A third-party data breach has exposed the personal data of UK’s Greater Manchester Police (GMP) officers and staff. Company that produces GMP’s staff ID cards was affected by a ransomware attack.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Iranian Hackers Use Password Spray Attacks to Compromise Defense Organizations, Pharmaceutical Firms
A recent campaign by Iranian hackers has been very successful in using password spray attacks to breach high-value targets, with a particular focus on defense organizations and satellites as well as pharmaceutical company research.
Airbus has confirmed a data breach that exposed confidential business information via a partner airline’s compromised account. Threat actors compromised a Turkish Airlines employee account using the Redline info-stealer malware in August 2023.
For organizations to stand a chance against cybercriminals, adopting a hacker mindset is crucial. Understanding their tactics, regularly updating skills, and proactively seeking vulnerabilities are the keys to outpacing cybercriminals.
Facebook Messenger phishing campaign targeted millions of business accounts using fake and hijacked personal accounts to trick business owners into installing an infostealer that harvests passwords and cookies before locking them out.
Caesars Entertainment quietly disclosed its own recent cyber attack in a SEC filing. Unlike MGM, Caesars appears to have skated through their own incident by making a $15 million ransom payment to the hackers.
Citizen Lab reports that the new Pegasus spyware zero-click zero-day impacts the most recent version of iOS (16.6) and likely prior versions dating back to the iPhone 8. As with the prior Pegasus attack vector, victims only need to receive a iMessage to be compromised; they do not need to open the message or interact with it.
For IT leaders that only require a subset of Secure Access Service Edge (SASE) capabilities, preferring to focus mainly on the security aspects and leaving out the networking components, Security Service Edge (SSE), an emerging new cloud-native security framework, is potentially a better fit.
Okta has warned about social engineering attacks by sophisticated actors targeting super administrators by tricking service desk staff into resetting multi-factor authentication for privileged users.
When targeted by an Advanced Persistent Threat (APT), an organization needs to be ready to defend from a variety of different attacks coming from different directions, sometimes all at once, and sometimes over a period of time.