Facebook Messenger phishing campaign targeted millions of business accounts using fake and hijacked personal accounts to trick business owners into installing an infostealer that harvests passwords and cookies before locking them out.
Cyber Security
Cyber criminals, state-sponsored hackers and even the occasional disgruntled employee are constantly looking to gain unauthorized access for a variety of purposes: theft of money, cyber espionage, personal information for sale or for use in scams, and damage to critical infrastructure for just a few of the most common.
So how does an organization mitigate an entire world full of continual cyber attacks? Just as buildings have a number of necessary elements of physical security: access control, cameras, alarms and so on; there are similar key elements of cyber security that are absolutely vital for just about any modern business.
It starts with identifying and closing the most common doors that attackers use. For example, phishing attacks on employees are far and away the most common initial point of entry. The breach of even a low-level employee account can quickly turn into an escalation in access privileges and the ability to reach sensitive information. This is also true of smart devices, which are generally more poorly secured than computers and phones.
Caesars Entertainment quietly disclosed its own recent cyber attack in a SEC filing. Unlike MGM, Caesars appears to have skated through their own incident by making a $15 million ransom payment to the hackers.
Citizen Lab reports that the new Pegasus spyware zero-click zero-day impacts the most recent version of iOS (16.6) and likely prior versions dating back to the iPhone 8. As with the prior Pegasus attack vector, victims only need to receive a iMessage to be compromised; they do not need to open the message or interact with it.
For IT leaders that only require a subset of Secure Access Service Edge (SASE) capabilities, preferring to focus mainly on the security aspects and leaving out the networking components, Security Service Edge (SSE), an emerging new cloud-native security framework, is potentially a better fit.
Okta has warned about social engineering attacks by sophisticated actors targeting super administrators by tricking service desk staff into resetting multi-factor authentication for privileged users.
When targeted by an Advanced Persistent Threat (APT), an organization needs to be ready to defend from a variety of different attacks coming from different directions, sometimes all at once, and sometimes over a period of time.
Johnson & Johnson’s IT service provider IBM has notified over 1 million Janssen CarePath customers of a data breach that leaked personal and medical information.
MGM, one of the two largest casino-hotel chains on the Strip, has not yet confirmed the nature of the attack, calling it a 'cybersecurity issue.' The properties remain open, but operations such as front desk check-ins and payouts for casino games have had to shift to entirely manual operations.
The US Department of Treasury and the UK’s Foreign Office have sanctioned 11 Russian nationals for their role in Conti ransomware and TrickBot cybercrime gangs.
SEC's new rule for public companies to report data breaches within four days is a significant step towards transparency, cybersecurity preparedness, and standardizing reporting practices. Since news of the law broke, many security professionals have however expressed conflicting opinions.










