Enable remote work while keeping cloud deployments secure

As our customers shift to remote work in response to the COVID-19 outbreak, many have asked how to maintain the security posture of their cloud assets. Azure Security Center security controls can help you monitor your security posture as usage of cloud assets increases. These are three common...

Making it easier for your remote workforce to securely access all the apps they need, from anywhere

Since I published my last blog, Five identity priorities for 2020, COVID-19 has upended the way we work and socialize. Now that physical distancing has become essential to protect everyone’s health, more people than ever are going online to connect and get things done. As we all adjust to a new...

Millions of Guests Impacted in Marriott Data Breach, Again

For the second time in two years, the Marriott hotel empire has suffered a major data breach. This time, approximately 5.2 million guests have been affected. The attack was carried out via third-party software that Marriott’s hotel properties use to provide guest services, according to an online...

Alternative ways for security professionals and IT to achieve modern security controls in today’s unique remote work scenarios

With the bulk of end users now working remotely, legacy network architectures that route all remote traffic through a central corporate network are suddenly under enormous strain. The result can be poorer performance, productivity, and user experience. Many organizations are now rethinking their...

Domain Name Security: Important Measures You Need to Know

Whether you are an individual, a large commercial business, or a small non-profit organization, the creation and protection of your online presence are essential. While many individuals and businesses use social media platforms to connect with followers, customers, or organization members, a doma...

Defending the power grid against supply chain attacks—Part 2: Securing hardware and software

Artificial intelligence AI and connected devices have fueled digital transformation in the utilities industry. These technological advances promise to reduce costs and increase the efficiency of energy generation, transmission, and distribution. They’ve also created new vulnerabilities...

What is the Cybersecurity Equivalent of Washing Your Hands for 20 Seconds?

With COVID-19's spread, there have been numerous recommendations from health authorities and experts that one of the best, first-level measures to help spread infection is to wash hands with soap and water thoroughly for 20 seconds. In recent days, we’ve frequently gotten the question: “What can ...

Magecart Cyberattack Targets NutriBullet Website

A faction under the Magecart umbrella, Magecart Group 8, targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a Wednesday post that a JavaScript web skimmer co...

Magecart Cyberattack Targets NutriBullet Website

A faction under the Magecart umbrella, Magecart Group 8, targeted the website of the blender manufacturer, NutriBullet, in an attempt to steal the payment-card data of its online customers. Yonathan Klijnsma, threat researcher with RiskIQ, said in a Wednesday post that a JavaScript web skimmer co...

New Osterman Research Report | Cyber Security in Healthcare

In 2019, roughly 45 million healthcare records were breached in the United States. With ransomware as their go-to technique, cyber attackers are targeting healthcare providers, medical devices, and critical supply chains more than ever before. The latest Osterman Research report, “Cyber Security ...

CVE-2020-5240 2FA bypass through deleting devices in wagtail-2fa

In wagtail-2fa before 1.4.1, any user with access to the CMS can view and delete other users 2FA devices by going to the correct path. The user does not require special permissions in order to do so. By deleting the other users device they can disable the target users 2FA devices and potentially...

IT executives prioritize Multi-Factor Authentication in 2020

In 2020, many IT executives will roll out or expand their implementation of Multi-Factor Authentication MFA to better safeguard identities. This is one of the key findings of a survey conducted by Pulse Q&A for Microsoft in October 2019.1 Specifically, 59 percent of executives will implement or...

Microsoft identity acronyms—what do they mean and how do they relate to each other?

As a security advisor working with one to three Chief Information Security Officers CISOs each week, the topic of identity comes up often. These are smart people who have often been in industry for decades. They have their own vocabulary of acronyms that only security professionals know such as...

How to set up multi-factor authentication (MFA) for Veeam Agent for Microsoft Windows

Article Applicability This article concerns a feature only available in Veeam Agent for Microsoft Windows 5 and older. The option to backup to OneDrive was deprecated in Veeam Agent for Microsoft Windows 6. As an alternative, Veeam Agent for Microsoft Windows 6 has introduced an Object Storage...

Changing the Monolith—Part 4: Quick tech wins for a cloud-first world

You may have heard that identity is the “new” perimeter. Indeed, with the proliferation of phishing attacks over the past few years, one of the best ways to secure data is to ensure that identity—the primary way we access data—can be trusted. How do we secure identity? Start by evaluating how use...

Afternoon Cyber Tea—The State of Cybersecurity: How did we get here? What does it mean?

Every year the number and scale of cyberattacks grows. Marc Goodman, a global security strategist, futurist, and author of the book, Future Crimes: Everything is Connected, Everyone is Vulnerable, and What We Can Do About It, thinks a lot about how we got here and what it means, which is why he w...

Microsoft and Zscaler help organizations implement the Zero Trust model

While digital transformation is critical to business innovation, delivering security to cloud-first, mobile-first architectures requires rethinking traditional network security solutions. Some businesses have been successful in doing so, while others still remain at risk of very costly breaches...

How companies can prepare for a heightened threat environment

With high levels of political unrest in various parts of the world, it’s no surprise we’re also in a period of increased cyber threats. In the past, a company’s name, political affiliations, or religious affiliations might push the risk needle higher. However, in the current environment any compa...

A Practical Guide to Zero-Trust Security

Employees are demanding that employers enable flexible workstyles. Apps are moving to the cloud. A company’s device and application mix are increasingly heterogeneous. All of these factors are breaking down the enterprise security perimeter, rendering traditional security approaches obsolete, and...

How to implement Multi-Factor Authentication (MFA)

Another day, another data breach. If the regular drumbeat of leaked and phished accounts hasn't persuaded you to switch to Multi-Factor Authentication MFA already, maybe the usual January rush of 'back to work' password reset requests is making you reconsider. When such an effective option for...