Collaborate Disseminate
Microsoft has implemented some and is working on delivering several other security-related features and improvements for Windows 11. Administrator protection will allow users to make system changes on their PCs without having administrator rights (that… Continue reading Microsoft announces new and improved Windows 11 security features
Storm-0501, an affiliate of several high-profile ransomware-as-a-service outfits, has been spotted compromising targets’ cloud environments and on-premises systems. “Storm-0501 is the latest threat actor observed to exploit weak credentials… Continue reading Ransomware attackers hop from on-premises systems to cloud to compromise Microsoft 365 accounts
Firms in the construction industry are getting breached by hackers via internet-exposed servers running Foundation accounting software, Huntress researchers are warning. “We’re seeing active intrusions among plumbing, HVAC, concrete, and si… Continue reading Hackers breaching construction firms via specialized accounting software
Service accounts are non-human identities used to automate machine-to-machine interactions. They support critical functions – such as running scripts, services, and applications like websites, APIs, and databases – and facilitate integrations, op… Continue reading Gateways to havoc: Overprivileged dormant service accounts
File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and authentication information. “From a technical perspective, Dropbox Sign’s infrastructure is largely… Continue reading Dropbox says attackers accessed customer and MFA info, API keys
Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets. Fixing the Delinea Secret… Continue reading A critical vulnerability in Delinea Secret Server allows auth bypass, admin access
In this Help Net Security video, John Morello, CTO of Gutsy, discusses the often-overlooked aspect of cybersecurity – the offboarding process. He outlines the real-world implications and potential impact on an organization’s security postur… Continue reading Preventing insider access from leaking to malicious actors
As artificial intelligence amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital. Security awareness training is essential and must be a live, evolv… Continue reading Finding the right approach to security awareness
The “contain user” feature select Microsoft Defender for Endpoint customers have been trying out since November 2022 is now available to a wider pool of organizations, Microsoft has announced. The feature aims to help organizations disrupt … Continue reading Microsoft Defender can automatically contain compromised user accounts
Amazon wants to make it more difficult for attackers to compromise Amazon Web Services (AWS) root accounts, by requiring those account holders to enable multi-factor authentication (MFA). MFA options for AWS accounts AWS provides on-demand cloud comput… Continue reading Amazon: AWS root accounts must have MFA enabled