The spread of the remote workforce and the growth of digital transformation has exponentiated the number of login-based attack vectors. While multi-factor authentication (MFA) generally protects against common methods of gaining unauthorized account access, not all multi-factor authentication methods can defend against sophisticated attacks. To achieve full zero-trust access, MFA is being replaced by phishing-resistant MFA and the standards that define it.

People who don’t have a password manager often struggle with forgetting their passwords and having to reset them when attempting to log in to their online accounts. This is frustrating, time-consuming and leads to a loss in productivity. A password manager enhances your productivity since it remembers passwords for you, aids you in generating strong passwords and autofills your login credentials, saving you time to focus on more important tasks.

Digital transformation has reached all sectors, including non-governmental organizations (NGOs). These organizations have now become more dependent on technology to improve their ability to deliver and scale programs, engage with beneficiaries, and ensure an agile response to populations in need. Although this transformation delivers many benefits for NGOs, it has made them a viable and attractive target for cybercriminals.

In a previous memo, I mentioned the discovery, made by researchers at Kaspersky, of an active campaign carried out by an advanced threat actor since 2021, targeting multiple organizations in the regions of Donetsk, Lugansk, and Crimea. One of the noteworthy aspects of this campaign was undoubtedly the usage of a new backdoor, called PowerMagic, characterized by the exploitation of the popular cloud storage services, Dropbox and OneDrive, as the command and control infrastructure.

The US Cybersecurity and Infrastructure Security Agency (CISA), FBI, and others have issued a joint alert, advising organisations of the steps they should take to mitigate the threat posed by BianLian ransomware attacks. BianLian, which has been targeting different industry sectors since June 2022, is a ransomware developer, deployer and data extortion group which has predominantly targeted enterprises.

NextGen Healthcare is an Atlanta-based healthcare services company that helps hospitals and health practices manage health record data electronically. The company was founded in 1973 and manages data for millions of different patients throughout the United States. With so many patients relying on the same service, this company is a huge security vulnerability since it suffered from a major data breach.

Major data breaches seem to be occurring more and more frequently, and we have some huge names on the list of impacted companies this week, including the US Government, Toyota, and Intel. We were also concerned with services in our hospitals and our schools being breached, giving up patient, student, and teacher data in the process through the breach of companies like SchoolDude and NextGen Healthcare.

Inquisitive minds are curious and seek out new knowledge, asking questions that will receive detailed answers. Anyone who considers themselves inquisitive should avoid the “Dark Web” or approach with extreme caution. The Internet is more complex by the hour, with nearly two billion websites and growing, the average user accesses only about ten percent of this massive resource.