Nearly 1 in 3 CEO Email Accounts Exposed in Breaches, Reveals New Report

These findings are significant and quite noteworthy as these compromised credentials continue to be used for spear phishing attacks and other cyber attacks.  All businesses should be taking the threat of leaked credentials seriously and should leverage mechanisms to monitor for these types of compromises.

https://www.tripwire.com/state-of-security/latest-security-news/ceo-email-accounts-exposed-breaches/

Advertisements

New, Crippling Waves of Ransomware Spread In Russia, Ukraine

Yet another significant ransomware outbreak hit Russia, eastern Europe, and parts of western Europe today.  BadRabbit appears to be a new variant of the Petya/NotPetya variety, and is spreading through local networks attempting to compromise systems using embedded known usernames and notoriously weak passwords.  Files are encrypted as well as the master boot record of the infected machine.  It appears to present itself as a Flash Player update.  This story continues to develop, so beware and monitor your environments closely over the next 24 to 48 hours.

https://www.infosecurity-magazine.com/news/new-waves-of-ransomware-spread/

https://nakedsecurity.sophos.com/2017/10/24/bad-rabbit-ransomware-outbreak/

Google Rolls Out Advanced Protection for High-Risk Users

This is an excellent step forward in the effort to protect sensitive Google data.  U2F is a strong, reliable authentication mechanism and will afford Google more flexibility as this program moves forward.  There are certain limitations with mobile devices and third party applications that will need to be navigated, but if someone finds him or her self in a highly sensitive or high-risk situation, then this is the best security option available to date for the Google email ecosystem.

https://www.infosecurity-magazine.com/news/google-rolls-out-advanced/