Cybersecurity RESOURCES

Microsoft 365 accounts are facing an extensive password spraying attack by a Chinese botnet, which possesses the ability to bypass multifactor authentication (MFA). This botnet comprises over 130,000 compromised devices, utilizing stolen credentials from infostealer accounts and then systematically attempting to log into M365 accounts globally.

With recruiters using LinkedIn as a very popular way to research and reach out to potential candidates, bad actors have begun to try to abuse people’s trust and desire for new challenges to lure them in with fake job opportunities as a way capture their credentials and deliver additional malware.

The IRS has already made several reminders for individuals to be aware of bad actors trying to take advantage of this season to gain access to your personal data and finances. Read tips and guidance taken directly from the IRS’ website, including associated links to stay safe during tax season.

Take a minute and think about the password(s) you use in both your professional and personal capacities. When passwords are reused or weak, they are far more susceptible to being stolen. One stolen password can lead to a detrimental data breach for your organization.

To prepare for the FFIEC Cybersecurity Assessment Tool sunset date, financial institutions should identify a new framework around which to build their programs and self-assess themselves against that framework using a risk based approach to ascertain that the appropriate level of maturity is reached within various areas.

As the excitement of Black Friday and Cyber Monday draws shoppers in with unbeatable deals and discounts, it’s important to remember that the online shopping frenzy also brings increased cybersecurity risks.

With the remote workforce not showing any signs of slowing down, many organizations are starting to evaluate and implement ways to access these systems through the usage of Remote Access Tools. While these tools provide an incredible amount of value to an organization to stay connected and retain access, Remote Access Tools are a significant attack vector in cybersecurity and are something that should not be taken lightly.

CISA is alerting the public to be cautious of potential cyber scams following hurricanes. After major natural disasters, fraudulent emails and social media messages—often containing harmful links or attachments—are common.

Announcing the NEW GRID Active Cyber Risk Readiness Action Dashboard.  The additions to DefenseStorm’s Cyber Security Risk Management platform delivers customers with an overview and actionable steps to stay ready against cyber attacks

The Federal Financial Institutions Examination Council (FFIEC) released important information surrounding the commonly used Cybersecurity Assessment Tool (CAT).

In April 2024, a known threat actor calling themselves USDoD claimed to possess and sell approximately 2.9 billion records from National Public Data, which included individuals’ personal data from people in the US, UK, and Canada.

News is emerging about AT&T’s disclosure of what they term as ‘Unlawful Access of Customer Data.’  The majority of AT&T customer data was illegally downloaded from their workspace on a third-party cloud platform from May 2022 through October 31, 2022 and on January 2, 2023.

GRID Active now offers customer a view into their state of Cyber Risk Readiness and demonstrates the positive impact an integrated cyber risk management platform can have in managing cyber risk.

In late June 2024, LockBit cybercriminal group claimed responsibility for having breached a government agency with plans to release the stolen data. It was revealed that the group actually breached Evolve Bank and Trust.

Cybersecurity risk management is a critical component of risk for banks and credit unions and by taking a proactive approach to risk, you can identify, mitigate, and even prevent risk before it’s too late. Learn how DefenseStorm’s built for banking approach can help you tackle cybersecurity risk and keep your institution cyber risk ready.

The Olympic Games begin July 26, 2024, and end August 11, 2024. I, like most people around the globe, will be watching and cheering on our nation’s athletes as they achieve their goals and live out their Olympic dreams. Unlike most of the audience, though, I will also be thinking about the unseen but expected threats and attacks that will be occurring from cybercriminals and bad threat actors taking advantage of such a major event.

A proposed rule from the Federal Deposit Insurance Corporation (FDIC) will establish new regulatory standards and increase the focus of cybersecurity risk management and governance while bringing an expectation of faster response times and real-time remediation of deficiencies.

Reports of a massive AT&T data leak have surfaced, with around seventy million customers potentially affected. The data is reportedly for sale on a leak forum or website.

NIST’s Cybersecurity Framework (CSF) is designed to help institutions of all sizes and sophistication levels manage and reduce their unique cybersecurity risks. With the release of CSF 2.0, the guidance provided by NIST has expanded the practice and controls that institutions can use to best understand, assess, prioritize, and communicate its cybersecurity efforts.