Articles In Technology Week in Review

By Eric Corcoran, Posted in Technology Week in Review

Monday 9/25 10 Real-World Business Email Compromise (BEC) Scam Examples (Proofpoint) The FBI’s Internet Crime Complaint Center reports that businesses lost more than $2.7 billion to BEC scams in 2022. That’s more than one-quarter of all the cyber crime-related financial losses for that year. https://bit.ly/3RC1LVw What is Alert Deafness? (Check Point) The exponential increase in data processed by organizations means a rise in errors, failures, and vulnerabilities is expected. But with pings... read more.

• September 29, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 9/18 August 2023’s Most Wanted Malware: New ChromeLoader Campaign Spreads Malicious Browser Extensions while QBot is Shut Down by FBI (Check Point) Check Point Research reported on a new ChromeLoader campaign named “Shampoo” which targets Chrome browser users with malware-loaded fake ads. Meanwhile, the communications sector jumped up the list to the second most impacted industry over healthcare. https://bit.ly/3EKqbV6 5 Password Cracking Techniques Used in Cyber Attacks (Proofp... read more.

• September 22, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 9/11 New Perimeters—Identity Threats Are the New Attack Surface (Proofpoint) Cyber criminals can bypass standard perimeter defenses with minimal effort or technical know-how by targeting unmanaged and misconfigured identities. Service accounts, local and shadow admins and cached credentials often slip through the net of privilege and password security tools. https://bit.ly/488aQeF Purity//FA 6.4.10: NFS 4.1 Support and Ransomware Protection Enhancements (Pure Storage) The latest release of... read more.

• September 15, 2023

By Eric Corcoran, Posted in Technology Week in Review

Tuesday 9/5 What Is Smishing and How Organizations Can Protect Themselves (Arctic Wolf) SMS (short messaging service) phishing or “smishing” is a common type of cyber attack where victims receive misleading text messages intended to trick them into providing credentials, access, valuable data, or even downloading malware onto a system. It is also called “cell phone phishing.” https://bit.ly/3fvq8nh The Evolution of Cybersecurity in Banking (Fortinet) As highlighted in recent rep... read more.

• September 08, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/28 Surge in Cybercrime: Check Point 2023 Mid-Year Security Report Reveals 48 Ransomware Groups Have Breached Over 2,200 Victims (Check Point) The key takeaway from CPR’s 2023 Mid-Year Security Report is that cybersecurity is a dynamic battlefield. It underscores the need for organizations to evolve their security strategies in tandem with the shifting threat landscape, employing a combination of the latest AI-driven defenses and a deep understanding of older vulnerabilities. https://bit.ly... read more.

• September 01, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/21 How to Protect Your Cloud Environment From Today’s Top 5 Threats (Varonis) Cloud environments are evolving quickly, and so are the threats looking to compromise them. No matter what the risk is or what the attack vector is, the goal is always the same: threats are after the data.  https://bit.ly/3qFixIk Five Things To Know About PCI DSS 4.0 Authentication Requirements (HYPR) PCI DSS 4.0, introduces more than 60 new or updated requirements, with new directives around passwords and... read more.

• August 25, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 8/7 Prevention Is the Best Preparation for the SEC’s New Breach Disclosure Rules (CrowdStrike) The U.S. Securities and Exchange Commission (SEC) this week voted to adopt new rules for how companies inform investors about cybersecurity concerns. The vote comes after years of gradually increasing guidance and scrutiny over companies’ handling of cybersecurity events. https://bit.ly/3qeR0NR The 8 Stages of the Ransomware Attack Chain (Proofpoint) Although attackers may be constantly fin... read more.

• August 18, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 7/31 Making Zero Standing Privileges a Reality (CyberArk) The most significant change in the lifespan of identity security thus far is zero standing privileges (ZSP). Considered to be the next evolution of just-in-time (JIT) access, although it may seem needlessly complex at first, once you wrap your head around the concept, it feels as natural as turning off lights when you leave a room. https://bit.ly/457DKZX Build Strong, Secure Browsing Habits During—and Before—Cybersecurity Aware... read more.

• August 04, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 7/24 Five Ways to Secure External Identities (CyberArk) The cast of characters playing essential roles in driving your high-stakes initiatives continues to grow in number, scope and risk. Keeping their identities secure is essential for preventing third-party breaches and attacks – and for protecting everything these external B2B users are building for your enterprise. https://bit.ly/43FTGSj Ransomware Roundup - Cl0p (Fortinet) The Cl0p ransomware appears to be a descendent (or variant) of... read more.

• July 28, 2023

By Eric Corcoran, Posted in Technology Week in Review

Monday 7/17 VMware's Purple Screen of Death Similar to Microsoft’s Blue Screen of Death, the Purple Screen of Death occurs when there is a kernel panic in Linux variants that result in a system halt. This typically is due to a driver issue, hardware issue, or in my case, a recent patch. https://www.gothamtg.com/blog/vmwares-purple-screen-of-death Log4j Vulnerability: Are Organizations Still at Risk? (F5) It’s been almost 2 years since the log4j vulnerability was exposed, and organizations a... read more.

• July 21, 2023