September 16, 2024 at 12:53PM Snowflake has made multi-factor authentication (MFA) the default for all new user accounts, following investigations into data thefts. This change follows pressure to enhance security, with additional password strength measures also being implemented. Snowflake aims to eliminate password-only authentication in the long term and advises users to consult security best … Read more
September 11, 2024 at 07:51AM The text discusses the concept of passwordless authentication and its potential benefits and challenges for organizations. While passwordless authentication offers enhanced security and improved user experience, it also presents challenges such as legacy system compatibility, user adoption, backup authentication methods, biometric data privacy concerns, and regulatory considerations. The text also … Read more
September 9, 2024 at 05:00PM Akira ransomware affiliates are exploiting a critical remote code execution vulnerability (CVE-2024-40766) in SonicWall’s Gen 5, Gen 6, and some Gen 7 firewall products. The US CISA has added it to their list of known exploited vulnerabilities. SonicWall advises customers to update affected appliances and take measures to limit firewall … Read more
September 9, 2024 at 10:16AM Today’s organizations face a range of sophisticated cyber threats, including brute force attacks. While lacking finesse, these attacks rely on persistence and can leave well-defended systems vulnerable. Various brute force techniques are used, exploiting weak password practices and predictable patterns. To defend against these attacks, organizations should enforce robust password … Read more
September 9, 2024 at 12:39AM The U.S. government and international partners attribute cyberattacks to Russian hacking group Cadet Blizzard, linked to GRU 161st Specialist Training Center, targeting infrastructure and countries including Ukraine and NATO members. Cyber actors use destructive malware, and DOJ has indicted Russian officers associated with Unit 29155. Agencies emphasize system updates, network … Read more
September 5, 2024 at 12:37AM Verkada will pay $2.95 million to the US FTC following an investigation into their security failings, not related to past incidents but for spam violations. The company also faced allegations of security lapses, including unauthorized access to CCTV footage. The settlement includes requirements to improve security practices and compliance with … Read more
September 4, 2024 at 12:12PM Security researchers have discovered a vulnerability in YubiKey 5 that could allow skilled hackers to clone the device, due to a cryptographic flaw. This could impact millions of users relying on YubiKeys for secure authentication. Exploiting the vulnerability demands significant time, expertise, and costly equipment, making it a complex and … Read more
September 2, 2024 at 01:51PM Three men pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain OTPs from customers of U.K. banks. They targeted over 12,500 people and made potential earnings of up to £7.9 million. The trio faces fraud and money laundering charges, with maximum prison sentences of … Read more
September 1, 2024 at 09:03PM Ransomware attacks in Southeast Asia are on the rise, surpassing the growth rate in European nations. The shift to digital infrastructure in the region often sacrifices security, leading to an increase in successful cyberattacks. Vulnerable sectors include manufacturing, government, and healthcare, with many countries lacking breach notification laws and companies … Read more
August 29, 2024 at 08:06AM European cybersecurity startup Uniqkey has secured €5.35 million in a funding round led by Swedish VC BackingMinds, bringing its total funding to €15.35 million. Founded in 2017, the Danish-based company specializes in secure employee access to resources using encryption and aims to scale its technology to support more organizations, particularly … Read more