My TechDecisions

Search Results: password

Genesis Market

Check to See If Your Organization’s Credentials Were on Genesis Market

Dark web initial access marketplace Genesis Market has been seized, and organizations can check to see if they were compromised.

April 6, 2023 Zachary Comeau Leave a Comment

Genesis Market, online criminal marketplace that advertised and sold packages of stolen credentials that threat actors use to compromise accounts in the financial sector, critical infrastructure and federal, state and local government agencies, has been dismantled by a coalition of international law enforcement agencies. According to a news release from the U.S. Department of Justice, […]

Read More
Passwordless

Bitwarden Releases Beta of Secrets Manager for DevOps Environments

Bitwarden Secrets Manager is a new tool designed to centrally secure and manage sensitive credentials within DevOps environments.

March 29, 2023 Zachary Comeau Leave a Comment

Password manager provider Bitwarden is launching the open beta of Bitwarden Secrets Manager, a new tool designed to centrally secure and manage sensitive authentication credentials within privileged developer and DevOps environments. According to the Santa Barbara, Calif.-based company, the new tool can help development teams working across applications and multi-cloud infrastructures dealing with distributed secrets […]

Read More
My TechDecisions Podcast, zero trust

My TechDecisions Podcast Episode 191: Learnings From the LastPass Breach

Scott Caveza, senior research manager at Tenable, joins the podcast to discuss security lessons we've learned from the LastPass breach.

March 23, 2023 Zachary Comeau Leave a Comment

On this episode of the My TechDecisions Podcast, we discuss the LastPass breach and what IT security teams can learn from it with Scott Caveza, senior research manager at Tenable. Late last month, LastPass revealed that the same threat actor that accessed portions of the LastPass development environment and source code that has forced the company […]

Read More
Cybersecurity Consolidation, cyber readiness

Cyber Readiness Institute Launches Free Cyber Readiness Program for SMBs

CRI has launched a free Cyber Readiness Program to help organizations build stronger cultures of cyber awareness and compliance.

March 22, 2023 Alyssa Borelli Leave a Comment

The Cyber Readiness Institute (CRI) launched new online tools and programs to help small and medium-sized businesses navigate the complexities of cybersecurity and make their organizations less vulnerable to cyberattacks. The New York-based nonprofit works with some of the world’s leading cybersecurity and supply chain experts, global enterprises, and thousands of small and medium-sized businesses […]

Read More
Zero Trust, ZTNA, Netskope

Beyond Identity, Cybersecurity Companies Launch Zero Trust Authentication Push

Beyond Identity and other leading security firms are backing the creation of Zero Trust Authentication, a new subcategory of zero trust.

March 17, 2023 Zachary Comeau Leave a Comment

Passwordless authentication software provider Beyond Identity is launching Zero Trust Authentication, a new subcategory of zero trust technology designed to help organizations move towards secure authentication that advances the zero trust security movement. According to Beyond Identity, several industry-leading security companies are backing the creation of Zero Trust Authentication, including Palo Alto Networks, CrowdStrike, Optiv, […]

Read More
Phishing, Email security

Phishing Remains a Favorite Hacking Tool as New Methods Emerge

New methods such as phone-oriented attack delivery and MFA bypass are making phishing attacks more sophisticated, according to Proofpoint.

March 3, 2023 Zachary Comeau Leave a Comment

Phishing, social engineering, and ransomware remain favorite attack methods of cybercriminals, but threat actors are beginning to shift to newer techniques, such as phone-oriented attack delivery and adversary-in-the-middle phishing proxies designed to bypass multifactor authentication, according to cybersecurity firm Proofpoint. The Sunnyvale, Calif.-based company’s’ State of the Phish report finds that email-based phishing attacks remain […]

Read More
Cybersecurity testing, penetration testing, cyber threats

No Organization Is an Island: How to Protect Against Supply Chain Attacks

To defend against supply chain attacks, organizations need to focus on all three layers of the attack surface: data, identities and infrastructure.

March 2, 2023 Dirk Schrader Leave a Comment

Every organization interacts with other organizations: suppliers, partners, customers, government agencies and more. As a result, you can suffer a breach even though your organization was not directly targeted. For example, adversaries were able to release the infamous NotPetya malware to thousands of companies worldwide by compromising the supplier of a popular accounting software solution. […]

Read More
CISA Software Security

What CISA Learned After Conducting a Red Team Assessment of a Large Critical Infrastructure Organization

CISA obtained persistent access to the organization's network, but security controls like MFA helped thwart further activity.

March 1, 2023 Zachary Comeau Leave a Comment

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a new advisory that describes a CISA red team assessment of a large critical infrastructure organization with a mature cyber posture, with the goal of sharing its key findings to help IT and security professionals improve monitoring and hardening of networks. According to the advisory, […]

Read More
LastPass Breach, Hack

LastPass Hack: Attacker Accessed DevOps Engineer’s Home Computer to Steal Decrpytion Keys

LastPass reveals new information on its ongoing investigation into a security incident, including how a developer's home computer was hacked.

February 28, 2023 Zachary Comeau Leave a Comment

[Editor’s note: This article has been updated to reflect the company’s official statement on the new updates.] The same threat actor that accessed portions of the LastPass development environment and source code that has forced the company since August 2022 to provide updates as new information is revealed, apparently accessed a shared cloud-storage environment obtained […]

Read More
Royal Ransomware

DPRK Ransomware Group Targets Healthcare Sector, Agencies Say

U.S. agencies are warning healthcare organizations and others to be aware of new ransomware activity from a North Korean nation-state group.

February 13, 2023 Zachary Comeau Leave a Comment

U.S. agencies are warning healthcare organizations and other critical infrastructure organizations to be aware of recent activity from a North Korean nation-state ransomware group that is leveraging older vulnerabilities–including Log4Shell– to gain access into victim environments. The advisory from the FBI, U.S. Cybersecurity and Infrastructure Security Agency and other agencies gives an overview of the […]

Read More