#MultifactorAuthentication

CryptoChameleon Attackers Target Apple, Okta Users With Tech Support Gambit

by

March 1, 2024 at 01:49PM CryptoChameleon phishing kit is targeting cryptocurrency platforms, government agencies, and single sign-on users. Victims primarily use Apple iOS and Google Android devices. The attacks yield sensitive data beyond usernames and passwords. The sophisticated tactics include personalized outreach and convincing duplication of legitimate pages. Experts advise stronger forms of authentication and … Read more

U-Haul Reports 67K Customers Impacted by Data Breach

by

February 27, 2024 at 05:10PM U-Haul, an Arizona-based rental company, is notifying 67,000 customers of a data breach that compromised personal information. The breach, using legitimate credentials, accessed a system for tracking customer reservations. Although no payment data was breached, certain customer records were compromised. U-Haul is providing identity protection and advises affected customers to … Read more

Cybersecurity Training Not Sticking? How to Fix Risky Password Habits

by

February 26, 2024 at 11:01AM Organizations invest in cybersecurity training programs to improve security and mitigate risks posed by end-users. However, training has limitations in changing behavior around passwords, as end-users prioritize convenience and efficiency over security. Despite being educated on best practices, many still reuse passwords, undermining organizational security efforts. Six ways to augment … Read more

SaaS Compliance through the NIST Cybersecurity Framework

by

February 20, 2024 at 06:27AM The NIST cybersecurity framework is crucial for securing SaaS applications. Challenges arise due to varied settings in each application. Universal configurations, RBAC, limited redundancy, elimination of external admins, Admin MFA, and preventing data leaks are important. Strengthen passwords, prevent password spray attacks, and ensure proper configurations to align SaaS security … Read more

Meta says risk of account theft after phone number recycling isn’t its problem to solve

by

February 13, 2024 at 03:30AM Meta has acknowledged the potential for account takeovers due to the reuse of phone numbers, particularly after being abandoned for at least 45 days. This issue implicates telecom companies’ phone number recycling practices, leading to security and privacy risks. Despite reports and attempts to address the issue, Meta has declined … Read more

US says China’s Volt Typhoon is readying destructive cyberattacks

by

February 7, 2024 at 02:19PM The US government confirmed that China’s Volt Typhoon hackers compromised critical infrastructure IT networks, preparing for disruptive cyberattacks in the US and its territories. The group targeted communication, energy, transportation, and water systems. Twelve government agencies, including CISA, NSA, and FBI, warned of potential disruptive attacks and provided mitigation actions … Read more

How to Apply Zero Trust to your Active Directory

by

February 7, 2024 at 10:27AM As remote work becomes more prevalent, organizations need to move away from traditional trust models and embrace a zero trust approach for secure access. This involves rigorous authentication for every user, device, and network component. Implementing the principle of least privilege and using multifactor authentication are recommended strategies to bolster … Read more

Nearly 4-year-old Cisco vuln linked to recent Akira ransomware attacks

by

January 31, 2024 at 12:52PM Security researchers suspect the Akira ransomware group may be using a four-year-old Cisco vulnerability as an entry point into organizations’ systems. TrueSec’s recent engagements revealed Akira exploiting Cisco’s AnyConnect SSL VPN vulnerability, potentially allowing access to usernames and passwords. Organizations are advised to apply patches, reset passwords, and consider implementing … Read more

How SMBs can lower their risk of cyberattacks and data breaches

by

January 30, 2024 at 11:28AM The Akira ransomware group is targeting small to medium-sized businesses (SMBs), with ransom demands ranging from $200,000 to over $4 million. SMBs are attractive targets for cybercriminals due to their limited resources and as entry points to larger enterprises. The average cost to recover from a data breach for SMBs … Read more

What Microsoft’s latest email breach says about this IT security heavyweight

by

January 24, 2024 at 06:07AM Microsoft revealed a second breach by Russian cyber spies, Cozy Bear, who stole emails and files from the tech giant’s leadership and security teams. The company is uncertain about the breach’s financial impact but has faced similar incidents before. Concerns about Microsoft’s security practices were raised by a US Senator, … Read more