November 22, 2024 at 02:34PM Russian state hackers APT28 breached a U.S. company by executing a “nearest neighbor attack” via its enterprise WiFi, compromising nearby organizations first. Discovered on February 4, 2022, the incident involved credential theft and sophisticated lateral movement within the target network. Enhanced WiFi security is necessary to mitigate such risks. ### … Read more
November 20, 2024 at 01:09PM Change Healthcare has restored its clearinghouse services after a February ransomware attack, affecting 94% of hospitals. Despite partial recovery, financial strain persists for providers, with over $6 billion loaned. CEO Andrew Witty faced Congress for the decision to pay a $22 million ransom. Security lapses were criticized as “egregious negligence.” … Read more
November 7, 2024 at 07:42AM The article emphasizes the importance of strong password security to defend against hackers, who exploit weak, commonly used passwords. It discusses the risks of password reuse and suggests adopting longer passphrases, implementing multi-factor authentication, and enforcing strong password policies to enhance organizational security. Users should be educated on best practices. … Read more
November 6, 2024 at 07:17PM Google will mandate multi-factor authentication (MFA) for all Google Cloud users by the end of 2025, starting phased implementation this month. This requirement aims to enhance account security, although general consumer accounts are exempt. Similar measures are being adopted across the industry, but MFA alone is not infallible against threats. … Read more
November 5, 2024 at 03:13PM Google will mandate multi-factor authentication (MFA) for all Google Cloud accounts by the end of 2025 to improve security. The rollout will occur in three phases, starting with reminders for non-MFA users. Research indicates MFA significantly reduces hacking risks, and Google offers user-friendly options for implementation. ### Meeting Takeaways on … Read more
October 7, 2024 at 06:45AM Interest in passwordless authentication is on the rise due to hybrid work environments and digitization. Traditional password systems are susceptible to security threats, prompting consideration of passwordless methods like biometrics and smartcards. Despite challenges, MFA remains a critical security layer. A webinar will discuss the evolving landscape of password security … Read more
October 1, 2024 at 08:51AM Summary: Despite the implementation of multi-factor authentication (MFA) to enhance security, credentials remain the primary target for malicious parties entering systems, posing a persistent threat to cloud environments. This issue was highlighted in the SecurityWeek article “Cracking the Cloud: The Persistent Threat of Credential-Based Attacks.” Based on the meeting notes, … Read more
September 30, 2024 at 04:52PM Microsoft Defender now alerts users with a Microsoft 365 Personal/Family subscription about unsecured Wi-Fi networks. The privacy protection feature, Defender VPN, safeguards data and identity on public Wi-Fi or untrusted networks by encrypting and routing internet traffic through Microsoft’s servers. It can also detect and alert users of potential attacks … Read more
September 30, 2024 at 03:23PM The FCC settled with T-Mobile for $31.5 million over data breaches compromising millions of U.S. consumers’ personal information. T-Mobile is required to invest $15.75 million in cybersecurity, pay a civil penalty, and implement enhanced security measures. The FCC emphasizes the importance of strong cybersecurity protections for consumer data and has … Read more
September 23, 2024 at 11:06AM Microsoft today celebrated the progress of its Secure Future Initiative (SFI), highlighting the dedication of 34,000 full-time engineers. SFI was launched following security criticisms, and recent efforts included increased cybersecurity priority, personalized training, and engineering improvements. Specific progress in identity protection, network security, and threat detection were outlined, along with … Read more