October 24, 2024 at 11:59AM Cisco has quickly released a patch for a medium-severity DoS vulnerability (CVE-2024-20481) in its VPN software, which is actively exploited. The flaw allows attackers to overload the system with authentication requests. Cisco advises updating software and implementing security measures to mitigate risks, as no workarounds are available. ### Meeting Takeaways … Read more
March 25, 2024 at 08:51AM Microsoft discovered a data breach by Russian-state hackers accessing an old, inactive account using a password spray attack. This breach compromised sensitive email accounts and highlighted the vulnerability of all user accounts, not just privileged ones. Organizations are urged to prioritize robust password protection measures, including strong password policies, multi-factor … Read more
January 26, 2024 at 07:39PM Microsoft confirmed that a Kremlin-backed espionage group, Midnight Blizzard, breached its network through a non-MFA-enabled account, stealing emails and files from executives. The attackers used password spray attacks to gain access and leverage residential networks as proxies. Microsoft is urging the adoption of MFA and enhancing security measures to prevent … Read more