Accountability, Article and CSO - Cyber Security Informer

Inactive accounts pose significant account takeover security risks

CSO Magazine

MAY 25, 2023

Inactive and non-maintained accounts pose significant security risks to users and businesses, with cybercriminals adept at using information stolen from forgotten or otherwise non-upheld accounts to exploit active accounts. To read this article in full, please click here

Accountability

Accountability Risk Passwords

CSO's ultimate guide to security and privacy laws, regulations, and compliance

CSO Magazine

JANUARY 28, 2021

CSO's ultimate guide to security and privacy laws, regulations, and compliance Security and privacy laws, regulations, and compliance: The complete guide This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. Health Insurance Portability and Accountability Act (HIPAA).

CSO

CSO Financial Services Consumer Protection Data privacy

DUCKTAIL malware campaign targeting Facebook business and ads accounts is back

CSO Magazine

NOVEMBER 24, 2022

A group of attackers, likely based in Vietnam, that specializes in targeting employees with potential access to Facebook business and ads management accounts, has re-emerged with changes to its infrastructure, malware, and modus operandi after being initially outed a few months ago. To read this article in full, please click here

Accountability

Accountability Malware Phishing

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Critical flaw in AI testing framework MLflow can lead to server and data compromise

CSO Magazine

MARCH 24, 2023

"Basically, every organization that uses this tool is at risk of losing their AI models, having an internal server compromised, and having their AWS account compromised," Dan McInerney, a senior security engineer with cybersecurity startup Protect AI, told CSO. To read this article in full, please click here

CSO

CSO Authentication Engineering Internet

Google rolls out passkey support across accounts on all major platforms

CSO Magazine

MAY 3, 2023

Google has begun rolling out support for passkeys across Google Accounts on all major platforms, adding a new sign-in option that can be used alongside passwords and two-step verification. To read this article in full, please click here

Accountability

Accountability Passwords

Attack campaign uses PHP-based infostealer to target Facebook business accounts

CSO Magazine

MARCH 7, 2023

Over the past year, a group of attackers has targeted Facebook business account owners by spreading information stealing malware through malicious Google ads or fake Facebook profiles. The attack is designed to steal sensitive information, including login data, cookies, and Facebook ad and business account information."

Accountability

Accountability Manufacturing Government Malware

Report: Active Directory Certificate Services a big security blindspot on enterprise networks

CSO Magazine

JUNE 17, 2021

Its public key infrastructure (PKI) component, however, has not received the same level of scrutiny and, according to a team of researchers, deployments are rife with serious configuration mistakes that can lead to account and domain-level privilege escalation and compromise. To read this article in full, please click here

CSO

CSO Passwords Authentication Accountability

4 steps to protect the C-suite from business email compromise attacks

CSO Magazine

OCTOBER 4, 2021

The damage from executive email account takeovers can run into millions of dollars, as recent examples show. The recent SolarWinds attack was bad enough, and now Nobelium, the group responsible, has since launched a campaign of email attacks appearing to originate from USAID after its Constant Contact email account was compromised.

CSO

CSO Phishing Accountability

Researchers show ways to abuse Microsoft Teams accounts for lateral movement

CSO Magazine

MAY 17, 2023

Researchers from security firm Proofpoint investigated how attackers could abuse access to a Teams account and found some interesting attack vectors that could allow hackers to move laterally by launching further phishing attacks or getting users to download malicious files. To read this article in full, please click here

Accountability

Accountability Phishing Risk

Credential stuffing explained: How to prevent, detect, and defend against it

CSO Magazine

MAY 27, 2021

Credential stuffing is the automated use of collected usernames and passwords to gain fraudulent access to user accounts. These credentials fuel the underground economy and are used for everything from spam to phishing and account takeovers. Get the latest from CSO by signing up for our newsletters. ]

CSO

CSO Passwords Data breaches Accountability

New Facebook malware targets business accounts

CSO Magazine

JULY 26, 2022

Helsinki-based cybersecurity vendor WithSecure (formerly F-Secure Business) says it has discovered an operation, dubbed “DUCKTAIL,” that uses social media-based spear phishing attacks to gain access to Facebook Business accounts. Previous attacks targeting Facebook did not target Facebook Business accounts in particular.

Accountability

Accountability Malware Media Phishing

BrandPost: Why a Culture of Awareness and Accountability Is Essential to Cybersecurity

CSO Magazine

DECEMBER 19, 2022

The organizations with the best chance of minimizing threats are those that build and sustain a culture of awareness and accountability. Here are some ways to do that: To read this article in full, please click here

Accountability

Accountability Cybersecurity Phishing Technology

4 ways cybercriminals hide credential stuffing attacks

CSO Magazine

JANUARY 13, 2022

Credential stuffing is a cyberattack in which exposed usernames and passwords are used to gain fraudulent access to user accounts through large-scale, automated login requests. To read this article in full, please click here Attackers are asking: What does it look like to make a legitimate request? How can we emulate that?

CSO

CSO Data breaches Passwords Accountability

Cuba ransomware group used Microsoft developer accounts to sign malicious drivers

CSO Magazine

DECEMBER 14, 2022

Microsoft suspended several accounts on its hardware developer program that signed malicious drivers used by a ransomware group called Cuba to disable endpoint security tools. To read this article in full, please click here In recent attacks, some threat actors have turned to the use of Windows drivers to disable security products."

Accountability

Accountability Ransomware Software

GAO report faults CIOs, OMB for slow adoption of cybersecurity recommendations

CSO Magazine

AUGUST 3, 2021

The US General Accountability Office (GAO) issued the 19-page report , “Cybersecurity and Information Technology: Federal Agencies need to Strengthen Efforts to Address High-Risk Areas” on July 29. Sign up for CSO newsletters. ]. To read this article in full, please click here

CSO

CSO Cybersecurity Government Accountability

Top 7 CIAM tools

CSO Magazine

NOVEMBER 28, 2022

Customer identity and access management (CIAM), a subset of identity access management (IAM), is used to manage authentication and authorization of account creation and login process for public facing applications. To read this article in full, please click here Marketers want to collect data about customers and their devices.

CSO

CSO Data collection Marketing Accountability

The 7 best password managers for business

CSO Magazine

AUGUST 30, 2021

Enterprise-class password managers have become one of the easiest and most cost-effective ways to help employees lock down their online accounts. Sign up for CSO newsletters. ]. Sign up for CSO newsletters. ]. To read this article in full, please click here

Password Management

Password Management Passwords CSO Accountability

Attackers create 130K fake accounts to abuse limited-time cloud computing resources

CSO Magazine

JANUARY 5, 2023

The operation is highly automated using CI/CD processes and involves the creation of tens of thousands of fake accounts and the use of stolen or fake credit cards to activate time-limited trials. To read this article in full, please click here

Accountability

Secrets to building a healthy CISO-vendor partnership

CSO Magazine

MAY 3, 2022

When CISOs fail to maintain positive working relationships with their security vendors they will often see their vendor provide less of a priority on their needs and overall responsiveness can be delayed, and in worst cases they may be flagged as a toxic account that no sales representative wants to be assigned,” he says.

CISO

CISO CSO Cybersecurity Accountability

Who is your biggest insider threat?

CSO Magazine

APRIL 13, 2022

Sign up for CSO newsletters. ]. Murphy, manager of cybersecurity at Schneider Downs, a certified public accounting and business advisory firm, says he once investigated the root cause of a ransomware attack at a company and traced the incident back to a worker who had clicked on an invoice for pickles.

Penetration Testing

Penetration Testing CSO Phishing Passwords

GAO calls out US government agencies: Get your supply chain security act together

CSO Magazine

JUNE 8, 2021

In December 2020, the US Government Accounting Office (GAO) made 145 recommendations to 23 federal agencies relating to supply chain risks. Get the latest from CSO by signing up for our newsletters. ]. Get the latest from CSO by signing up for our newsletters. ]. To read this article in full, please click here

Government

Government CSO Risk Accountability

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

CSO Magazine

MARCH 2, 2023

Booking.com, one of the world's largest online travel agencies, recently patched a vulnerability in its implementation of the OAuth protocol that could have allowed attackers to gain access to customer accounts by simply tricking them into clicking a link. To read this article in full, please click here

Accountability

Accountability Risk

Two account compromise flaws fixed in Strapi headless CMS

CSO Magazine

MAY 19, 2022

Users of Strapi, a popular headless content management system written entirely in JavaScript and focused on API development, should update their installations as soon as possible to fix two vulnerabilities that could lead to administrative accounts being compromised. To read this article in full, please click here

Accountability

Accountability Phishing Passwords Cybersecurity

The Microsoft Exchange Server hack: A timeline

CSO Magazine

MAY 6, 2021

Over the next few days, over 30,000 organizations in the US were attacked as hackers used several Exchange vulnerabilities to gain access to email accounts and install web shell malware , giving the cybercriminals ongoing administrative access to the victims' servers. To read this article in full, please click here

Hacking

Hacking CSO Accountability Malware

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Duo's Security Blog

NOVEMBER 20, 2023

“It took nearly 11 months (328 days) to identity and contain data breaches resulting from stolen or compromised credentials.” – IBM’s Cost of Data Breach Report 2023 I recently came across a 2012 article from CSO Online , and realized that it has been more than 11 years since the phrase “Identity is the new perimeter” was coined!

Threat Detection

Threat Detection Authentication Accountability Data breaches

Meta outlines US involvement in social media disinformation in new report

Security Boulevard

DECEMBER 5, 2022

A report released by Meta’s security team describes the company’s shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military. To read this article in full, please click here. Leer más CSO Online.

Media

Media CSO Accountability

IT asset disposal is a security risk CISOs need to take seriously

CSO Magazine

JUNE 21, 2021

. | Sign up for CSO newsletters. ]. Can you, the CISO, or your team in charge of the ITAD, describe how each device provisioned and issued within the company is tracked, the data on the device is accounted for, and when and how that device is removed from the company ecosystem in a way the company and its customers’ data is protected?

CISO

CISO Risk CSO Accountability

SolarWinds attacker Nobelium targets over 150 companies in new mass email campaign

CSO Magazine

MAY 28, 2021

These efforts recently escalated with an attack launched from a hijacked email marketing account belonging to USAID and targeted around 3,000 people across over 150 organizations in 24 countries. Sign up for CSO newsletters. ]. To read this article in full, please click here

CSO

CSO Government Marketing Hacking

How to reset Kerberos account passwords in an Active Directory environment

CSO Magazine

APRIL 7, 2021

If the KRBTGT account password hash is stolen or broken with an attack, the attackers can then grant themselves full access to your network with the necessary authentication. To read this article in full, please click here (Insider Story) Active Directory (AD) uses the KRBTGT in the AD domain for Kerberos tickets.

Passwords

Passwords Accountability Authentication

AWS access control confusion enables cross-account attacks

CSO Magazine

JUNE 7, 2021

To read this article in full, please click here (Insider Story) Researchers from cloud security firm Lightspin identified quirks in S3 bucket permissions that appear to be a common source of confusion among administrators.

Accountability

Malware disguised as ChatGPT apps are being used to lure victims, Meta says

CSO Magazine

MAY 4, 2023

Since March, Meta has discovered about 10 malware families using AI themes to compromise business accounts across the internet — including social media business accounts — and blocked over 1,000 unique ChatGPT-themed malicious URLs from being shared on its platforms. To read this article in full, please click here

Malware

Malware Media Accountability Internet

Meta outlines US involvement in social media disinformation in new report

CSO Magazine

NOVEMBER 23, 2022

A report released by Meta’s security team describes the company’s shutdown of a network of Facebook and Instagram accounts participating in what it calls coordinated inauthentic behavior, and linking some of those accounts to the US military. To read this article in full, please click here

Media

Media Accountability

How API attacks work, and how to identify and prevent them

CSO Magazine

MAY 21, 2021

In early May, fitness company Peloton announced that it had exposed customer account data on the internet. Anyone could access users’ account data from Peloton’s servers, even if the users set their account profiles as private. To read this article in full, please click here (Insider Story)

Accountability

Accountability Internet Internet

Attacker uses the Azure Serial Console to gain access to Microsoft VM

CSO Magazine

MAY 17, 2023

Financially motivated threat actor UNC3944 is using phishing and SIM swapping attacks to take over Microsoft Azure admin accounts and gain access to virtual machines (VM), according to cybersecurity firm Mandiant. To read this article in full, please click here UNC3944 has been active since May 2022.

Accountability

Accountability Phishing Software Cybersecurity

How to reset a Kerberos password and get ahead of coming updates

Security Boulevard

NOVEMBER 24, 2022

Hopefully that was not the last time I suggested you change it, back in April of 2021, when I urged you to do a regular reset of the KRBTGT account password. To read this article in full, please click here. Leer más CSO Online. read this article in full, please click here. read this article in full, please click here.

Passwords

Passwords CSO Authentication Accountability

Online retailers should prepare for a holiday season spike in bot-operated attacks

Security Boulevard

NOVEMBER 24, 2022

With the holiday shopping season in full swing, retail websites can expect a spike in account takeover fraud, DDoS, and other attacks, including attacks via APIs, which now represent almost half of e-commerce traffic. To read this article in full, please click here. Leer más CSO Online.

Retail

Retail DDOS CSO Marketing

Hacking 2FA: 5 basic attack methods explained

CSO Magazine

JUNE 3, 2021

As Roger Grimes wrote in this article about two-factor hacks three years ago, when MFA is done well it can be effective, but when IT managers take shortcuts it can be a disaster. of compromised accounts did not use MFA at all and only 11% of enterprise accounts are protected by some MFA method.

Hacking

Hacking Accountability Authentication

Guerrilla malware is preinfected on 8.9 million Android devices, Trend Micro says

CSO Magazine

MAY 19, 2023

"The infection turns these devices into mobile proxies, tools for stealing and selling SMS messages, social media and online messaging accounts and monetization via advertisements and click fraud," Trend Micro researchers said in a report presented at the BlackHat Asia conference this week. To read this article in full, please click here

Malware

Malware Cybercrime Mobile Advertising

10 dark web monitoring tools

CSO Magazine

FEBRUARY 21, 2023

It consists of sites that are not indexed by popular search engines such as Google, and the dark web includes marketplaces for data usually obtained as a result of a cyberattack such as compromised user accounts, identity information, or other confidential corporate information. To read this article in full, please click here

CISO

CISO Engineering Accountability

Guardz debuts with cybersecurity-as-a-service for small businesses

CSO Magazine

JANUARY 31, 2023

Guardz automatically enrolls all user accounts upon activation, and monitors risk posture, performs threat detection on all monitored accounts and devices, and offers one-click remediation for some threats. To read this article in full, please click here

Small Business

Small Business Cybersecurity Threat Detection Accountability

Atomic Wallet hack leads to at least $35M in stolen crypto assets

CSO Magazine

JUNE 5, 2023

The five most significant losses account for $17 million. To read this article in full, please click here Think it could surpass $50m. Keep finding more and more victims sadly,” said ZachXBT, in a tweet.

Hacking

Hacking Accountability

Darwinium upgrades its payment fraud protection platform

CSO Magazine

APRIL 19, 2023

Use cases for the Darwinium platform include account security, scam detection, account takeover, fraudulent new accounts, synthetic identities, and bot intelligence. To read this article in full, please click here

B2C

B2C eCommerce Scams Cybercrime

Multi-factor authentication fatigue attacks are on the rise: How to defend against them

CSO Magazine

SEPTEMBER 22, 2022

While enabling MFA for all accounts is highly encouraged and a best practice, the implementation details matter because attackers are finding ways around it. To read this article in full, please click here It's a simple yet effective technique that has become known as MFA fatigue and was also used in the recent Uber breach.

Authentication

Authentication Network Security Accountability

Google Cloud launches Cryptomining Protection Program

CSO Magazine

JUNE 8, 2023

According to Google Cybersecurity Action Team (GCAT) September 2022 Threat Horizons Report , threat actors frequently targeted weak and default passwords to access Google Cloud accounts. Once inside the compromised cloud accounts, they performed cryptomining 65% of the time. To read this article in full, please click here

Accountability

Accountability Passwords Cybersecurity

Inactive accounts pose significant account takeover security risks

CSO's ultimate guide to security and privacy laws, regulations, and compliance

Webinars

Trending Sources

DUCKTAIL malware campaign targeting Facebook business and ads accounts is back

Webinars

Critical flaw in AI testing framework MLflow can lead to server and data compromise

Google rolls out passkey support across accounts on all major platforms

Attack campaign uses PHP-based infostealer to target Facebook business accounts

Report: Active Directory Certificate Services a big security blindspot on enterprise networks

4 steps to protect the C-suite from business email compromise attacks

Researchers show ways to abuse Microsoft Teams accounts for lateral movement

Credential stuffing explained: How to prevent, detect, and defend against it

New Facebook malware targets business accounts

BrandPost: Why a Culture of Awareness and Accountability Is Essential to Cybersecurity

4 ways cybercriminals hide credential stuffing attacks

Cuba ransomware group used Microsoft developer accounts to sign malicious drivers

GAO report faults CIOs, OMB for slow adoption of cybersecurity recommendations

Top 7 CIAM tools

The 7 best password managers for business

Attackers create 130K fake accounts to abuse limited-time cloud computing resources

Secrets to building a healthy CISO-vendor partnership

Who is your biggest insider threat?

GAO calls out US government agencies: Get your supply chain security act together

Booking.com account takeover flaw shows possible pitfalls in OAuth implementations

Two account compromise flaws fixed in Strapi headless CMS

The Microsoft Exchange Server hack: A timeline

A Clear and Present Need: Bolster Your Identity Security with Threat Detection and Response

Meta outlines US involvement in social media disinformation in new report

IT asset disposal is a security risk CISOs need to take seriously

SolarWinds attacker Nobelium targets over 150 companies in new mass email campaign

How to reset Kerberos account passwords in an Active Directory environment

AWS access control confusion enables cross-account attacks

Malware disguised as ChatGPT apps are being used to lure victims, Meta says

Meta outlines US involvement in social media disinformation in new report

How API attacks work, and how to identify and prevent them

Attacker uses the Azure Serial Console to gain access to Microsoft VM

How to reset a Kerberos password and get ahead of coming updates

Online retailers should prepare for a holiday season spike in bot-operated attacks

Hacking 2FA: 5 basic attack methods explained

Guerrilla malware is preinfected on 8.9 million Android devices, Trend Micro says

10 dark web monitoring tools

Guardz debuts with cybersecurity-as-a-service for small businesses

Atomic Wallet hack leads to at least $35M in stolen crypto assets

Darwinium upgrades its payment fraud protection platform

Multi-factor authentication fatigue attacks are on the rise: How to defend against them

Google Cloud launches Cryptomining Protection Program

Stay Connected