ThreeShield clients receive security updates and proactive action before incidents make the news. Our public blog covers CVE disclosures we've made, ransomware and phishing analysis, compliance updates, and training videos - the subset of our continuous threat intelligence that we share publicly.
Discovered during a routine code review: cross-site scripting, arbitrary URL redirection, iframe tampering, and origin manipulation in the widely-deployed EasyXDM 2.5.20 library. Credit: Saad Alfakir, ThreeShield.
Full CVE Details →Thousands of VMware ESXi servers encrypted in February 2023. ThreeShield clients were unaffected. Here's exactly what proactive patching and network segmentation prevented - and what systemic gaps the attack exposed.
Read More →LastPass disclosed attackers obtained encrypted password vault backups. ThreeShield's video briefing covers what happened, what the real risk is, and which passwords to change first.
Watch Briefing →Ransomware groups have hit multiple Canadian healthcare organizations. Lavawall® includes an active ransomware IOC hunter covering Akira, LockBit, BlackBasta, and emerging strains. Here's what makes healthcare a prime target and how to defend it.
Read More →75% of managers fell for this in ThreeShield simulations. Attackers compromise cloud accounts and use the victim's own trusted platforms to deliver ransomware. 21-minute video walkthrough.
Watch Video →Encrypted email services are now used to deliver ransomware and phishing links that security tools can't inspect. ThreeShield's team explains how - with video examples.
Watch Video →Attackers hiding malicious scripts inside OneNote files to bypass email security. Here's the exact list of attachment types to block at your email gateway.
Read More →Scammers combine breached passwords with LinkedIn data to run convincing extortion campaigns. How it works, why it's fake, and exactly what to do. Featured in CBC coverage.
Read More →Employees install software outside IT visibility every day. Personal password managers and media servers create credential exposure and lateral movement risks that standard RMMs miss.
Read More →Gmail and Yahoo changed email policies in 2024. If your domain isn't set up with SPF, DKIM, and DMARC, your invoices and client emails may be blocked or go to spam.
Read More →Direct links to enable multi-factor authentication on Microsoft 365, Google, Amazon, LinkedIn, QuickBooks, Xero, GoDaddy, and 11 more platforms. Enable MFA on your accounts today.
Get the Links →Managed appliances have a computer inside the case that nobody patches - IPMI with default credentials, known vulnerabilities, and no firmware updates since purchase. We asked the vendors directly.
Read More →Drata + consultant + auditor + MSP can easily exceed $150,000/year. ThreeShield delivers the same outcome in a single integrated engagement via Lavawall® + CISSP/CISA team.
Read More →Many Calgary healthcare organizations face both HIPAA and Alberta HIA. Understanding the overlap - and where they differ - is critical for health tech companies with cross-border clients.
Read More →CIS IG1 is what most cyber insurers want to see. Lavawall® monitors your CIS posture continuously. Here's how to turn security controls into measurable insurance savings of 10-20%.
Read More →Lavawall® + ThreeShield white-label Tier 3 lets MSPs deliver enterprise-grade security and compliance reporting without hiring a security specialist.
Read More →Independent security review of Alberta's COVID-19 contact tracing app by a former Alberta Health Services auditor. Covers consent model, data minimization, and Bluetooth security architecture.
Read More →The pandemic forced rapid remote work adoption - creating new security gaps. ThreeShield's guide to securing VPNs, cloud services, and remote access during emergencies. Featured in BBB coverage.
Read More →ThreeShield's holistic, business-focused approach - from fintech startups to Fortune 50.
Collaborating with ThreeShield to ensure data security was an exciting and educational experience. As we exploded in growth, it was clear that we needed to rapidly mature on all fronts, and ThreeShield was integral to building our confidence with information, software, and infrastructure security.
As the Chief Compliance Officer of a payments entity, I have relied on ThreeShield to provide risk-based solutions that have satisfied regulators and business partners alike.
ThreeShield has employed a dynamic, risk-based approach to information security that is specific to our business needs but also provides comfort to our external stakeholders. I recommend their services.
ThreeShield helped us focus our efforts, enhancing our security posture and verifying PCI compliance. All of this was achieved with minimal disruption to the engineering organization. The approach was smart. In a short time, we accomplished what much larger companies still struggle to achieve.
ThreeShield very much values active and respectful collaboration, and went out of their way to get feedback on policies to make sure proposals balanced business needs while not making employees feel like they were dealing with unreasonable overhead.
I have worked with ThreeShield at two different companies. They are friendly, knowledgeable and experienced with a variety of systems. Chris is attentive and clearly an expert at what he does. Tyson responds quickly and takes the time to walk through step-by-step when any IT issues come up.
I had the privilege of working with ThreeShield at a company where we both worked. His security and compliance expertise and proactive approach are second to none.
Chris at ThreeShield provided really great expertise around our online security needs. His process walked us through a full review in a fun and informative way and then offered practical prioritized recommendations. The simple changes improved our reliability and reduced risks baked into our old process.
ThreeShield clients get proactive security updates before incidents make the news. Start with a free domain scan via Lavawall® - no commitment required.
Free Domain Scan via Lavawall® Talk to ThreeShield