The help desk was operated by a third party. The hackers conned the help desk, it is reported, to reset all of the two factor methods that were set up to protect a super-admin account. They likely did this after they phished an employee for his/her userid and password. They used deceptive phone calls to […]
Continue reading → [DISPLAY_ACURAX_ICONS]Sequoia One is an outsourced HR vendor based in San Francisco that serves more than 500 venture-capital backed firms. According to a letter they sent to clients, an unauthorized party (like, say, perhaps, the Chinese government) accessed its cloud storage account. Data that the unauthorized party (AKA the hacker) accessed includes “name, addresses, dates of […]
Continue reading → [DISPLAY_ACURAX_ICONS]A cybersecurity vendor for one of Mexico’s largest banks sent a cease-and-desist to a cybercrime forum saying that an auction on the site for data stolen from the bank – data for 10 million customers – was fake news and harming the bank’s reputation. So what did the web site’s administrator do? Not what the […]
Continue reading → [DISPLAY_ACURAX_ICONS]The Gift That Keeps on Giving – Log4j – List of Affected Vendors First, get used to hearing about this. It will be haunting us for months, at least. Jen Easterly, current head of DHS’s CISA and formerly at NSA and a professor at the US Military Academy at West Point says this may be […]
Continue reading → [DISPLAY_ACURAX_ICONS]Once a new bug is publicly announced, it takes, on average, seven days for bad guys to figure out how to weaponize it. Experts say that this means that you need to harden your systems against that new attack within 72 hours. That is not very long, even for the best of operations. How long […]
Continue reading → [DISPLAY_ACURAX_ICONS]The fourth annual benchmark on cyber resilience authored by Larry Ponemon and paid for by IBM shows that 77% of the organizations surveyed do not have a cybersecurity incident response program applied consistently across the organization. Does your organization have an effective, trained and tested cybersecurity incident response program (CSISP) that works across all parts […]
Continue reading → [DISPLAY_ACURAX_ICONS]