October 30, 2024 at 03:22PM Microsoft will mandate multifactor authentication (MFA) registration for all users when security defaults are enabled, enhancing security across Entra tenants. This requirement, part of the Secure Future Initiative, starts for new tenants on December 2, 2024, and for existing tenants in January 2025, reducing account compromise risks. **Meeting Takeaways: Microsoft … Read more
October 25, 2024 at 04:06PM United Healthcare revealed that 100 million individuals were affected by the Change Healthcare ransomware attack in February. The breach, attributed to BlackCat/ALPHV, prompted Change Healthcare to pay $22 million in ransom. Subsequently, a second attack occurred by RansomHub. The incidents highlight significant cybersecurity vulnerabilities in the healthcare sector. ### Meeting … Read more
October 18, 2024 at 08:00AM Australian, Canadian, and U.S. cybersecurity agencies revealed a year-long Iranian cyber campaign targeting critical infrastructure, employing brute-force and password spraying attacks. Techniques like MFA prompt bombing were used for infiltrating systems in healthcare, government, and energy sectors, aiming to acquire credentials for further cybercriminal activities. ### Meeting Takeaways – October … Read more
October 16, 2024 at 07:22PM Iranian hackers are infiltrating critical infrastructure sectors, including healthcare and government, using brute-force methods to acquire credentials for resale on criminal forums. A joint advisory from U.S., Canadian, and Australian cybersecurity agencies details these tactics, emphasizing the need for organizations to enhance security measures and monitor for unusual login activities. … Read more
October 16, 2024 at 12:59PM Hackers employ various techniques to compromise passwords and access systems. This post outlines seven common password attacks including brute-force, phishing, and credential stuffing, alongside prevention strategies such as multi-factor authentication, user education, and robust password policies. Implementing these measures can significantly enhance organizational security against attacks. **Meeting Takeaways on Password … Read more
October 16, 2024 at 10:34AM The FBI, CISA, NSA, and other agencies warn of Iranian cyber actors exploiting brute force techniques to breach critical infrastructure sectors. These actors aim to obtain credentials for malicious activities. The advisory outlines their tactics and offers mitigation strategies, emphasizing strong passwords and multifactor authentication for enhanced cybersecurity. ### Meeting … Read more
October 15, 2024 at 12:55PM Microsoft reports a 2.75 times increase in ransomware attacks, yet defenses are improving, halving successful encryption attempts. Common methods include social engineering and exploiting unmanaged devices. Ransomware tactics like double extortion are prevalent, with Akira leading attacks. Microsoft advises implementing multi-factor authentication and reviewing account privileges to mitigate risks. ### … Read more
October 15, 2024 at 08:10AM Organizations increasingly rely on digital technologies, making identity the key security perimeter. Despite adopting security measures like MFA and single sign-on, many accounts remain vulnerable to attacks. Research indicates significant gaps in MFA usage and password security, with high risks of credential stuffing and phishing due to weak practices. ### … Read more
October 14, 2024 at 05:08AM Recent reports indicate that stolen identity credentials account for 61% of data breaches, with the average breach costing $4.88 million in 2024. Organizations are urged to adopt proactive security measures, such as customer identity and access management (CIAM) platforms, to enhance protection against cyber attacks. Okta offers insightful webinars on … Read more
October 11, 2024 at 07:39AM Threat actors use hybrid password attacks, combining techniques like brute force and dictionary methods to enhance their effectiveness in stealing credentials. To defend against these attacks, organizations should implement multi-factor authentication, require longer passwords, prevent weak patterns, and audit for compromised passwords through tools like Specops Password Policy. ### Meeting … Read more