Guardicore discovered that the Microsoft Exchange server’s Autodiscover feature design flaw leaked credentials of 100,000 users by trying to authenticate on untrusted third-party servers.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
New Zealand’s Stock Exchange was crippled by a DDoS cyber attack, lasting four days and forcing the government to activate the National Security System requiring government agencies to work together.
Threat actors compromised American automaker General Motors in a credential stuffing attack, accessed customers' personal information, and redeemed reward points for gift cards.
Business users' billing information was inadvertently stored in the browser's cache, making it possible for the exposed data to be accessed by users who share computers.
Without a pragmatic approach to ICS security, businesses could face serious consequences and shutdown of production when vulnerabilities are exploited by threat actors.
Colorado Energy Company, Delta-Montrose Electric Association (DMEA), suffered a malicious cyber attack that shut down 90% of its internal controls and wiped 25 years of historical data.
While Presidents Putin and Biden still appear to be far apart on the issue of cyber attacks originating from the former's country, the two at least appear to be negotiating. Biden presented Putin with a list of critical infrastructure targets that could trigger serious retaliation.
Suspected state-sponsored hackers compromised at least 100 employees of at least 21 natural gas producers before staging a cyber attack on the eve of the Russian invasion.
A joint cybersecurity advisory by the NSA and GCHQ warns that Russian hackers are brute forcing passwords on the cloud using a Kubernetes cluster in a global cyber espionage campaign.
Attacker exploiting new Intel chip vulnerability will need to go through multiple complex steps and have physical access to the device to gain full access to the system.