January 30, 2024 at 11:28AM The Akira ransomware group is targeting small to medium-sized businesses (SMBs), with ransom demands ranging from $200,000 to over $4 million. SMBs are attractive targets for cybercriminals due to their limited resources and as entry points to larger enterprises. The average cost to recover from a data breach for SMBs … Read more
January 24, 2024 at 06:07AM Microsoft revealed a second breach by Russian cyber spies, Cozy Bear, who stole emails and files from the tech giant’s leadership and security teams. The company is uncertain about the breach’s financial impact but has faced similar incidents before. Concerns about Microsoft’s security practices were raised by a US Senator, … Read more
January 18, 2024 at 11:03AM Infostealer malware poses a significant risk to corporate information security by stealing credentials, cookies, and other data, leading to data breaches and ransomware distribution. Leaked credentials from breaches and infostealers are a substantial threat, prompting organizations to monitor and defend against them. Flare offers a solution to detect and mitigate … Read more
January 18, 2024 at 08:03AM Multi-factor authentication (MFA) is increasingly used by organizations to bolster security, as traditional password-only systems are vulnerable to cyberattacks. However, MFA spamming, a tactic where attackers inundate users with verification requests, poses a threat. Mitigation strategies include strong password policies, end-user training, rate limiting, and monitoring systems. Strengthening security measures … Read more
January 8, 2024 at 10:51AM Organizations must rethink helpdesk security in light of the MGM Resorts hack. Attackers used social engineering to impersonate an employee, bypassed verification systems, and executed a ransomware attack. Helpdesk training, multi-factor authentication, and secure communication channels are crucial for preventing such incidents. Specops Secure Service Desk offers advanced employee verification. … Read more
January 4, 2024 at 01:34PM According to 23andMe’s legal representatives, the data disaster in October was allegedly caused by users’ poor password practices, while the biotech company’s infrastructure management was not to blame. The company pointed to users recycling compromised credentials as the main reason for the security breach. This response has been widely criticized … Read more
January 3, 2024 at 12:22PM LastPass now requires all users to create a 12-character master password for increased security. They will also check passwords against breached credentials and enforce multi-factor authentication. These changes were prompted by security breaches in 2022 that led to stolen customer data. LastPass is emailing customers about these updates, impacting millions … Read more
December 21, 2023 at 01:08PM Security strategies often lag behind offensive attack tactics, leaving companies vulnerable to evolving threats. The help desk is particularly at risk, as cybercriminals target it to gain network access. Many companies lack robust validation procedures for help desk requests, making them susceptible to social engineering attacks. Strong security measures are … Read more
December 19, 2023 at 06:51AM Comcast’s Xfinity informed customers of a cybersecurity breach due to the CitrixBleed vulnerability, compromising usernames, passwords, and personal information. Despite promptly patching the flaw in its systems, the breach was confirmed, prompting password resets and multi-factor authentication. The CitrixBleed vulnerability has been implicated in numerous global attacks, affecting various organizations. … Read more
December 18, 2023 at 11:29AM The FBI, CISA, and ASD’s ACSC jointly warn that the Play ransomware gang has targeted approximately 300 organizations globally between June 2022 and October 2023, impacting critical infrastructure. The group employs unconventional tactics, including stealing sensitive data and using a custom VSS Copying Tool. Organizations are urged to address vulnerabilities … Read more