The Cybersecurity & Infrastructure Security Agency has revealed that an unnamed US government agency was hacked by attackers who used valid credentials for multiple users of Microsoft 365 accounts, domain administrator accounts and credentials for the agency's Pulse Secure VPN server. The hackers were able to download files from the accounts and breach the agency's internal network before being detected by the agency's intrusion detection system.
An unsecured database containing 100 million records from Microsoft's Bing search engine was discovered by Wizcase's security researchers, prompting Microsoft to act. Wizcase reports that no specific names or email addresses were involved but that some of the search terms were shocking and could be used for blackmail.
Cybersecurity vulnerabilities in an enterprise's supply chain could leave that organization in a weak position to defend against cyberattacks, BlueVoyant reports. Organizations typically have an average of more than 1,000 vendors in their supplier ecosystems, and 82% of organizations acknowledged having a data breach due to supply chain issues during the past year, the cybersecurity company says.
With remote learning, school districts are reporting more ransomware attacks. Brett Callow, a threat analyst for Emsisoft, says the cybercriminals are changing tactics, threatening to publish employee information online and demanding more than $150,000 instead of just a few thousand dollars.
Breach and Attack Simulation For Dummies The best way to know you're protected in today's ever-changing landscape of threats is to attack yourself. With breach and attack simulation tools, you can safely emulate attacks on your production network — making it easy to find vulnerable gaps and misconfigurations. Download the eBook to learn more.
According to one estimate, the cybersecurity field will have 3.5 million unfilled jobs by next year. Ntirety CEO Emil Sayegh suggests a dual counterattack: businesses investing in developing employee skills and hiring third parties to keep "eyes on glass."
Why have many internal audit functions failed to drive the type of value stakeholders expect? The question provokes varying responses. Voids in competencies, hiring challenges, and budgetary constraints are frequently used to defend IA. These and various other challenges are problematic and can prevent the IA function from becoming a value-generating corporate partner. A contributing factor for many IA functions is its reluctance to address "indiscernible" threats. Full Story: ISACA
Eyeware-maker Luxottica's operations in Italy and China were shut down by a ransomware attack. The attack was first noticed by consumers, and employees confirmed they were sent home because of "serious IT problems."
Almost every company has a plan for recovering data lost in a cyberattack, but nearly one in four have never bothered to test it, states a study by Dimensional Research for StorageCraft. Two-thirds of IT leaders think their CEOs either don't want to know the details about data recovery or are not interested.