Recent Security News
-
Russian hackers stole Microsoft corporate emails in month-long breach
January 19, 2024 at 07:23PM Microsoft disclosed a breach in corporate email accounts, with data stolen by the Russian state-sponsored hacking group Midnight Blizzard. The attack was detected on January 12th, and it was found that Nobelium accessed the accounts through a password spray attack in November 2023. The investigation is ongoing, and Microsoft is…
-
Russians invade Microsoft’s exec mail while China jabs at VMware vCenter Server
January 19, 2024 at 07:15PM Chinese cyberspies have been exploiting a VMware security vulnerability, CVE-2023-34048, allowing them to hijack vulnerable servers. Meanwhile, a Moscow-backed group breached a small percentage of Microsoft corporate email accounts. Additionally, CISA issued an emergency directive to mitigate Ivanti Connect Secure zero-days, likely targeted by Chinese nation-state attackers. Persistent concerns exist…
-
Russian hackers breached Microsoft to steal corporate emails
January 19, 2024 at 07:08PM Microsoft confirmed a breach of corporate email accounts by Russian state-sponsored group Midnight Blizzard. The attack, detected on January 12th, 2023, was initiated via a password spray attack in November 2023. Access was gained to leadership team and legal department emails for over a month, enabling theft of emails and…
-
BreachForums hacking forum admin sentenced to 20 years supervised release
January 19, 2024 at 06:26PM Conor Brian Fitzpatrick sentenced to 20 years of supervised release in the Eastern District of Virginia for operating the BreachForums hacking forum, involved in the sale and leaking of personal data for millions worldwide. Also pleaded guilty to multiple charges including child pornography possession. Court showed leniency on sentencing, with…
-
Top 3 Priorities for CISOs in 2024
January 19, 2024 at 05:24PM In 2024, CISOs are facing increased personal and legal responsibility for data breaches, particularly due to new SEC regulations. To protect themselves, they should create a system record, define “materiality,” speak to the board in financial terms, participate in cyber insurance negotiations, and monitor emerging privacy threats. Managing third-party risks…