Topic: multifactor authentication
-
Stop Infostealers Now: A Critical Security Alert
Infostealers are driving the ransomware surge by enabling cybercriminals to cheaply purchase stolen data logs on dark web marketplaces, highlighting the need for tactical defenses. The evolution of infostealers from early keyloggers to advanced families like LummaC2 and Redline has made stolen da...
Read More » -
Boards Must Lead on Cybersecurity: A New Strategic Imperative
Cybersecurity has become a core business priority, requiring board-level leadership in ransomware evolution, cyber-enabled fraud, and security-innovation integration. Ransomware tactics have evolved to target identity systems and help desks, necessitating stronger protections like phishing-resist...
Read More » -
CISA, Partners Act on Critical Microsoft Exchange Vulnerabilities
CISA, NSA, and international partners have issued critical guidance for securing on-premises Microsoft Exchange Servers, as Microsoft ends perpetual security updates for Exchange 2016 and 2019, leaving systems vulnerable to cyber threats. Recommended actions include restricting administrative acc...
Read More » -
Bolster Defenses Against Scattered Spider Attacks, Experts Warn
The Scattered Spider hacking group poses a severe threat to businesses by using sophisticated methods like social engineering and ransomware, requiring immediate improvements in identity management, security processes, and third-party risk management. Their attack strategy often starts with vishi...
Read More » -
DraftKings Users Hit by Widespread Account Hacks
DraftKings experienced unauthorized account access through a credential stuffing attack, where attackers used stolen login details from external sources to compromise user accounts. The breach exposed personal details like names and contact information, but sensitive data such as full payment car...
Read More » -
OpenAI Data Breach: Why a Password Change Won't Protect You
The breach was a supply chain attack targeting a third-party analytics provider (Mixpanel), not OpenAI's core systems, highlighting a common tactic to exploit weaker links in interconnected software ecosystems. Compromised data was limited to OpenAI's developer portal, affecting developers' non-s...
Read More » -
Inside DragonForce Ransomware and Scattered Spider
The DragonForce ransomware operation has evolved into a "cartel" model, offering affiliates high profit shares to scale its impact, and has formed a high-profile partnership with the social engineering group Scattered Spider. This alliance merges Scattered Spider's sophisticated initial access te...
Read More » -
Microsoft 365: The Biggest Cybersecurity Risk You're Ignoring
Microsoft 365's widespread adoption and integration of services like Outlook and Teams make it a prime target for cyberattacks, offering a broad attack surface due to its interconnected ecosystem. The platform's built-in backup and recovery features are often insufficient, potentially preserving ...
Read More » -
Hijacked OAuth Apps: Your Cloud's Secret Backdoor
Cybercriminals exploit internal OAuth applications to create persistent backdoors in corporate cloud systems, bypassing security measures like password resets and multi-factor authentication. Attackers deceive users into approving malicious OAuth apps or compromise admin accounts to create truste...
Read More »