Pen Testing:

Are You Sure You Want to Do That?

Join us on September 13th at 2:00 PM EDT

CYBER TIP OF THE MONTH

Is Zero Trust a Solution to Password-Related Risks?

In our August webinar, our cyber experts mentioned that ransomware groups and cyber criminals are focused on evading detection by using valid credentials to gain access to your network.

Cyber criminals have found ways to bypass multi-factor authentication using open-source phishing kits to deploy larger attacks that steal passwords.

While it is a challenge to implement a zero trust policy to 100% capacity, zero trust is a potential option to help with password-related risks. 

When cyber criminals can steal passwords, compromise accounts, and bypass multi-factor authentication, even partial zero trust architecture can reduce access to certain information or parts of your network, and lessen the headache it can take to recover from.

Zero-trust architecture in any capacity requires policies to be set in place, as well as an organizational culture shift and buy-in into the concept and practice of zero trust. That is why it can be a challenge to implement at 100% capacity. But even partial implementational can reduce unauthorized access and eliminate compromised devices.

Our cyber experts provided insights on zero trust architecture on how to adopt it for your organization in our webinar: 

What, Why, and How of Zero Trust Cyber Security. Learn more by downloading it today and watching it on-demand.

Pharming Attacks Surge

Pharming is a form of phishing that is a financially motivated attack by cyber criminals: 

• Can include a fake website
• Asks users to fill out forms and add credentials that can be scraped by criminals
• Provides an item to purchase, and collects financial information until the transaction fails
• Data can be sold and used to transfer money
• Always verify URLs, never respond to emails from unknown senders and use the three-second rule

Chinese Malware Potential 'Ticking Time Bomb'

The U.S. is concerned with potential malware hiding in U.S. critical infrastructure abroad in military operations and elsewhere

• U.S. intelligence says it could affect include water, power and communications on bases and at home
• News comes after Microsoft report two months ago that state-sponsored Chinese hackers infiltrated U.S. critical infrastructure networks
• Read more about the concerns over data privacy and state-sponsored cyber attacks this year in our blog

Second Round of DHS Cybersecurity Funding Available to Local and State Governments

$1 billion fund for State and Local Cybersecurity Grant Program in its second year of a four years span

• All but two states applied for a piece of the first year's $185 million allotment
• Program is overseen by CISA and FEMA
• Potential grantees have until October 6th to submit applications
• SecuLore can assist with the information needed to apply and win the grant

Contra Costa County, CA: 8/10/2023
Ransomware

The California city of El Cerrito is investigating the potential theft of data after a ransomware group added the city’s government to its list of victims.

The LockBit gang added 15 victims to its leak site, including El Cerrito, which is home to more than 25,000 residents and is about 10 minutes north of Oakland.

If you wish to learn more or have concerns about your network please contact us

410-305-0234

info@SecuLore.com

www.SecuLore.com/contact

Do you know someone who would like to receive our emails?
Send them the link below to sign up.
https://www.seculore.com/media/newsletters-cyberalerts