November 7, 2023 at 10:43AM Microsoft has introduced a new feature in the Authenticator app to block suspicious notifications during login. Hackers often exploit push notifications to gain access to accounts, so Microsoft now scrutinizes login attempts for unfamiliar locations or anomalous activity. Instead of showing the suspicious notification, users are prompted to open the … Read more
November 6, 2023 at 03:05PM Microsoft will be implementing Conditional Access policies that require multifactor authentication (MFA) from administrators when logging into Microsoft admin portals. These policies will also require MFA for cloud apps and high-risk sign-ins. Admins will have 90 days to review and enable these policies. Microsoft recommends opting for MFA to protect … Read more
November 3, 2023 at 11:22AM Microsoft Exchange is affected by four zero-day vulnerabilities, as reported by Trend Micro’s Zero Day Initiative (ZDI). Despite Microsoft acknowledging the flaws, they have postponed fixing them, leading ZDI to publish details to warn Exchange administrators. The vulnerabilities allow remote code execution, unauthorized information disclosure, and risk sensitive data exposure. … Read more
November 3, 2023 at 08:41AM Oracle now requires multifactor authentication (MFA) for all instances in its cloud environment, Oracle Cloud Infrastructure. New tenancies have MFA enabled by default for cloud administrators, and preexisting systems have a default policy to enforce MFA. Oracle provides tools for managing configuration and access control policies, including the ability to … Read more
November 2, 2023 at 10:11AM Password reuse is a dangerous vulnerability that IT teams struggle to detect. According to a TechRepublic survey, 53% of people admit to reusing passwords, making it easier for hackers to gain access. Verizon estimates that 86% of attacks start with compromised credentials. Organizations need to take steps to mitigate this … Read more
October 26, 2023 at 10:39AM Japanese watchmaker Seiko has confirmed a data breach caused by a ransomware attack that occurred a few months ago. The attack resulted in the compromise of customer, business partner, and employee data. The ransomware group, BlackCat and ALPHV, claimed responsibility for the attack and leaked over 2TB of information when … Read more
October 19, 2023 at 08:42AM The US cybersecurity agency CISA, along with the NSA, FBI, and MS-ISAC, has released a joint guide on phishing techniques. Threat actors use social engineering to trick victims into revealing their credentials or visiting malicious websites. To mitigate credential theft phishing, organizations are advised to implement strong multi-factor authentication and … Read more
October 18, 2023 at 10:07AM Creating a culture of cybersecurity requires more than just technology and skilled resources. It starts at the top, with leadership understanding and investing in cybersecurity. Demonstrating the importance of cybersecurity through communication and engagement with employees is essential. Educating employees and regularly testing their knowledge is also crucial. Ultimately, the … Read more