According to SpyCloud research that focuses on exposed data, in 2021, researchers found 1.7 billion exposed credentials, up 15% from 2020, and 13.8 billion reclaimed Personally Identifiable Information (PII) data from breaches.
”Reused passwords have been the leading vector in cyberattacks in recent years, and the threat of digital identity exposure is a growing problem. The findings of…
650+ compromised credentials found to be in use within NEW Cooperative-the latest organization hit by ransomware
October 4, 2021
NEW Cooperative, an Iowa-based farm cooperative was recently hit by a ransomware attack that forced it to take its systems offline. NEW Cooperative has operations in over 50 locations and provides a variety of digital and software services to its network of farmers.
The ransomware group BlackMatter is reportedly behind the attack. Security experts believe that BlackMatter is either being run by…
CISA, FBI, and NSA anticipate a rise in Conti ransomware attacks, issue joint cybersecurity advisory
September 29, 2021
The FBI, National Security Agency, and the Cybersecurity Infrastructure and Security Agency issued a joint advisory on Sept 22, 2021, warning US organizations to prepare for a rise in Conti ransomware attacks and urged them to apply mitigations suggested.
The joint advisory noted that the Conti ransomware has been used in over 400 attacks targeting the US and international…
Azure security flaw puts Zero-Trust in the spotlight
September 29, 2021
In the wake of the recent Microsoft Azure vulnerability, ChaosDB, security experts are stressing that organizations, especially those that rely on public cloud infrastructure can no longer delay adopting the zero-trust model.
Cloud security firm Wiz, which first discovered the vulnerability in Microsoft Azure’s managed database service, Cosmos DB said that the vulnerability gave threat…
Attackers use stolen credentials to intrude into the UN network
September 15, 2021
Threat actors leveraged the stolen credentials of a UN employee to gain access to Umoja, a proprietary project management software that’s used in the intergovernmental organization. After intrusion, the attackers stole data that is likely to enable them to go after other agencies within the UN.
“We can confirm that unknown attackers were able to breach parts of the UN infrastructure in…
CISA and FBI expect ransomware attacks to soar over the Labor Day weekend, issue advisory
September 3, 2021
Ransomware attacks in the US spiked during all major holiday weekends this year, including Mother’s Day, Memorial Day, and the Independence day weekends. It looks like when employees are taking a break, ransomware gangs are getting to work.
The worrying trend has prompted the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI to issue an advisory to all US government and…
Another zero-day vulnerability confirmed by Microsoft
August 17, 2021
This vulnerability, present in the Windows Print Spooler service, allows local attackers to get access to system privileges.
Microsoft has confirmed another Windows Print Spooler vulnerability, that is being tracked as CVE-2021-36958. This vulnerability, which is a part of the PrintNightmare set of vulnerabilities, allows the local attackers to gain access to system privileges.
Microsoft…
Fortifying Access Management while Working Remotely
With more businesses opting for their workforce to work from home, there has been an exponential increase in remote user-focused cyberattacks. As IT teams scramble to deploy strict security measures like multi-factor authentication (MFA) to prevent any possible security event, the user experience of remote employees ends up taking a hit. A…
In an analysis carried out by the National Institute of Standards and Technology (NIST) on common vulnerabilities and exposures, it has been found that 2020 holds the record for the highest reports of security loopholes than any other year to date.
The report shows that, in the year 2020 alone, as much as 18,103 vulnerabilities were reported with almost 10,342 of them classified as high or…
Joy Chik, corporate vice president for Microsoft Identity, recently laid out a general overview of Azure AD security best practice. This announcement comes in the light of improvements that were recently announced to Azure Active Directory including conditional access policy management enhancements and synchronization service additions.
Microsoft has suggested that companies using Azure AD…
