November 29, 2023 at 08:32AM Okta’s customer support system was breached, affecting all support system users and exposing names, emails, and other details. Less than 1% of customers had session tokens stolen. Okta advises all users, especially unsecured admins, to implement multi-factor authentication and increase vigilance against phishing. No credentials were exposed. Previous attacks included … Read more
November 14, 2023 at 10:36PM Beyond Identity has released its Identity and Device Zero Trust Assessment tool to help IT and security teams evaluate their organizations’ maturity in identity authentication and device security. The tool generates a zero trust rating based on responses and provides a deep-dive analysis of security environments. By simplifying the process, … Read more
November 9, 2023 at 03:50AM A phishing campaign has been discovered where threat actors send emails with a link to a file-sharing solution called DRACOON.team. When victims click on the link, they are directed to a PDF document containing a secondary link that leads to a fake Microsoft 365 login page. The attackers use reverse … Read more
November 7, 2023 at 12:23PM The recent cyberattacks on MGM Resorts International and Caesars Entertainment highlight the impact of data breaches on organizations. The breach was orchestrated through social engineering tactics using information obtained from LinkedIn. The root cause of such breaches is the continued reliance on legacy sign-in credentials, which are easily compromised. In … Read more
November 6, 2023 at 03:05PM Microsoft will be implementing Conditional Access policies that require multifactor authentication (MFA) from administrators when logging into Microsoft admin portals. These policies will also require MFA for cloud apps and high-risk sign-ins. Admins will have 90 days to review and enable these policies. Microsoft recommends opting for MFA to protect … Read more
November 4, 2023 at 12:30PM SecurityWeek’s weekly cybersecurity roundup highlights several significant developments. Stanford University suffered a ransomware attack, resulting in 430 GB of data being stolen. The MOVEit hack compromised around 632,000 email addresses from the US Justice and Defense Departments. The Henry Schein cyberattack was claimed by the BlackCat ransomware group. A link … Read more
October 24, 2023 at 05:10PM Cybersecurity Awareness Month celebrates its 20th anniversary by promoting the importance of cybersecurity education. The initiative, which began in the US and has now become a global movement, encourages proactive measures and knowledge-sharing to address human risk, which accounts for over 80% of cybersecurity incidents. Microsoft recommends focusing on enabling … Read more