Strange as it may seem, over 25% of people who left a company still have access. This is very dangerous. Read about the reasons why it happens and what to do to prevent it.
Ransomware attacks are increasing and the question of paying the ransom or not is a source of debate. Some say the ransom is a cost of doing business and others say insurance coverage for it emboldens attackers to ramp up attacks and to ask for larger ransoms.
Investment firm Morgan Stanley acknowledged that they had been breached. The point of entry was the Accellion FTA server belonging to a third party. The Accellion FTA vulnerability was discovered a few months ago. The breach included the names, addresses, birth dates and social security numbers of the users of the Morgan Stanley service. However, it didn’t include the passwords to the service.
The recent supply chain attack on Kaseya software affected many companies. One of the vulnerabilities was over 6 years old and affected the customer portal and all customers.
Microsoft released patches for a large number of vulnerabilities, including 4 known to be used in attacks and another six that are known about. The patches affect a wide variety of services and products including servers and end-user applications. One of the exploited ones is for the Print server vulnerability that allowed a cybercriminal to execute code.
The privacy movement gave rise to browsers that can block third-party cookies, a common way to let companies other than the one whose site you visited learn all about you. Google proposed FLoC, Federated Learning of Cohorts. Although offered as a way to protect privacy, it appears to let companies collect more data on someone than using third-party cookies.
In a rare advisory the NSA and CISA are warning about a major attack by the Russian GRU, the military intelligence agency against many industry segments including government, defense, energy, think tanks, logistics, higher education and others. The warning includes attack techniques and the ways the attacks attempt to circumvent protections.
The attackers believed to be responsible for the SolarWinds campaign are now attacking Microsoft customer service agents. The malware put on their machines are being used to find information about the customers they supported and launch attacks against them. This is another supply chain type of attack.
Four identified vulnerabilities put about 30 million Dell devices. Desktops, laptops and servers are among the devices put at risk. The vulnerabilities can be used to install code or avoid the SecureBoot function.
The networking service LinkedIn has reported a breach of over 700 million users with the exposure of physical addresses, phone numbers, geolocation information, and inferred salaries. The information has been found for sale on the Dark Web.
The new model as companies reopen after the pandemic is a hybrid, some days in the office and some days working from home. But working from home is not as secure as working in the office and ransomware attackers know that and have been taking advantage of it with ransomware attacks growing significantly.
Paying the ransom is not the end of the problems. It meant a second ransomware attack for 8 out of 10 companies.
Multi-Factor Authentication, MFA, has been publicized as much more secure than passwords alone. And it is. But only if deployed properly. Hackers have already found ways to bypass MFA in badly implemented cases.
Hackers have compromised the expensive exercise bikes commandeering the camera and microphone to spy on users. Adding to the problems, apps can be added that are infected and controlled by the hackers.
Cyber insurance is still necessary, but coverage is expected to change. AXA will no longer cover ransomware payments for companies in France. This trend is expected to spread.