Month: October 2025

CyberSecurity

by

This week I’m writing about some recent cybersecurity instances I found interesting and what some of their impacts are,

National Defense Corporation Ransomware
 In March 2025, 4.2 tb worth of sensitive data was taken.
While this information proved to be directly classified it still rose eyebrows around the world about the safety of defense corporations.
The attack marked a shift in Interlock’s targeting strategy from broad, opportunistic campaigns to high-value defense contractors. Though classified data wasn’t directly exposed, procurement documents, logistics details, and supply chain information were compromised, creating long-term risk across the defense industrial base (DIB).
Compliance frameworks like CMMC 2.0 are critical for protecting sensitive, unclassified data, requiring defense contractors and subcontractors to implement robust access controls, encryption, and continuous monitoring, among other controls.
In the end nothing of note was pressed toward the individuals who hacked the corporation, Further investigations have followed since into the leak of crucial information to the dark web and what repercussions will follow of said information.
The national defense corporation has a strong protection plan put into place to prevent circumstances like this occuring so it remains to be seen on further details as to how the information was exposed to the dark web. Further investigations are ongoing into the sensitive data but as of now nothing of note was leaked.
“This incident emphasizes the importance of ensuring, even if you’re compliant yourself, that your entire supply chain,  including third- and fourth-party vendors, meets similar security standards.”

Microsoft zero day
In April 2025, Ransomware attacks via CLFS zero-day vulnerability on organizations across the globe. In April, Microsoft patched 126 vulnerabilities, including CVE-2025-29824, a zero-day flaw in the Windows Common Log File System (CLFS) exploited by the group Storm-2460. The attackers used a custom malware strain, PipeMagic, to escalate privileges and launch ransomware across multiple sectors worldwide.
While the entry point remains unclear, Microsoft confirmed the vulnerability allowed attackers with standard user access to gain elevated privileges, a key step in post-compromise ransomware deployment. The CLFS vulnerability is part of a growing trend of privilege escalation flaws being actively exploited, according to Satnam Narang, senior staff research engineer at Tenable. “Elevation of privilege flaws in CLFS have become especially popular among ransomware operators over the years,” Narang said. “While remote code execution flaws are consistently top overall Patch Tuesday figures, the data is reversed for zero-day exploitation. For the past two years, elevation of privilege flaws have led the pack and, so far in 2025, account for over half of all zero-days exploited.”
With this information we can infer that microsoft has also since patched this vulnerability as it led to a large portion of their internal network becoming corrupted in the months that followed. While the individuals have been identified nothing of note was listed that legal action was taken against the group known as Storm-2460 so it remains to be seen if the group or individual still remains at large leaking information or important documentation around Microsoft.

Works Cited:

Fitzgerald, A. (2025, July 14). 20 recent cyber attacks & what they tell us about the future of cybersecurity. Secureframe. https://secureframe.com/blog/recent-cyber-attacks

CEO Corporation.

by

 So let’s say that I was a IT Supervisor of a small time corporation: What kind of issues would I face on a daily basis over the internet?
Here are some examples I can give that would help me shape my company to be more secure and reliable.

Know Your Enemy
Phishing Scams: while not typically harmful if a scam acquired information on an IT specialist it could harm the entire buisness and even put alot of information on us out there where competitors can acquire it.
ransomware: yet again a tool people use to acquire information over the web and hold it hostage until a sum of money has been paid to recover said information otherwise it gets leaked globally for millions to view and even copy.
With a high turnover rate and even lower morale IT jobs are some of the highest security jobs out there managing daily scheduling and maintenance tasks to keep the work flow at an appropriate pace.
Data Breach: Data breaches are a common occurence in the workplace and many other places, these typically are due to a lack of protection over sensitive information or terminals used in the work space leaving them available to others to tamper and use to steal private information.
Bad Actors: These are individuals who pride themselves on others downfall they work for you and are all around you, these individuals are always confusing to identify but can be rooted out via protections set in place like detection softwares.
Impersonation: Another common occurence in this day and age are those who will prey on your success as a business these people will pretend to be from your company and seek to use your good name to extort things from other people, There isn’t much you can put in place to protect against this other then advising customers to be vigilante against false ads.

Know Thy Self
IT Supervisors are also responsible for managing the day to day security checks and personal tasks of other individuals this can some times mean that even the most important tasks can get overlooked leading to security breaches if not properly managed. Some of the tools we have at our disposal are Microsoft Project, Jira, Asana, Google Workspace, These tools help micromanage the daily tasks and drive performance.
ITSM: is a service tool we use to track and handle daily incidents while secure firewalls and intrusion detection softwares are put into place to allow peace of mind while in the workplace that the system is safe and no data breaches occur.
Firewalls: firewalls are a build in protection software to stop suspicious actions being accessed over data terminals or blocking actions that may jeopardize technology security over your system.
Detection Software: Detection softwares are designed to be risk free with a guarantee to keep track of everything that is accessed over the companies terminals, you may also securely set what may be accessed and from where. With some softwares offering extra protection in managing daily browsing to keep you informed if any suspicious activity is happening from one of your terminals.

Developing A Strategy
In my company I would make sure the day to day had proper security protocols and firewall protections in place through incorporating the usage of google applications and outlook for a more outdated communications team while security would have tools like Incryption software, Malware Detection, CyberSecurity Monitoring, these tools would drive home the safety of my company while I get peace of mind that not only my staff but I myself am safe while browsing the web from my office. Virtual Private Networks are a great tool to secure data from prying eyes offering a further secure server from any data breaches that may occur.
For a company to prosper the proper precautions must be trained and taught at a base level so everyone knows what to expect when it comes to phishing scams, and malware installations so prioritizing the training of my employees to look out for suspicious activity and scanning bad actors in the workplace is a must from the day to day challenges we may face while in the workplace. Sometime Badactors are suspicious individuals with intent to break into secure servers to acquire data that fills their pockets these people can be identified via long periods of screen time in isolated portions of the building so identifying these individuals through secure channels is a great ground base excercise to help employees understand the risk these individuals pose to the company and the workplace. While my company may offer open office hours to guests long periods of prolonged use of devices should be asked to leave the premises for security reasons.

where to turn?

by

Technology changes faster then us humans can keep track and with the huge leap we’ve taken so to has the information collected and shared via technology, below I want to cover three sources ive collected to discuss what remains viable in the graphic design space when you feel stuck or confused on what to do when creating artwork like using a specific tool. Below i’m going to list three of the sites or programs I’ve found for finding information on learning graphic media while on the interwebs.

1: Adobe Learn: I have used this website on multiple occassions to check and also follow along when working on projects as it reminds me how to use specific tools and the best strategies in breaking my artwork apart into segments so the work flows easier. Adobe is also the producer of alot of the software artists use to create their art pieces, with this being said I found that tutorials were posted for the audience to grow familiar with it’s tools. While I could not find any comments or pages to figure out who manages the tutorials they have properly listed times to complete tutorials and allow you to flow at your own pace. Adobe is a lead in this field as mentioned before they produce the software artists use to create and or learn to create art. I highly recommend using Adobe’s Learn program to learn using their own programs as they tutorials are posted and quality checked by their own team of professionals.

2: Youtube Tutorial: This was another source I wanted to evaluate as while the information can be valid the criticisms lie in how up to date information can be around this platform. The video I have used for this research was posted about a year ago and upon review still holds up extremely well. Comments mention “Easy to Follow” and “Makes me want to pick up photoshop again” leaving me interested in watching the tutorial for myself. Now with any video comes with management, as of writing their does not appear to be any comments from the poster on said video or a notice of potential outdated information meaning that the video also can lead to the audience unable to follow along if they so choose. While I’m all for following along with a video as stated with my previous topic these videos are posted by the audience for the audience as quick easy cheat guides and can over time deteriorate in terms of how well the information shared holds up especially if the tutorial is not frequently updated with new information around updated tools and segments within programs.

3: SkillShare: I wanted to use this example merely to discuss taking the classroom approach when it comes to digital media. Skill share is a program that allows you in a class setting to learn skills on your own time and at your own pace. I found this website to be a rather conflict of interest for me as Adobe themselves offer tutorials and guides to follow along with and while the program isnt free to use having the addition of free tutorials is a huge win while Skill share is a paid extention after a free month trial. I find it hard to believe students or even masters of graphic media would pay to learn from someone else when the information is free and easy to gain on ones own expeirence or through other means like the tutorials discussed above. Something I will attribute to SS is having hands on guidance with one of the online teachers to help walk you through online projects while this may be extremely handy over watching a video tutorial I still find that extra 1 on 1 guidance is defeated by needing to pay someone to teach you Photoshop just for the picture perfect shadow effect.

Cited:
https://www.youtube.com/watch?v=qwNbjGyhZ48
https://www.adobe.com/learn/photoshop
https://www.skillshare.com/en/join/ps-photoshop?g_acctid=801-939-2003&g_adgroupid=&g_adid=&g_adtype=none&g_campaign=Adobe_Photoshop_IP_pMAX_US_Non-Branded&g_campaignid=21995356256&g_keyword=&g_keywordid=&g_network=x&utm_medium=pmax&utm_campaign=Adobe_Photoshop_IP_pMAX_US_Non-Branded&utm_source=google&utm_term=&matchtype=&locale=en&g_adid=&g_adgroupid=&g_adtype=&coupon=PMAX30DAYSFREE&gad_source=1&gad_campaignid=22545042909&gclid=Cj0KCQjwrojHBhDdARIsAJdEJ_cGCrGJ13VDWS6nqmOOYBJ_XHgbRsVVxWJ1D6DDHUWhtSgstCmqOtcaAppHEALw_wcB