New insights on cybersecurity in the age of hybrid work

As we approach the last week of Cybersecurity Awareness Month, I think about what is top of mind for myself and my peers in security. The past year has continued the 2020s major shift in the way organizations operate. Recent data shows that 81 percent of enterprise organizations have begun the mo...

Problems with Multifactor Authentication

Roger Grimes on why multifactor authentication isnt a panacea: The first time I heard of this issue was from a Midwest CEO. His organization had been hit by ransomware to the tune of $10M. Operationally, they were still recovering nearly a year later. And, embarrassingly, it was his most trusted ...

MFA Glitch Leads to 6K+ Coinbase Customers Getting Robbed

The accounts of at least 6,000 Coinbase customers were robbed of funds after attackers bypassed the cryptocurrency exchange’s multi-factor authentication MFA. According to a notification letter PDF – seen and posted by BleepingComputer, which first reported the story – that Coinbase sent to...

3 key resources to accelerate your passwordless journey

Every organization today faces password-related challenges—phishing campaigns, productivity loss, and password management costs to name just a few. The risks now outweigh the benefits when it comes to passwords. Even the strongest passwords are easily phish-able and vulnerable to attacks, such as...

3 key resources to accelerate your passwordless journey

Every organization today faces password-related challenges—phishing campaigns, productivity loss, and password management costs to name just a few. The risks now outweigh the benefits when it comes to passwords. Even the strongest passwords are easily phish-able and vulnerable to attacks, such as...

How Vodafone Global Security Director creates an inclusive and secure workplace

Moving to more flexible remote work policies has caused telecommunications giant Vodafone to rethink cybersecurity and the potential friction to users. Instead of relying on physical security controls in the office, the company has embraced a Zero Trust strategy that requires authenticating...

How Vodafone Global Security Director creates an inclusive and secure workplace

Moving to more flexible remote work policies has caused telecommunications giant Vodafone to rethink cybersecurity and the potential friction to users. Instead of relying on physical security controls in the office, the company has embraced a Zero Trust strategy that requires authenticating...

CVE-2021-37597

WP Cerber before 8.9.3 allows MFA bypass via wordpressloggedinhash manipulation...

Microsoft and NIST collaborate on EO to drive Zero Trust adoption

2020s Nobelium attack sent shock waves through both government and private sectors. 2021 has already seen large-scale nation-state attacks such as Hafnium1 alongside major ransomware attacks2 on critical infrastructure. The breadth and boldness of these attacks show that, far from being deterred,...

Microsoft and NIST collaborate on EO to drive Zero Trust adoption

2020s Nobelium attack sent shock waves through both government and private sectors. 2021 has already seen large-scale nation-state attacks such as Hafnium1 alongside major ransomware attacks2 on critical infrastructure. The breadth and boldness of these attacks show that, far from being deterred,...

Why Is There A Surge In Ransomware Attacks?

The U.S. is presently combating two pandemics--coronavirus and ransomware attacks. Both have partially shut down parts of the economy. However, in the case of cybersecurity, lax security measures allow hackers to have an easy way to rake in millions. It's pretty simple for hackers to gain...

Improper Authentication in Apereo CAS

Apereo CAS 5.3.x before 5.3.16, 6.x before 6.1.7.2, 6.2.x before 6.2.4, and 6.3.x before 6.3.0-RC4 mishandles secret keys with Google Authenticator for multifactor authentication...

Why I Love (Breaking Into) Your Security Appliances

Amid the Colonial Pipeline and JBS ransomware attacks that sparked shockwaves among media worldwide, news broke that attackers were able to compromise Colonial Pipeline through a legacy VPN account. The account lacked multifactor authentication MFA and wasn’t in active use within the business, a...

Microsoft Disrupts Large, Cloud-Based BEC Campaign

Threat hunters at Microsoft recently uncovered and disrupted infrastructure that powered a large-scale business email compromise BEC campaign. The infrastructure was hosted on multiple cloud platforms, which allowed it to stay under the radar for quite some time. “The attackers performed discrete...

Afternoon Cyber Tea: Microsoft’s cybersecurity response to COVID-19

On February 25, 2020, Microsoft Chief Information Security Officer CISO Bret Arsenault was attending the RSA Conference in San Francisco when the city declared a state of emergency because of COVID-19. Shortly after flying back to Seattle, Bret learned of the first death from the coronavirus in...

Mitigate OT security threats with these best practices

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in...

Mitigate OT security threats with these best practices

The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia Godyla talks with Chris Sistrunk, Technical Manager in...

openSUSE Security Update : alpine (openSUSE-2021-675)

This update for alpine fixes the following issues : Update to release 2.24 - A few crash fixes - Implementation of XOAUTH2 for Yahoo! Mail. Update to release 2.23.2 - Expansion of the configuration screen for XOAUTH2 to include username, and tenant. - Alpine uses the domain in the From: header of...

How to secure your hybrid work world with a Zero Trust approach

We are operating in the most complex cybersecurity landscape we’ve ever seen. Sophisticated and determined attackers are the norm. And we all are preparing for the next great disruption—hybrid work. Security has never been more important, and as I shared in another Security blog today, it’s clear...

Google Gets Serious About Two-Factor Authentication. Good!

The tech giant wants to push its billions of users—and the rest of the industry—to enable multifactor authentication by default...