Weekly Cybersecurity Executive Brief

juin 8, 2024 Mourad ELGORMA

Join us every Wednesday for an exclusive session with Cory Wolff, the Director of Offensive Security at risk3sixty. As a seasoned cybersecurity leader, Cory brings a wealth of expertise to the table, offering more than just information – he delivers actionable insights vital in strengthening your organization against ever-evolving threats.

What you can expect:

– Weekly videos diving into recent breaches, regulations, and industry trends
– Actionable takeaways to strengthen your security programs
– Executive summaries for easy communication with stakeholders

Penetration Testing ROI Calculator: https://risk3sixty.com/whitepaper/penetration-testing-roi-calculator

Week of May 26 Ransomware Stats: https://www.linkedin.com/posts/corywolff_ransomware-infosec-cybersecurity-activity-7203367235787091968-BDWC

Microsoft Recall Security Exposures

Executive Summary:

Microsoft’s new Recall feature in Windows 11 Copilot+ PCs aims to enhance user experience by keeping a comprehensive record of all PC activities. However, security experts are concerned about potential risks, as Recall can store sensitive data like usernames and passwords without redaction. Despite assurances that data is processed locally and protected by encryption, flaws in implementation allow easy access to this data, raising privacy concerns. As Microsoft emphasizes security, addressing these issues is critical before Recall’s full deployment.

Additional Reading:

https://arstechnica.com/ai/2024/06/windows-recall-demands-an-extraordinary-level-of-trust-that-microsoft-hasnt-earned/

https://doublepulsar.com/recall-stealing-everything-youve-ever-typed-or-viewed-on-your-own-windows-pc-is-now-possible-da3e12e9465e

Snowflake Instances of Ticketmaster, Santander Bank Involved in Security Incident

Executive Summary:

Over the weekend, Snowflake denied responsibility for the recent data breaches affecting Ticketmaster and Santander Bank, which exposed sensitive information of over half a billion customers. While Snowflake found evidence that a threat actor accessed a demo account of a former employee, it emphasized that no vulnerability or breach of its platform was involved. Snowflake urged organizations to enforce multi-factor authentication, restrict network policies, and rotate credentials. Despite Snowflake’s statements, research firm Hudson Rock suggested the breaches stemmed from a single hack involving Snowflake, which Snowflake’s CISO Brad Jones refuted.

Additional Reading:

https://www.informationweek.com/cyber-resilience/-it-wasn-t-me-snowflake-denies-attack-responsibility-admits-hack-of-former-worker

https://www.bleepingcomputer.com/news/security/shinyhunters-claims-santander-breach-selling-data-for-30m-customers/

Views : 43
cyber security

Source by risk3sixty