top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #122 - November 4, 2024

Cybercriminals Exploit DocuSign APIs to Send Fake Invoices

Source: Infosecurity Magazine

Cybercriminals are exploiting DocuSign's APIs to send realistic-looking fake invoices, bypassing security filters by using legitimate DocuSign accounts. These scams mimic reputable brands, luring victims to authorize payments. Wallarm reports a rise in such attacks, using DocuSign's Envelopes API to scale operations quickly. Recommendations include verifying sender details, enforcing transaction approval steps, and training staff to recognize fraudulent invoices.




Columbus Ransomware Attack Exposes Data of 500,000 Residents

Source: Infosecurity Magazine

A ransomware attack on Columbus, Ohio, has exposed the personal data of 500,000 residents. The Rhysida ransomware group, with alleged Russian ties, claims responsibility and released 3.1 TB of data online after ransom talks failed. Compromised information includes sensitive details like Social Security numbers, driver’s licenses, and bank accounts. Columbus initially downplayed the breach but later confirmed the data exposure, now offering residents free identity protection services.




Google Cloud to make MFA mandatory by the end of 2025

Source: Bleeping Computer

Google Cloud will mandate multi-factor authentication (MFA) for all users by the end of 2025, aiming to enhance account security. The rollout will occur in phases: initial reminders will prompt MFA use, followed by notifications for password-only accounts, and concluding with a universal MFA requirement. This initiative, backed by findings that MFA reduces account compromise risk, includes user-friendly MFA options like passkeys for a smoother adoption.




Cyberattacks hit 1 in 3 SMBs last year

Source: Cybersecurity Dive

Cybersecurity Dive reports that small and medium-sized businesses (SMBs) are increasingly vulnerable to cyberattacks, with about one in three experiencing an incident last year. These attacks include ransomware, distributed denial-of-service, credential theft, and phishing campaigns, often targeting third-party managed service providers. Despite cloud security advancements, SMBs often struggle to implement critical security measures like two-factor authentication and up-to-date governance, leaving them at risk. Increasing cybersecurity awareness and training is seen as essential to reduce these vulnerabilities and enhance resilience among SMBs globally.




Schneider Electric Launches Probe After Hackers Claim Theft of User Data

Source: Securityweek

Schneider Electric is investigating a cybersecurity breach after hackers, calling themselves Hellcat, claimed to have accessed the company’s Jira system, potentially compromising sensitive project data and user records. The attackers are demanding a $125,000 ransom, threatening to leak over 40GB of stolen data if unpaid. Schneider Electric confirmed unauthorized access to an internal project platform but noted its services remain unaffected.



105 views

Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page