Hackers behind a campaign of deceptive sweepstakes spam hacked their way into Azure cloud accounts that lacked multifactor authentication and obtained admin privileges for Exchange servers. Microsoft advises turning on MFA and other measures such as conditional access.
In the latest weekly update, ISMG editors discuss the industrywide implications of a teenager hacking into Uber's internal systems, key trends in the new Gartner SD-WAN Magic Quadrant report, and how ethics and security culture are center stage due to recent CISO revelations at Uber and Twitter.
A criminal investigation is underway into a breach at Optus, Australia’s second-largest telecommunications company. Optus' CEO says the company will notify those affected. It's unknown so far who perpetrated the attack, and the data has not appeared on the dark web.
Should the now-former CSO of Uber have reported a security incident to authorities after discovering signs of unusual behavior? That's one of the big questions now being asked in the closely watched trial of Joe Sullivan, who's been charged with covering up a data breach and paying off hackers.
The chief executive of Portugal's state-owned airline said she will not negotiate with hackers even as the Ragnar Locker ransomware-as-a-service group posted online the data of 1.5 million customers. "We hope you support us in this ethical attitude," said Christine Ourmières-Widener.
Private equity firm Vector Capital invested $100 million in Malwarebytes a month after the antivirus stalwart laid off 125 employees to focus on smaller customers. The funds will help the vendor reduce clients' attack surfaces and accelerate momentum with MSPs and channel partners.
Darktrace's Cybersprint acquisition allowed the cybersecurity AI vendor to move from focusing solely on internal threats to also defending the external attack surface, Nicole Eagan says. The company says AI will give an outside-in view of the victim and simulate how the attacker will behave.
Australian telecommunications giant Optus is warning that current and former customers' personal details were exposed, including some driver's license and passport details, but no passwords or financial details, after it suffered a major data breach.
SentinelOne is taking on top rival CrowdStrike in the venture arena, unveiling a $100 million fund to support security and data startups of all sizes. S Ventures will give the company broader reach in adjacent markets and enable high-value integrations that can grow over time.
Financial services giant Morgan Stanley will pay a $35 million fine to settle U.S. Securities and Exchange Commission charges that it failed to comply with rules requiring it to safeguard customer data as well as ensure it is disposed of properly.
Customers of app-based bank Revolut should be on guard for phishing attempts after a data breach exposed personal details such as names, emails and telephone numbers. The London-based fintech startup told Lithuanian authorities the hacking incident affects more than 50,000 customers.
Decentralized identifiers and verifiable credentials, in which consumers can use their digital identity credentials for a variety of tasks, have significant evolving potential within the realm of identity and access management, says Merritt Maxim, vice president and research director at Forrester.
CrowdStrike has purchased external attack surface management startup Reposify to help organizations detect and eliminate risk from vulnerable and unknown assets. This deal will allow CrowdStrike to combine its insights on endpoints and IT environments with Reposify's internet-scanning capabilities.
Uber is fingering adolescent extortion hacking group Lapsus$ for the disruption to its internal systems. A self-proclaimed 18-year-old last week spammed the company with vulgar messages and shared online screenshots of the company's cloud storage and code repositories. The FBI is investigating.
One of the internet's worst websites is down following a weekend hack that may have exposed the email, password and IP address of Kiwi Farms users. A statement on the site says hackers gained access to site administrator Joshua Moon's account. Site users stalk transgender and nonbinary people.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.