M.A. Polce

Security Updates

Security Updates

NYSED Information Security Office LEA Data Security Review

In response to feedback received from various school districts, we have gathered the following information: The New York State Education Department's (NYSED) Information Security Office issued an important update impacting…

Security Alert: Ongoing Stealer Malware Campaigns

In the face of a notable surge in Info Stealer malware campaigns, the cybersecurity landscape demands heightened vigilance. Evolving in sophistication and prevalence, these threats target both individuals and businesses,…

High Severity Zero-Day Libwebp Vulnerability

The libwebp vulnerability is a critical issue that is currently being exploited by attackers. This vulnerability affects nearly all operating systems and applications utilizing the libwebp library, including those built…
A photo of a hand hovering over a holographic projection of a gavel. There is a layer of text over the image that reads in white, all uppercase text "security update" followed by "The SEC's New Cybersecurity Disclosure Requirements." These two sections of text are divided by a green line. At the bottom left corner of the graphic is a white version M.A. Polce's logo without the "IT and Cybersecurity" tagline.

The SEC’s New Cybersecurity Disclosure Requirements

The Securities and Exchange Commission (SEC) has recently introduced new cybersecurity disclosure requirements, also known as the "Final Rules," that apply to all SEC filers, including domestic issuers, foreign private…
A photo of a chain with a broken link behind a semi-transparent blue layer. There is a layer of text over the image of the broken chain that reads in white, all uppercase text "security update" followed by "Citrix NetScaler ADC and Gateway Critical Vulnerability." These two lines of text are divided by a green line. At the bottom left corner of the graphic is a white, stacked version of M.A. Polce's logo.

Citrix NetScaler ADC and Gateway Vulnerability CVE-2023-3519

Overview of CVE-2023-3519 Vulnerability A recent Citrix alert warns of multiple vulnerabilities impacting Citrix Netscaler AD and NetScaler Gateway products. Of those vulnerabilities, only CVE-2023-3519 is of critical severity, with…
A photo of the White House behind a semi-transparent blue layer. There is a layer of text over the White House image that reads in white, all uppercase text "security update" followed by "white house releases national cybersecurity strategy implementation plan." These two lines of text are divided by a green line. At the bottom left corner of the graphic is a white, stacked version of M.A. Polce's logo.

The White House’s Implementation Plan for its National Cybersecurity Strategy

Overview: A Roadmap for the National Cybersecurity Strategy The White House released its implementation plan for the National Cybersecurity Strategy (the Strategy) unveiled in March 2023. The plan provides a…

NYC MOVEit Data Breach

MOVEit is a file-sharing software that private companies and government sectors use to transfer documents and data safely. However, it was recently hacked and leaked data of almost 45,000 students…
A thumbnail with the heading "security update" to indicate the category type of the post. Beneath the heading is a subheading that reads "custom malware infects Barracuda's ESG" which gives viewers an idea of what the security update addresses.

Custom Malware Infects Barracuda’s ESG

Zero-day vulnerability from 2022 has been used by threat actors to infect Barracuda's Email Security Gateway (ESG) with custom malware. Barracuda Networks, a popular email security appliance installed in over…
A cover photo for a security alert featuring Apple's First Security Alert Update

Apple’s Rapid Security Response Update

Apple recently released a Rapid Security Response update, which aims to provide important security improvements between software updates. This update addresses two zero-day vulnerabilities in Apple Webkit that were actively…
An M.A. Polce IT and Cybersecurity branded graphic that indicates the associated post content is a cybersecurity update and/or threat alert

New .zip Top-Level Domain Used In Phishing Attacks

Recently, Google introduced eight new top-level domains available for purchase, including .zip. However, cybersecurity experts are concerned about the potential for malicious activity with this TLD. The similarity to the…

Download the "How Strong is Your Cybersecurity Culture?" Checklist!

Name(Required)