X-Industry

Doomsday movies and TV shows have continuously been a staple in American entertainment. These fictionalized end-of-the-world scenarios range from the spread of mysterious diseases to catastrophic weather events and even aliens and zombies taking over.  But in recent years, a new threat has arisen in apocalyptic content: cyber-attacks.

In 2023, the Netflix film "Leave the World Behind," based on the novel of the same name, shares the story of two families stuck in a Long Island home trying to nav

Security researchers have flagged a critical vulnerability in Microsoft’s multi-factor authentication (MFA) system, called “AuthQuake,” that could allow attackers to bypass protections and gain unauthorized account access.  Their report[1] details how the flaw required no user interaction, did not generate alerts, and took less than an hour to execute.  While multi-factor authentication (MFA) is a solid security mechanism, such flaws make it a double-edged sword due to the nature of the user’s r

“Multi-Factor Authentication stops 99% of all attacks.”  It’s a phrase used quite a bit.  However, while MFA has become the go-to cybersecurity solution deployed by businesses globally, we must recognize that not all MFA solutions are created equal.  Many are as easy to hack with social engineering and phishing as traditional passwords.  So, the claim that almost all attacks can be repelled by MFA is an oversimplification at best and insincere at worst.

This raises an important question: if so,

Iranian hackers are acting as Initial Access Brokers (IAB), selling access to critical infrastructure organizations in the West to the highest bidder.  A joint security advisory recently published by the US Cybersecurity and Infrastructure Agency (CISA), together with the FBI, NSA, the Communications Security Establishment Canada (CSE), the Australian Federal Police (AFP), and Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ASCS), claims Iranian threat actors are activel

Online identities continue to be at risk of vulnerabilities, a colossal password compilation named "RockYou2024" has emerged, containing nearly 10 billion unique passwords. This unprecedented leak has put the cybersecurity community and beyond on high alert as if it was not already there, highlighting the ongoing need for improved digital security practices.

The name "RockYou2024" pays homage to the infamous RockYou data breach of 2009, which exposed 32 million passwords due to insecure storage

In today’s digitally connected world, passwords are the gateway to protecting our online lives, from email and social media accounts to banking and private data.  Yet, many users still use alarmingly weak passwords or reuse the same ones across multiple sites, putting our digital identities at severe risk.  What is your birth date, street address, or pet’s name?  World Password Day, observed annually on the first Thursday of May, is a crucial reminder to change these poor password habits and pri

Oh no, not another list?  Yes, in today's digital world, where connectivity is everything, endpoints are the gateway to a business's digital networks. And because of this, endpoints are one of the hackers' favorite targets.  According to the International Data Corporation (IDC), https://www.idc.com, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks.  With IT teams needing to protect more endpoints and more k

The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed that an unnamed state government organization's network environment was compromised via an administrator account belonging to a former employee.  "This allowed the threat actor to successfully authenticate to an internal virtual private network (VPN) access point," the agency said in a joint advisory published 15 February 2024 alongside the Multi-State Information Sharing and Analysis Center (MS-ISAC).  "The threat actor

When discussing access security, one recommendation stands out; multi-factor authentication (MFA).  With passwords alone being simple work for hackers, MFA provides an essential layer of protection against breaches.  It is important to remember that MFA still is not foolproof.  It can be bypassed.  If a password is compromised, several options are available to hackers looking to circumvent the added protection of MFA.  The following are four social engineering tactics hackers successfully use to

Traditional password-only authentication systems have proven to be vulnerable to a wide range of cyberattacks.  To safeguard critical business resources, organizations are increasingly turning to multi-factor authentication (MFA) as a more robust security measure. MFA requires users to provide multiple authentication factors to verify their identity, providing an additional layer of protection against unauthorized access.  Cybercriminals are constantly investigating ways to bypass MFA systems. O

With an estimated damage of US$10.5 trillion annually from cyberattacks projected by 2025, a significant surge from 2015 levels, the demand for stronger cybersecurity methods has never been more pressing.  According to Geoff Schomburgk, the Regional Vice President, Asia Pacific & Japan (APJ) at Yubico, a leading provider of phishing-resistant authentication hardware solutions, this escalating threat is prompting the need to steer away from traditional, insecure password mechanisms.  "Passwords,

The US Department of Justice (DOJ) said last month’s effort to bring down the Genesis Market represents a departure from its traditional cyber enforcement actions. “Operation Cookie Monster” was not about nabbing masterminds but about making it harder for JV hackers to level up in online fraud.  Cookie Monster is often associated with children, or in this case – Script Kiddies.

Lisa Monaco (Deputy Attorney General Lisa Monaco): We focus on disruptions and not always just looking for the prosecut

An open source Adversary-in-The-Middle (AiTM) phishing kit has found new users in the cybercrime world for its ability to make cyberattacks at scale.  Microsoft Threat Intelligence is tracking the threat actor behind the development of the kit under its emerging name DEV-1101.  An AiTM phishing attack typically involves a threat actor attempting to steal and intercept a target's password and session cookies by deploying a proxy server between the user and the website.

Such attacks are more effec

The US CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks - Actions to take today to harden your local environment:

• Establish a security baseline of normal network activity; tune network and host-based appliances to detect anomalous behavior.
• Conduct regular assessments to ensure appropriate procedures are created and can be followed by security staff and end users.
• Enforce phishing-resistant MFA to the greatest extent possible.

In 2022, the US Cybersecurity and

Ransomware attacks keep increasing in volume and impact largely due to organizations' weak security controls. Mid-market companies are targeted as they possess a significant amount of valuable data but lack the level of protective controls and staffing of larger organizations. According to a recent RSM survey, 62% of mid-market companies believe they are at risk of ransomware in the next 12 months.

As ransomware is still the preferred way for actors to monetize their access, there is a need to u

According to cyber experts, threat groups are making nearly 1,000 attempts to hack account passwords every single second and they are more determined to succeed with the number of attacks increasing.  This analysis comes from Microsoft's Digital Defense Report 2022 and are based on research of trillions of alerts and signals collected from the company's worldwide ecosystem of products and services. 

The report cautions that cyber-attacks are increasing, with account passwords still very much the

A new Phishing-as-a-Service (PhaaS) named EvilProxy (also known as Moloch) was seen for sale in dark web forums, according to researchers.  Moloch ransomware is a computer virus infection that encrypts all personal victim files on an affected device and demands a ransom for unlocking them.  This file-locking parasite belongs to a relatively small Makop ransomware family compared to others, such as Djvu or Dharma.

EvilProxy actors are using reverse proxy and cookie injection methods to bypass 2FA