mitigate emerging threats. Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) updated its Known Exploited Vulnerabilities (KEV) catalog to include a critical security flaw affecting Microsoft SharePoint Server, designated as CVE-2023-24955 with a CVSS score of 7.2, allowing authenticated attackers with Site Owner […]

Cybercriminals Utilizing Well-Known Document Publishing Platforms for Phishing Schemes

Within the rapidly shifting landscape of cyber threats, adversaries are now leveraging Digital Document Publishing (DDP) sites such as FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for phishing, credential harvesting, and session token theft, exploiting the platforms’ favorable reputation, evasion of web filter blocklists, and users’ false sense of security. Craig Jackson from Cisco Talos […]

Ande Loader Malware Sets its Sights on North American Manufacturing Sector

In the ever-evolving landscape of cybersecurity threats, the emergence of Blind Eagle, a financially motivated threat actor utilizing loader malware Ande Loader, highlights the sophistication and adaptability of malicious entities. Targeting Spanish-speaking users in the manufacturing industry across North America via phishing emails laden with RAR and BZ2 archives, Blind Eagle orchestrates a complex infection […]

Microsoft’s Midnight Blizzard Breach: Unraveling the Unprecedented Cybersecurity Threat

In a startling disclosure on Friday, Microsoft unveiled a cyber-security nightmare: the Kremlin-backed threat actor Midnight Blizzard, also known as APT29 or Cozy Bear, successfully breached some of the tech giant’s critical source code repositories and internal systems. This revelation, stemming from a hack in November 2023 that surfaced in January 2024, not only underscores […]