Cisco Duo customers may have had VoIP and SMS MFA logs exposed to an attacker in early April. Third party breach is the result of one of the provider's employees being phished. The attackers then seemed to target the MFA logs of specific clients of interest.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
A password compromise affecting business intelligence and analytics firm Sisense has triggered a CISA alert urging customers to reset their account login credentials and secrets.
Generative AI (GenAI) has prompted fears about data security and privacy, but it may also be the tool that organizations have been looking for to improve security and privacy through better data handling.
Microsoft has experienced another security lapse after inadvertently exposing employee credentials for accessing internal databases and systems via an unsecured Azure cloud server, which was accessible over the public Internet without a password for nearly a month after discovery.
A blogpost from LastPass Labs warns of an attempted voice phishing attack on an employee that made use of an audio deepfake of company CEO Karim Toubba. The attacker peppered the LastPass employee with a series of calls, text messages, though the employee recognized it as a scam attempt and no damage was done.
RansomHub has claimed credit for the new cyber extortion attempt on Change Healthcare. The group says that it stole 4 TB of data that includes sensitive personal information, including financial information and medical records belonging to US military personnel.
The Department of State is investigating an alleged data breach exposing sensitive government data from the Pentagon, the Five Eyes intelligence alliance, and other US allies.
The Open Worldwide Application Security Project (OWASP) suffered a data breach stemming from a server misconfiguration that leaked members' personal information.
The CSRB found that the security breach was preventable, and that a "a corporate culture that deprioritized enterprise security investments and rigorous risk management" ended up leaving open doors for the Chinese hackers.
Identity threat management and authentication are crucial components of cybersecurity in 2024 and beyond. By implementing robust security measures, leveraging technologies such as biometric authentication and staying vigilant against emerging threats, individuals and organizations can protect themselves against identity theft and fraud.










