Managing the API attack surface is an arduous task and API exploitable vulnerabilities are an easy target for cybercriminals.Unsecured APIs act as a conduit for threat actors to gain access into underlying network systems and sensitive PII data and to laterally move through those network systems.
Join us for our webinar on July 12 at 2 PM ET to learn how to protect your network from cyber attacks on vulnerable APIs.
Last week we talked about how inactive accounts, especially of former employees who had access to data and other files could be very dangerous targets.
Every organization should have an official cybersecurity offboarding process. This prevents outside cyber attacks on compromised accounts as well as potentially stopping insider threats from ex-employees as well.
A recent survey found that 50% of ex-employees still had access to corporate apps. Even if there is no real insider threat from one of these ex-employees, this could still make them a target for a cyber attack on your company with very minimal social engineering needed.
Here are some cybersecurity employee offboarding processes to consider and the benefits:
Deactivating all accounts and access
Could also include transferring access and passwords to all accounts to another person in the organization
Forward all emails to existing or company address
Inventory and return of all company equipment that accesses any data or information
Closing accounts and emails can shut down access easily and could prevent password spraying types of attacks so if an ex-employee has their account compromised at a new organization, the cyber criminals can't use the same password on old accounts, in the case the employee used the same password at their new company, which isn't uncommon.
By deciding to transfer the email or any access to accounts to an existing employee or a company email or account would allow you to use two-factor authentication and get a notification if the employee or someone else was trying to access the login.
However, MFA can be bypassed and any inactive accounts can be easily targeted with minimal social engineering effort. Gaining visibility into your network and attack surfaces is crucial to monitor activity if your network is compromised. Learn more about the important of network monitoring from SecuLore!
On May 23, Microsoft disclosed that there was a Chinese state-sponsored hack on the U.S. Navy.
The Secretary of the Navy confirmed that the U.S. Navy "has been impacted" by the cyber attacks but didn't provide further detail
Microsoft, the NSA and CISA issued warnings to the corporate and public enterprises that a "sophisticated Chine-state backed hacking group successfully exploited a vulnerability in a popular cybersecurity suite."
The group is codenamed "Volt Typhoon" and the exploit affects critical cyber infrastructure across a range of industries, according to Microsoft.
Clinic Goes Offline After Alleged Cyber Attack
An Oklahoma allergy clinic had to close in early May due to an alleged cyber attack.
The clinic claims it was hit by a cyber attack and shut its doors, claiming it was locked out of everything including email, phones, electronic medical records and social media
A doctor at the clinic claimed even a pre-paid cell phone was compromised
At the time, the Oklahoma FBI claimed there was no formal report of a cyber attack from the allergy clinic
Payment Software Hit With Second Ransomware Attack
A payment software company suffered a second ransomware attack in 2023.
The ransomware group that hit the payment software company calls itself "RansomHouse"
The leaked super sensitive information that included NDAs, employee payroll information, bank account numbers, and other system login details
They also revealed answers to security questions for cloud accounts
Analysis showed that passwords employees used were weak, using the company name and the word 'password' in deviations
A cyber attack in Dallas by the group Royal Ransomware took down the Dallas Police Department website with a number of servers compromised with ransomware throughout the city. The city continues to recover and restore access to its computer-assisted dispatch system, while the city's municipal court system remains offline, causing court hearings and trials to be suspended.
There were over 1,900 devices in police and fire vehicles that needed to be reviewed.
If you wish to learn more or have concerns about your network please contact us
Our social media pages are dedicated to cybersecurity issues currently impacting public safety. We'll keep you up to date on the latest stories, news, and tips for 9-1-1.
Follow Us!
SecuLore Solutions, LLC, 2288 Blue Water Blvd, Suite #329, Odenton, Maryland 21113, United States, (410) 305-0234