Microsoft 365 and Azure outage takes down multiple services
Businesses worldwide were left paralyzed as a widespread disruption hit Microsoft 365 and Azure services. This global outage exposed the fragility of cloud-reliant operations, affecting critical services like Entra, Intune, and Power Apps. As cloud dependency grows, this outage emphasizes the necessity of comprehensive business continuity planning. IT leaders are encouraged to reevaluate their cloud approaches, potentially adopting hybrid or multi-cloud models to reduce single-point-of-failure risks. The event also stresses the importance of robust offline backups and alternative communication channels to maintain operations during cloud service interruptions.
(Source: Bleeping Computer)
|
|
Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild.
Remote attackers can now potentially seize control of entire IT infrastructures due to a dangerous flaw in Acronis Cyber Infrastructure (ACI). This critical vulnerability, already being actively exploited, enables unauthorized access through default password usage. The spectre of data breaches, service interruptions, and financial damage underscores the pressing need for immediate patching and enhanced security protocols. Companies are urged to swiftly apply released patches, perform thorough security audits, enforce strict password policies, and develop comprehensive incident response strategies.
(Source: Security Affairs)
|
|
Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption
Enterprise virtual infrastructures are under siege as ransomware operators exploit a severe vulnerability in ESXi hypervisors. This flaw grants attackers full administrative access, potentially leading to widespread encryption of hosted virtual machines. The exploitation of this vulnerability by various ransomware groups, including those deploying Akira and Black Basta, highlights the evolving sophistication of cyber threats. As ransomware tactics continue to evolve, organizations are advised to promptly apply security updates and implement recommended safeguards against potential data loss and operational disruptions.
(Source: Microsoft)
|
|
Personal data of 128,000 customers of moneylenders stolen after IT vendor hacked
Personal information of 128,000 customers has been exposed in a major data breach affecting 12 licensed moneylenders in Singapore. This security nightmare, caused by a hack on a third-party IT vendor, has resulted in sensitive data being leaked online. This tech nightmare throws into sharp relief the critical importance of solid data protection measures and thorough vetting of external service providers. As the Ministry of Law spearheads investigations, affected moneylenders are alerting customers and bolstering security measures. The breach underscores the imperative for organizations to prioritize data protection and customer privacy to preserve trust and meet stringent data protection regulations.
(Source: Channel News Asia)
|
|
Critical Cisco bug lets hackers add root users on SEG devices
Email security is hanging by a thread as a critical flaw in Cisco Security Email Gateway (SEG) devices allows attackers to gain root access through malicious email attachments. This vulnerability could lead to unauthorized system alterations and permanent service denial. Cisco has issued patches to address the issue, urging immediate updates for affected devices. A layered approach to email security, including regular vulnerability assessments, swift patch management, and sophisticated threat detection systems should be prioritized by organizations following this incident. Experts recommend implementing additional safeguards such as network segmentation and comprehensive logging to mitigate potential impacts.
(Source: Bleeping Computer)
|
|
|
|
Backup and Data Security Solutions |
|
ATEGO® ENTERPRISE
This “white glove” managed service is the next generation secure offsite backup you need right now. We monitor your backups daily, help you troubleshoot any problems, and can assist you with restorations when you need it. Our Data Security Module can perform bi-directional anti-malware scans, content disarm and reconstruction (CDR), and protect your backups with biometric Deep MFA and multi-person workflow, crucial in stopping stolen credential attacks.
|
|
|
CRASHPLAN
Leading desktop and laptop backup solution providing automated and continuous data backup protection with unlimited capacity backup licensing and flexible deployment options. Ensures fast and complete backup and recovery anytime, anywhere.
|
|
|
CROWDSTRIKE FALCON
A next-generation endpoint protection platform using AI and machine learning to effectively stop breaches including true NGAV, endpoint detection and response (EDR), threat intelligence management and automation.
|
|
|
KNOWBE4
World’s largest security awareness training platform with simulated phishing attacks, educating and empowering employees to strengthen IT security against cybercriminals.
|
|
|
|
|