WebProNews

Category: CybersecurityUpdate

CybersecurityUpdate

  • AWS Acquires Secure Messaging Service Wickr

    AWS Acquires Secure Messaging Service Wickr

    AWS has acquired Wickr, one of the most secure end-to-end encrypted communication services.

    AWS is one of the leading cloud providers for government contracts, and is cleared to provide cloud services for sensitive information. As such, it’s somewhat surprising the company hasn’t had a widely adopted communication platform to compliment its cloud services. It does have Chime, but that’s very much a niche product.

    Bringing Wickr into the fold will help AWS round out its offerings, and could be an important factor in its government contracts.

    “Today, public sector customers use Wickr for a diverse range of missions, from securely communicating with office-based employees to providing service members at the tactical edge with encrypted communications,” writes Steve Schmidt, Vice President and Chief Information Security Officer. “Enterprise customers use Wickr to keep communications between employees and business partners private, while remaining compliant with regulatory requirements.”

    Schmidt says existing Wickr customers will continue to use the service as they currently do, while AWS is making it available to its other customers immediately.

  • DreamHost Leaked 814 Million Customer Records

    DreamHost Leaked 814 Million Customer Records

    Web hosting service DreamHost has leaked a staggering 814 million customer records, including WordPress admin information.

    DreamHost is one of the biggest and most popular web hosting services, with some 1.5 million sites. Security researcher Jeremiah Fowler, in connection with Website Planet, found an unprotected database containing records for the time period between 3/24/2018 to 4/16/2021.

    According to Fowler, the database contains sensitive information, including admin information for WordPress sites.

    The exposed records revealed usernames, display names, and emails for WordPress accounts. The monitoring and file logs exposed many internal records that should not have been publicly accessible. They were structured as roles, ID, display name, email, and other account related information.

    There’s still much unknown about the leak, including how long the data was available, who else may have accessed it and whether DreamHost has notified customers. DreamHost did, however, acknowledge the leak and has passed it to their legal team.

  • Western Digital My Book NAS Devices Being Factory Reset Remotely

    Western Digital My Book NAS Devices Being Factory Reset Remotely

    Western Digital is advising users to disconnect their My Book NAS devices from the internet, following multiple reports of devices being remotely wiped.

    My Book NAS devices are popular external backup options and have the ability to be used on a LAN for remote backup. Unfortunately, on June 23, users started reporting their devices being wiped remotely, according to BleepingComputer.

    “I have a WD My Book live connected to my home LAN and worked fine for years. I have just found that somehow all the data on it is gone today, while the directories seems there but empty. Previously the 2T volume was almost full but now it shows full capacity,” a WD My Book owner wrote on the WD Community Forums.

    “The even strange thing is when I try to log into the control UI for diagnosis I was-only able to get to this landing page with an input box for ‘owner password.’ I have tried the default password ‘admin’ and also what I could set for it with no luck.”

    A look at the logs show the devices were issued a factory reset command starting around 3 PM June 23, and continuing into the night.

    As BleepingComputer points out, it’s unclear where the problem lies. My Book devices, while connected to a LAN, sit behind a firewall, using the My Book Live cloud service to provide remote access. As a result, some users are convinced that only a breach on WD’s end could account for the existing situation.

    WD is investigating, but does not believe there was a breach on their end. Instead, they think the devices were compromised via an unpatched vulnerability after being connected directly to the internet.

    In the meantime, WD is recommending users disconnected My Book Live and My Book Live Duo devices from the internet in this advisory.

  • John McAfee Commits Suicide in Jail Awaiting Extradition

    John McAfee Commits Suicide in Jail Awaiting Extradition

    John McAfee, founder of McAfee Corp, was found dead in a Barcelona jail cell by apparent suicide as he awaited extradition to the US over tax evasion charges.

    McAfee was one of the pioneers of the early tech industry and founded McAfee Associates, which later became known as McAfee Corp. The company was an early leader in antivirus software and continues to make security software and products.

    In recent years, McAfee developed a rather colorful reputation, twice running for US President as a Libertarian. He lived in Guatemala for a time, before being deported back to the US. He had numerous run-ins with legal authorities since at least 2012, was a “person of interest” in the murder of his neighbor in Belize and was ultimately arrested in Spain on US tax evasion charges in late 2020.

    On Tuesday, June 22, the Spanish High Court approved McAfee’s extradition to the US. He was found dead in his cell by apparent suicide on Wednesday, June 23, according to Spanish publications El Pais, via Business Insider.

  • Google Rolling Out End-to-End Encryption in Messages

    Google Rolling Out End-to-End Encryption in Messages

    At long last, Google is rolling out end-to-end encryption (E2EE) in its Android Messages app.

    Android messaging has lagged behind Apple iMessage for some time. In most ways, Android messaging has been little better than standard text messages. In contrast, Apple iMessage has offered read receipts, group administration, E2EE, sending files and more.

    Google has been working to move Android Messages to the RCS standard, which is far more comparable to iMessage. After waiting for carriers to adopt the updated standard, Google finally took matters into its own hands and started implementing it in Android. RCS was available globally in November 2020, but E2EE wasn’t included initially.

    The company is now rolling out E2EE, although with some caveats. Needless to say, both parties must have RCS enabled in order to benefit. In addition, E2EE only works for one-on-one conversations, not groups messages.

    While still not as comprehensive as iMessage, the improvements in Google’s Messages will be a welcome upgrade for users.

  • AG Wants to Strengthen Policies for Obtaining Lawmaker Data

    AG Wants to Strengthen Policies for Obtaining Lawmaker Data

    US Attorney General Merrick Garland wants to strengthen policies for obtaining lawmaker data and has vowed swift action regarding recent revelations.

    A furor broke out when it was discovered that Trump administration prosecutors subpoenaed Apple in 2017 and 2018 for communications data for House Intelligence Committee Democrats, specifically Chairman Adam Schiff and Congressman Eric Swalwell.

    The subpoena covered data for a least a dozen individuals, including aides, family members and one minor, according to CBS News. To make matters worse, Apple was served with a gag order, preventing them from revealing the subpoenas until May 2021.

    The fallout has been swift and severe, with multiple lawmakers calling for investigations and explanations behind Trump’s Justice Department actions. Current AG Garland has vowed swift action and has launched an investigation into what took place.

    As I stated during my confirmation hearing, political or other improper considerations must play no role in any investigative or prosecutorial decisions. These principles that have long been held as sacrosanct by the DOJ career workforce will be vigorously guarded on my watch, and any failure to live up to them will be met with strict accountability. There are important questions that must be resolved in connection with an effort by the department to obtain records related to Members of Congress and Congressional staff. I have accordingly directed that the matter be referred to the Inspector General and have full confidence that he will conduct a thorough and independent investigation. If at any time as the investigation proceeds action related to the matter in question is warranted, I will not hesitate to move swiftly.

    AG Garland has also ordered a review of policies and procedures to ensure any future action is done within the guidelines of the separation-of-powers principle.

    In addition, and while that review is pending, I have instructed the Deputy Attorney General, who is already working on surfacing potentially problematic matters deserving high level review, to evaluate and strengthen the department’s existing policies and procedures for obtaining records of the Legislative branch. Consistent with our commitment to the rule of law, we must ensure that full weight is accorded to separation-of-powers concerns moving forward.

  • McDonald’s Impacted by Data Breach

    McDonald’s Impacted by Data Breach

    McDonald’s now joins an ever-growing list of major companies impacted by data breaches.

    On the same day that VW announced it was impacted by a data breach, fast-food leader McDonald’s announced it too has suffered a breach. The company says private information was accessed for both employees and customers in South Korea and Taiwan.

    According to CNN Business, McDonald’s says it’s cybersecurity investments were to thank for helping the company identify the breach as fast as it did, preventing additional harm.

    “These tools allowed us to quickly identify and contain recent unauthorized activity on our network,” a spokesperson told CNN Business. “A thorough investigation was conducted, and we worked with experienced third parties to support this investigation.”

    It seems the damage could have been far worse had McDonald’s not contained the breach so fast. According to The Wall Street Journal, the hackers also gained access to some US employees’ business contact information, as well minor logistical information on some US restaurants, such as seating capacity. No sensitive or personal information was leaked for US employees or customers.

  • Avaddon Ransomware Group Just Sent BleepingComputer All Its Decryption Keys

    Avaddon Ransomware Group Just Sent BleepingComputer All Its Decryption Keys

    Avaddon ransomware group appears to be closing shop and has sent all its decryption keys to BleepingComputer.

    Avaddon had previously announced they were shutting down operations, and it’s not uncommon for a group to release decryption keys when that happens, as there’s no longer any financial incentive to keep victims locked out of their files.

    BleepingComputer made the announcement via Twitter.

    All told, there 2,934 decryption keys, each one associated with a victim. Given that experts previously only had proof of 88 Avaddon victims, the number of keys suggest the group was far more successful than anyone realized. It also highlights how few companies actually disclose an attack.

    Fabian Wosar, an expert that helped BleepingComputer verify the decryption keys, told ZDNet that negotiations with Avaddon had recently taken on a new intensity, likely indicating the shutdown was planned and negotiators were trying to get whatever they could before the shutdown date.

    The shutdown likely resulted from the group making all the money they wanted.

    “This isn’t new and isn’t without precedence. Several ransomware threat actors have released the key database or master keys when they decide to shut down their operations,” Wosar told ZDNet.

    “Ultimately, the key database we obtained suggests that they had at least 2,934 victims. Given the average Avaddon ransom at about $600,000 and average payment rates for ransomware, you can probably come up with a decent estimate of how much Avaddon generated.”

  • Google Releases Chrome Update Addressing Zero-Day Exploit

    Google Releases Chrome Update Addressing Zero-Day Exploit

    Google has released a major updated for its Chrome web browser, addressing a number of security issues, including a zero-day exploit.

    Google Chrome is currently the most popular web browser on the market by a wide margin. In addition to the success it enjoys as a standalone product, a number of companies use Chrome’s rendering engine, Chromium, as the basis of their browsers. Microsoft Edge, Brave, Opera and Vivaldi are just a few of the browsers built on Chromium.

    The latest update addresses a number of security issues, the most important of which is a zero-day exploit. Google has published details on its blog, and will roll the update out to individuals who don’t apply the patch on their own.

    Users of Chromium-based browsers should likewise check to make sure they’re running the latest version of their browsers.

  • Data Breach Impacts 3.3 Million VW Customers in North America

    Data Breach Impacts 3.3 Million VW Customers in North America

    Volkswagen has disclosed a data breach with one of its vendors, impacting some 3.3 million North American customers and prospective buyers.

    Volkswagen is currently the largest auto maker in the world, and has been for several years. Like many companies, however, VW uses outside vendors to help handle sales and marketing data, and it appears one of those vendors is responsible for a massive data breach.

    According to Reuters, the breach involved sales and marketing data collected between 2014 and 2019, primarily for VW’s Audi brand. The vendor responsible for the data had left it unsecured on the internet from August 2019 to May 2021 when it was accessed by an unauthorized third party.

    VW told regulators that phone numbers and email addresses comprised the bulk of the data accessed, although vehicle information may also have been involved. Of sensitive data accessed, 95% of it involved driver license numbers, with a small amount also including birth dates, Social Security number and account numbers.

  • JBS Paid $11 Million in Ransomware Attack

    JBS Paid $11 Million in Ransomware Attack

    JBS Foods has said it paid roughly $11 million to resolve a ransomware attack that crippled the company.

    JBS Foods is the world’s largest meat producer, with operations in the us, Canada and Australia. The company experienced a cyberattack on May 30 that crippled operations. At the time, company officials were not commenting on the kind of attack it suffered, although many suspected it was ransomware.

    JBS has now confirmed the attack was, indeed, a ransomware attack and that it paid $11 million to end it. At the time the decision was made to pay the ransom, a majority of the company’s facilities were already operational. The ransom was paid, however, to keep data from being taken and ensure there were no lingering issues.

    “This was a very difficult decision to make for our company and for me personally,” said Andre Nogueira, CEO, JBS USA. “However, we felt this decision had to be made to prevent any potential risk for our customers.”

    The company is continuing to work with government officials and investigators and the investigation has confirmed “that no company, customer or employee data was compromised.”

  • TikTok and WeChat In the Clear as Biden Reverses Trump’s Ban Attempts

    TikTok and WeChat In the Clear as Biden Reverses Trump’s Ban Attempts

    TikTok and WeChat’s battle to avoid being sold is finally over, as President Biden has signed an executive order undoing the previous administration’s attempt to ban them.

    TikTok found itself in the crosshairs of the Trump administration, with officials trying to get the social media platform banned in the US. The only proposed alternative was for TikTok’s parent, ByteDance, to sell off the US operations. Oracle, along with Walmart, emerged as winning company, but neither US nor Chinese officials could agree on terms, leaving the company in limbo.

    Shortly after taking office, President Biden ordered a review of the previous administration’s attempts to ban TikTok and WeChat, but has now signed an executive order reversing the attempt to ban them.

    President Biden revoked and replaced three E.O.s that aimed to prohibit transactions with TikTok, WeChat, and eight other communications and financial technology software applications; two of these E.O.s are subject to litigation.

    In lieu of banning the platforms, the executive order instructs the Commerce Department to evaluate “foreign adversary connected software applications” and take action where appropriate to protect user data.

  • FBI Recovers Majority of Colonial Pipeline Ransom

    FBI Recovers Majority of Colonial Pipeline Ransom

    The US Justice Department has recovered some $2.3 million worth of Bitcoin paid as part of the Colonial Pipeline ransomware.

    Ransomware shut down Colonial Pipeline, impacting fuel availability and prices all along the East Cost. The CEO has defended his decision to pay nearly $5 million in Bitcoin, in an effort to get critical infrastructure operational as fast as possible.

    According to Reuters, the Justice Department has successfully recovered some $2.3 million of the ransom paid. The FBI was able to gain access to a private key that unlocked a digital wallet, providing access to the bitcoins.

    The operation is a rare success story in the world of ransomware, where prosecution or recovery of funds is an unusual occurrence.

    Joseph Blount, Colonial Chief Executive, said the company had been working closely with the FBI and was “grateful for their swift work and professionalism.”

    “Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks,” Blount said.

    His sentiments were echoed by John Hultquist, vice president of Mandiant cybersecurity firm, who told Reuters: “Right now, prosecution is a pipedream. Disrupt. Disrupt. Disrupt.”

  • Cyberattack Cripples JBS, World’s Largest Meat Producer

    Cyberattack Cripples JBS, World’s Largest Meat Producer

    A cyberattack has crippled JBS, the world’s largest meat producer, with plants in the US, Canada and Australia shutting down.

    JBS experienced a cyberattack on May 30, targeting its IT systems. The attack shut down the company’s Canadian operations, as well as those in Australia and the US. The company has not yet indicated exactly what kind of attack it suffered, although ransomware is a likely candidate.

    As Bloomberg points out, the company’s Brooks, Alberta beef plant accounts for more than a quarter of Canada’s entire supply of beef, illustrating how critical JBS is to the world’s meat supply. There are likely to be trickle-down effects, as JBS is warning transactions with its suppliers and customers may also be impacted.

    JBS told Bloomberg its backup servers were not affected, and the company is already working to restore operations using them. The company is also not aware of any of its supplier, customer or employee data being compromised.

    Coming just weeks after the Colonial Pipeline ransomware attack drove up fuel prices on the East Coast, the JBS attack illustrates the increasing threat cyberattacks pose on critical infrastructure and commodities.

    “If the Colonial Pipeline cyberattack didn’t impact enough consumers to spur response by the international community, the JBS meat supplier incident likely will,” Meg King, Director of the Science and Technology Innovation Program at The Wilson Center, told WebProNews. “ Now is the time for a global agreement to break the business model of ransomware. This will keep happening – at great cost to life and treasure – if we don’t identify and stop the biggest actors, gain better early warning, and help companies improve their cybersecurity.”

  • Huawei Founder Wants Company to Pivot to Software Amid Sanctions

    Huawei Founder Wants Company to Pivot to Software Amid Sanctions

    Huawei founder Ren Zhengfei is calling on the company to pivot to software as sanctions against its hardware business have crippled it.

    Huawei was one of the leading 5G network equipment providers in the world, in addition to being one of the top smartphone manufacturers. Concerns over its ties to Beijing, however, have led countries around the world to ban the company from participating in their 5G networks.

    To make matters worse, the US led a successful effort to cut the company off from semiconductor manufacturing resources, effectively crippling its smartphone business. As a result, Huawei sold its Honor brand of smartphones, and warned that shipments of its flagship line would be significantly lower going forward.

    Zhengfei believes the company’s path forward lies with software, according to a memo seen by Reuters, with him calling on the company to “dare to lead the world” in software. Zhengfei specifically highlighted his belief that the future of software development was “outside of U.S. control and we will have greater independence and autonomy.”

    It’s a safe bet many countries and jurisdictions will be equally concerned about software provided by Huawei, but the lower cost involved in software vs hardware will still be a major benefit for the company.

  • Securing Remote Work With Better Cybersecurity

    Securing Remote Work With Better Cybersecurity

    When was the last time you set foot into your company headquarters?  If you’re like many post-pandemic Americans, it’s possible it’s been quite a while.  Twenty-twenty threw us all into a tailspin and, in many ways, we are all so very ready to get off this crazy ride.  Yet, we can’t honestly say that every change brought on by COVID has been negative (just the overwhelming majority, but who’s counting?) 

    One of the most affecting changes to come from the pandemic is the sudden rise in employees working remotely.  The vast majority of employees are happy with this change, as it is one that many have rooted for for the past several years anyway.  Employers are also finding that this has its positives as it is actually saving the company money in a few areas.  However, there are new challenges to arise from this turn of events.  One such challenge is the issue of cybersecurity in remote work.  Unfortunately, as employees are now outside the security threshold of their company’s home offices, they and their employers are both suffering from an enormous increase in cyber attacks.  In fact, in early 2020, the FBI reported a 300% increase in cybercrime.  Not only that, but attacks targeting remote workers increased 5x in the first month and a half of lockdown and 20% of companies experienced cyberattacks that could be linked back to remote workers.  

    Cyberattacks skyrocketed in 2020, with the top attacks being phishing (+600%), ransomware (+148%), malware activity (+128%), botnet traffic (+29%), and attacks on IOT devices (+13%).  As 49% of all employees began working remotely for the first time ever, 20% received not tips or training on work-from-home security, although 75% of employees do follow security guidelines given by their employers.  The most popular at-home cybersecurity tips are to be wary of suspicious emails, attachments, and pop-ups; to ensure antivirus software is activated; and to keep software patched and up to date.  Fifty-six employees use their personal devices for remote work, but 25% don’t know what security protocols are on those devices and more than 1 in 4 employees use spotty Wi-Fi, furthering their security risks.  

    Although 60% of US employers have implemented MFA, 67% of companies have still experienced a security breach.  While MFAs seem like a plausible solution, they’re actually too easy to hack.  The reason for this is that passwords can be easy guessed or harvested from a breach; security questions can often be guessed based on social media; and one-time-codes sent by SMS, can be easily intercepted by hackers.  Other MFA security measures may slow a hacker down, but it doesn’t protect data. 

    The real solution is passwordless security, such as the security offered by Beyond Identity.  This kind of security completely eliminates passwords, and hackers can hack what isn’t there.  Beyond Identity ask has a risk-based authorization, meaning every user and every device is checked for risks.  The secure, frictionless login means there are no out-of-band messages that hackers could intercept. 

    Remote work is here to stay.  It’s time for businesses to embrace the best security solutions to keep their organizations moving forward securely. 

    Securing Remote Work
  • Huawei Sees Cloud Success Wooing Government Buyers

    Huawei Sees Cloud Success Wooing Government Buyers

    Huawei is seeing early success with its pivot to cloud computing, despite concerns about the potential security threat it poses.

    Huawei was one of the leading telecom firms in the world, making a popular line of smartphones and leading the industry in wireless network equipment. The company increasingly found itself under scrutiny from governments and intelligence agencies around the world, with concerns it provided an avenue for Beijing to spy on others.

    The US, in particular, took an aggressive stance against the Chinese firm, banning it from networks and pressuring allies to do the same. Around the world, countries followed suit, excluding Huawei from 5G rollouts, or explicitly banning it altogether. The US also successfully cut the firm off from much of its semiconductor supply, putting its smartphone business in jeopardy.

    Huawei began pivoting to other businesses, including cloud computing, in an effort to diversify and offset its losses. It appears the strategy is paying off, as governments around the world are embracing the company’s cloud offerings.

    According to a report by the Center for Strategic and International Studies’ Reconnecting Asia Project, developing economies and emerging markets are especially welcoming of Huawei.

    Emerging markets focus: The majority of deals (57 percent) are in countries that are middle-income and partly-free or not free. Africa leads the way with 36 percent of deals, followed by Asia (20 percent), the Americas (17 percent), Europe (17 percent), and the Middle East (10 percent).

    It appears Huawei is finding success bundling its services as part of a larger package, including giving customers access to funding from Chinese banks.

    Effective sales pitch: Huawei promises major commercial benefits to prospective customers, usually packages the delivery of hard infrastructure with services (60 percent of deals), and harnesses financing from Chinese policy banks to sweeten offers (nearly all deals for which financing could be identified).

    Interestingly, although perhaps not surprisingly, many of the countries embracing Huawei are ones that are considered “not free” or “partly free.”

    Non-liberal: 77 percent of deals are located in countries that are considered either “not free” (34 percent) or “partly free” (43 percent) according to Freedom House ratings.

    Huawei is clearly looking to achieve a degree of immunity from sanctions and bans from the West. It appears to have found a niche that is allowing it to do just that.

  • France Clears Microsoft and Google’s Cloud Technology for Sensitive Data

    France Clears Microsoft and Google’s Cloud Technology for Sensitive Data

    France has decided Google and Microsoft’s cloud technology can be used for sensitive data — with caveats.

    As cloud computing becomes more important to organizations around the globe, there is a growing concern about the risk of US surveillance of cloud data. The EU, in particular, has increasingly looked with suspicion and distrust at US providers.

    France appears to have come up with a solution, clearing Microsoft and Google’s technology for use in sensitive applications, according to Reuters. France will allow the companies’ technology to be used as part of a homegrown solution, as long as the servers are operated on EU soil and the companies storing and processing the data are European-owned.

    “We therefore decided that the best companies – I’m thinking in particular of Microsoft or Google – could license all or part of their technology to French companies,” said French Finance Minister Bruno Le Maire.

    Companies that help create solutions meeting France’s requirements will receive a “trustworthy cloud” label.

    “We… hope that other Franco-American alliances will emerge in this area, which will allow us to have the best technology while guaranteeing the independence of French data,” said Minister for Digital Affairs Cedric O.

  • Colonial Pipeline Ransomware Group Disbanding RaaS Operation

    Colonial Pipeline Ransomware Group Disbanding RaaS Operation

    The group behind the Colonial Pipeline ransomware attack appears to be shutting down its RaaS operation, thanks to increased law enforcement pressure.

    DarkSide secured its place in infamy when it successfully launched a ransomware attack on Colonial Pipeline, devastating the gasoline supply on the East Coast. In response, President Biden signed an executive order on cybersecurity, with a focus on helping the US make the drastic changes necessary to keep pace with evolving threats.

    According to cybercrime intelligence firm Intel 471, the increased pressure from law enforcement is already having an impact. DarkSide has posted an announcement saying they have lost access to their blog, payment server and CDN. In addition, the money it made on ransomware was seized.

    DarkSide has said it will cease its Ransomware as a Service (RaaS) operations. The group also will issue decryptors to outstanding RaaS victims. In an interview with Forbes, Intel 471 CEO Mark Arena said he believes DarkSide will honor its promise.

    “I think they’re well established in the criminal underground and they’re not going to burn it for this,” Arena said. He also said he believed hacker groups would be far more careful about their targets moving forward. “People will definitely research their targets more so something like this doesn’t happen again… These guys want to get paid with as little fanfare as possible so they can carry on doing what they’re doing.”

    According to Intel 471, DarkSide isn’t the only group posting such an announcement. Multiple hacker groups are feeling the increased pressure and closing or significantly changing their operations.

  • President Biden Signs Executive Order on Cybersecurity

    President Biden Signs Executive Order on Cybersecurity

    President Biden has signed an executive order aimed at improving US cybersecurity in the wake of major attacks.

    The last few months have seen multiple high-profile, crippling cybersecurity attacks on US agencies and businesses. SolarWindsimpacted private and public organizations alike, with the full extentstill under investigation. Most recently, Colonial Pipeline was hit with a crippling ransomware attack, severely impacting fuel prices all along the East Coast.

    The threat is exacerbated by hacker groups that are state-sponsored, giving them access to the funds and technology needed to wreak havoc.

    In response, President Biden has issued an executive order aimed at “Improving the Nation’s Cybersecurity.” The order focuses on major changes, rather than incremental improvements, in an effort to keep pace with rapidly-evolving threats.

    Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life. The Federal Government must bring to bear the full scope of its authorities and resources to protect and secure its computer systems, whether they are cloud-based, on-premises, or hybrid. The scope of protection and security must include systems that process data (information technology (IT)) and those that run the vital machinery that ensures our safety (operational technology (OT)).

  • Microsoft Outlook a Major Security Issue for WFM

    Microsoft Outlook a Major Security Issue for WFM

    Amid an unprecedented transition to work from home (WFM), Microsoft Outlook has come into focus as a security weak point.

    Microsoft 365 has been an important factor for many organizations, helping their employees stay connected and productive while working remotely. Unfortunately, using Microsoft Outlook is directly linked to a higher incidence of data breaches.

    Software company Egress found “that 85% of organizations using Microsoft 365 have had an email data breach in the last 12 months.” In addition, there was significant disparity between the number of data leaks experienced by companies using Outlook, versus those that weren’t.

    Organizations using Microsoft 365 have seen a 67% increase in data leaks via email since March 2020 – compared to just 32% of the businesses who don’t use it. And these aren’t one-off incidents. We also learned that 15% of Microsoft 365 organizations had been breached over 500 times during that same time period.

    Microsoft is already under scrutiny for its role in the SolarWinds breach. This latest report is sure to be an unwelcome one, and will likely increase scrutiny even more.

    In the meantime, organizations that rely on Microsoft Outlook would do well to read the Egress report in its entirety.