Entries by

,

Morgan Stanley Discloses Data Breach

Attackers were able to compromise customers’ personal data by targeting the Accellion FTA server of a third-party vendor. Morgan Stanley has confirmed a data breach in which attackers were able to access personal information belonging to customers by targeting a vulnerability in the Accellion FTA server. The server belonged to Guidehouse, a vendor that provides […]

,

Kaseya Hacked – Another Supply chain weakness

The Kaseya ransomware attack is believed to have been down to an authentication bypass. Yes, ransomware needs to be on your radar — but good authentication practices are also imperative. Last Friday, just before the extended American Independence Day holiday, it was announced that Kaseya, an American software company, was hacked. The malicious actors were […]

Email spoofing: how attackers impersonate legitimate senders

Introduction In a nutshell, email spoofing is the creation of fake emails that seem legitimate. This article analyzes the spoofing of email addresses through changing the From header, which provides information about the sender’s name and address. SMTP (Simple Mail Transfer Protocol, the main email transmission protocol in TCP/IP networks) offers no protection against spoofing, […]

, , ,

U.S. to Give Ransomware Attacks Similar Priority as Terrorism

In the aftermath of the Colonial Pipeline hack and the increasing damage done by cybercriminals, the U.S. Department of Justice is intensifying investigations into ransomware assaults to the same level of severity as terrorism, according to a senior department official, as Reuters notes.   Internal instructions provided to U.S. prosecutors across the country on Thursday said […]

, ,

Lack of User Verification Policy for Password Reset Could Lead to Social Engineering Attacks

A survey revealed that 48% of organizations don’t have a user verification policy for password resets, which could pave the way for social engineering vulnerabilities among IT help desks. Despite the rise in identity theft across various sectors globally, some organizations are still not maintaining a robust verification process to secure their employee data. According […]

, ,

Corporate Compliance Strategies to Protect Data

The pandemic has pushed the corporate workforce to remote locations, which has resulted in increased risk to corporate data. As corporations rise to the challenge of responding to this risk, compliance officers, CISOs, and leaders should look to revamp disjointed and siloed approaches to protecting corporate data. The past few years have seen a notable […]

Air India data breach impacts 4.5 million customers

Air India disclosed a data breach after personal information belonging to roughly 4.5 million of its customers was leaked two months following the hack of Passenger Service System provider SITA in February 2021. The Indian national carrier first informed passengers that SITA was the victim of cyberattack on March 19. “This is to inform that SITA […]

COVID-19 and the Current Cyber Threat Landscape in India

India has been aggressive with its vaccination drive since its launch in January 2021, for health care and frontline workers first in line. The second phase of the vaccination program for the public kickstarted on March 1, 2021. The two vaccines being administered include “Covishield” from the Serum Institute of India and “Covaxin” from Bharat […]