T-Mobile US to cough up $31.5M after that long string of security SNAFUs

September 30, 2024 at 06:05PM T-Mobile US has agreed to pay a $31.5 million settlement after a series of cybersecurity breaches affecting millions of customers. The agreement requires the company to invest in its information security program, including appointing a chief information security officer, implementing a zero-trust security framework, and conducting third-party security assessments. The … Read more

Sloppy Entra ID Credentials Attract Hybrid Cloud Ransomware

September 30, 2024 at 01:06PM Summary: Cybersecurity teams are facing threats from “Storm-0501,” a ransomware group targeting vulnerable organizations in hybrid cloud environments. Microsoft reports that the group exploits weak passwords and overprivileged accounts to access cloud environments, using compromised credentials to extract data and spread ransomware. Security experts emphasize the importance of a zero-trust … Read more

A Hacker’s Era: Why Microsoft 365 Protection Reigns Supreme

September 30, 2024 at 07:18AM The article highlights how Microsoft 365 is targeted by cybercriminals due to its widespread usage, integrated services, and valuable data. It discusses vulnerabilities such as weak passwords, lack of multifactor authentication, and misconfigured settings, and recommends proactive defense measures including multilayered security, user training, and automated backup solutions like Backupify. … Read more

Akira Ransomware: Lightning-Fast Data Exfiltration in 2-Ish Hours

July 11, 2024 at 05:44PM Akira ransomware attackers have shown a significant decrease in the time it takes to steal data, managing to siphon off information from a Latin American airline in just over two hours. Using SSH protocol, the threat actor gained access via an unpatched Veeam backup server and swiftly began exfiltrating data … Read more

MITRE: US Government Needs to Focus on Critical Infrastructure

June 17, 2024 at 08:45AM MITRE’s memo “Don’t Trust but Verify” outlines key priorities for the next US presidential administration in cyberspace. It emphasizes protecting critical infrastructure, implementing zero trust and SBOMs, preparing for quantum computing, and clarifying cybersecurity leadership roles. MITRE calls for specific actions and timelines to address these critical cyber defense areas. … Read more

Preparing Your Organization for Upcoming Cybersecurity Deadlines

May 22, 2024 at 10:04AM As the world becomes increasingly digitized, the rise in cyberattacks and data breaches necessitates urgent enhancement of cybersecurity measures. New mandates include SEC’s breach disclosure rules for smaller reporting companies by June 15, and federal agencies aiming to meet zero-trust goals by Sept. 30. An additional focus is requisite on … Read more

NSA Updates Zero-Trust Advice to Reduce Attack Surfaces

April 10, 2024 at 04:32PM The National Security Agency has issued new guidance for implementing a zero-trust cybersecurity framework, emphasizing the prevention of unauthorized data access. Recommendations include encryption, data labeling, loss prevention strategies, and data rights management tools. These align with zero-trust concepts to counter sophisticated cyberattacks. The agency urges a proactive approach based … Read more