CISA: Here's How to Apply this Key Windows Patch Without Breaking Certificate Authentication
CISA now urges to apply a patch that broke logins for users connecting to Windows servers that handle authentication. Read More
HackerOne Employee Accessed Bug Reports to Claim Extra Bounties
The world's biggest third-party bug bounty platform fell victim to an insider threat. Read More
Cybersecurity Leaders are Anticipating Mass Resignations Within the Year - Here's Why
The growing threat of attacks combined with industry skill gaps is leading to sky-high burnout rates among cybersecurity professionals. Read More
US Senators Call for Close Look at TikTok
Reports that individuals in the People's Republic of China have been accessing data on US users. Read More
NATO to Develop Rapid Cyber Response Capabilities
A virtual rapid response cyber capability will greatly increase NATO’s capability to have a more coordinated and effective response to significant malicious cyber activities. Read More
Marriott Confirms Latest Data Breach, Possibly Exposing Information on Hotel Guests, Employees
The group claiming responsibility for the attack said that it stole roughly 20 gigabytes of data, which included credit card information and confidential information about guests and workers. Read More
21% of all HTML Attachments Scanned Over the Past Month Found Malicious: Report
According to Barracuda researchers, malicious HTML attachments are being used for credential phishing. Read More
Cyberattack Shuts Down Unemployment, Labor Websites Across the US
Software maker GSI took systems offline, affecting thousands of people in as many as 40 states. Read More
Near-Undetectable Malware Linked to Russia's Cozy Bear
Palo Alto Networks' Unit 42 threat intelligence team has claimed that a piece of malware that 56 antivirus products were unable to detect is evidence that state-backed attackers have found new ways to go about the evil business. Read More
An Updated Pipeline Security Directive is Underway, Reflecting TSA Struggles
The TSA directives issued after the Colonial Pipeline attack have been widely criticized, but the agency is working with the industry to improve them. Read More
Cybersecurity & Infrastructure Security Agency (CISA) is warning federal agencies and others to patch a Windows flaw from Microsoft's May Patch by July 22nd. This flaw is in Windows’ Local Security Authority (LSA), containing a spoofing vulnerability that allows an attacker the ability to coerce a domain controller for authentication to the attacker using NTLM. After installing the May 10, 2022, Windows update, CISA is encouraging users to monitor for any warning messages and to enable ‘Full Enforcement’ mode on all domain controllers using certificate-based authentication if none are found.
HackerOne, a well-known cyber security platform that many large corporations and parts of the government do business with, has been called out this past month on a recent security breach. According to co-founder Chris Evans, a former employee improperly accessed security reports and then leaked information outside of the HackerOne platform to claim additional rewards elsewhere. This breach in internal data goes to show that any organization can be prone to insider threats.
Get in touch with Chris Kniffin, Corporate Director, to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.