top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #65 - October 2, 2023

Attackers Exploit SQL Server to Penetrate Azure Cloud

Source: Data Breach Today

Microsoft says it spotted an unusual hacking campaign in which hackers attempted to move laterally through the Azure cloud after compromising a virtual SQL server. It marks the first time that cyber defenders for the computing giant have seen a lateral movement attempt in the Azure cloud with SQL Server as the starting point, the company said in a Tuesday blog post.




Ransomware Actors Exploit Critical Bug, Target DevOps Tool

Source: Info Risk Today

Multiple Organizations Victimized Over the Weekend. Ransomware hackers are using a critical flaw in a DevOps tool days after developer JetBrains issued a critical security update to patch its TeamCity build management and continuous integration server.




CISA, NSA Publish Guidance on IAM Challenges for Developers, Vendors

Source: Security Week

Released half a year after guidance for IAM administrators and mainly intended for large organizations (though it serves smaller businesses as well), the new publication – named Identity and Access Management: Developer and Vendor Challenges (PDF) – focuses on best practices to help organizations reduce the impact of threats to IAM.


The document details techniques that threat actors commonly use, such as creating new accounts for persistence, taking over employee accounts, exploiting vulnerabilities to force authentication, creating alternative entry points, compromising passwords, exploiting default credentials, and obtaining access to systems to obtain stored credentials.




Firm Notifies Patients of 55 Health Practices of MOVEit Hack

Source: Data Breach Today

Arietis Health, a revenue cycle management vendor is notifying patients of 55 healthcare practices across several states that their sensitive health and personal information has been potentially compromised in a hack of Progress Software's MOVEit file transfer application.




Google, Yahoo Boosting Email Spam Protections

Source: Security Week

Google and Yahoo on Tuesday announced a series of new requirements meant to improve email phishing and spam protections for their users. Starting with the first quarter of next year, both email service providers will require that bulk senders first authenticate their emails using industry best practices, which should improve users’ trust in the source of messages.




Group Claims It Stole 2.5 Million Patients' Data in Attack

Source: Info Risk Today

Ransomware-as-a-service gang Alphv/BlackCat claims to have stolen 6 terabytes of data on 2.5 million patients in a recent attack on Michigan-based McLaren Health Care, which operates 13 hospitals and dozens of other medical facilities, including a network of cancer centers.



94 views

Comments


Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page