May 23, 2024 at 07:22AM Zero-day attacks and supply chain mass compromise events are on the rise, with inadequate use of MFA, according to Rapid7’s 2024 Attack Intelligence Report. The report highlights a growing number of zero-day exploits and mass compromise events, driven by growing sophistication of cybercriminals and potential non-disclosure of vulnerabilities by vendors. … Read more
May 17, 2024 at 03:00PM Microsoft will soon enforce multi-factor authentication (MFA) for all Azure users administering resources, starting with the Azure portal. This will later extend to CLI, PowerShell, and Terraform. Certain accounts for automation won’t be affected, and admins are urged to enable MFA beforehand. MFA has proven to significantly enhance account security. … Read more
May 9, 2024 at 10:37AM Over 60 vendors have pledged to develop secure products as part of the “Secure by Design” initiative led by CISA. The focus is on addressing security as a core business requirement, with the onus on manufacturers rather than individual users. Signatories are asked to consider and demonstrate progress towards seven … Read more
May 2, 2024 at 10:05AM The corporate IT landscape is shifting due to SaaS adoption and BYOD practices, providing flexible work options. However, integrating personal devices into corporate systems brings security challenges. Mobile device management and secure remote access are key solutions, along with implementing extra controls like antivirus protection and network access control to … Read more
April 30, 2024 at 03:58PM UnitedHealth CEO Andrew Witty testified on how cyber-criminals used stolen credentials to access Change Healthcare’s system, leading to a ransomware attack that cost $22 million. The attack disrupted healthcare services, prompting Senators to seek details from CISA. Witty also emphasized the need for enhanced cybersecurity measures and support for affected … Read more
April 30, 2024 at 10:19AM UnitedHealth confirmed that Change Healthcare’s network was breached by the BlackCat ransomware gang, causing severe operational disruptions and $872 million in financial damages. The company admitted to paying a ransom to protect people’s data post-compromise. CEO Andrew Witty’s testimony revealed the attack’s details and the remediation efforts taken after the … Read more
April 29, 2024 at 07:19AM Okta has warned of a surge in credential stuffing attacks utilizing anonymity services, such as Tor, and residential proxies. These attacks leverage stolen credentials to compromise online accounts. The increase in activity may be linked to a recent global brute-force campaign on VPN and SSH services. Okta recommends measures such … Read more
April 27, 2024 at 10:56AM Okta warns of a surge in credential stuffing attacks targeting its systems, using TOR network and residential proxies. The attacks are successful against some customers, particularly those using Okta Classic Engine in Audit-only mode and not denying access from anonymizing proxies. Okta suggests measures to proactively block these attacks, including … Read more
April 18, 2024 at 02:18PM The Akira ransomware has targeted 250+ organizations and amassed $42 million in ransom payments. It gained notoriety in March 2023, deploying a Linux encryptor for VMware ESXi virtual machines. Ransoms ranged from $200,000 to millions. The FBI, CISA, Europol, and NCSC-NL issued guidance to mitigate the attacks’ impact and risk. … Read more
April 17, 2024 at 04:44PM FIN7 targeted a U.S. car maker with spear-phishing emails to infect IT systems with the Anunak backdoor. The attack involved living-off-the-land binaries, scripts, and libraries and relied on a malicious URL impersonating legitimate software. The attack did not spread beyond the initial infected system. BlackBerry recommends defenses including MFA, training, … Read more