Today CrowdStrike sent the following Tech Alert to our customers: On July 8, 2022, CrowdStrike Intelligence identified a callback phishing campaign impersonating prominent cybersecurity companies, including CrowdStrike. The phishing email implies the recipient’s company has been breached and insists the victim call the included phone number.
The uptick in recent years in cyber attacks by rival state actors, primarily Russia and China but not only, as well as criminal groups, have pushed the US government to step up its effort to defend against these malicious actors. While much of the focus has been on external actors, there has also been an ongoing effort to secure government organizations from internal threat actors. Insiders present a serious risk because they have authorized access to be inside the organization.
Microsoft SharePoint Online is one of the most widely used content management platforms. Unfortunately, Proofpoint recently discovered that threat actors can abuse a feature in SharePoint Online and OneDrive for Business to encrypt all of your files and hold them ransom.
Read also: Google fixed a zero-day vulnerability in Chrome browser, Marriott fell a victim of cyber extortionists, and more.
Many businesses argue that they need to collect information about customers to verify who they are and secure their accounts. However, this is at odds with online privacy advocates, who say organizations are compromising our security by collecting far too much information about us.
Security Operation Centers (SOCs) offer a robust method of ensuring cybersecurity and safety within an organization. Their demand has continued to grow, specifically with a significant rise in cyber-attacks amidst a looming cybersecurity skills gap. However, despite a typical SOC analyst's immense training and knowledge, mitigating the increase in cyber-attacks is no easy job.
What are cloud-native applications? According to the Cloud Native Computing Foundation (CNCF), the term “cloud native” describes systems that are specifically designed to help build and run scalable applications in all cloud environments, including public, private, and hybrid clouds. Cloud-native applications use the attributes of cloud architecture in ways that legacy systems can’t. They don’t need any onsite computing infrastructure and can scale quickly to meet demand.
The WebAuthentication API, or WebAuthn, facilitates secure authentication based on public-key credentials. The idea of passwordless and public-key authentication is not new, but the compatibility and interoperability of various elements in the authentication process were always weak. WebAuthn API aims to solve that problem by bringing the uniform authentication API into web browsers.
Cryptographic Failures are a major security problem. They can lead to data breaches, identity theft, and other serious problems. The Open Web Application Security Project (OWASP) has identified ten major failures. These failures can be divided into three categories: Cryptographic design flaws, cryptographic implementation errors and cryptographic key management.
There is an underlying constant when it comes to creating a strong defense—the more layers of defense in place, the better. Sure, having a single stout wall in place might be strong enough to deter some attackers, but it is simply not enough to counter a foe determined to gain entry. This holds true whether the defender is a castle, sports team, or an organization.
