Pantropic Newsletter #34

Posted August 10, 2024

by Sarah



 

 




Pantropic Newsletter #34 (July 2024)

Hackers exploit Proofpoint to send millions of phishing emails

 

Millions of deceptive emails are flooding inboxes daily, bypassing trusted security measures. The “EchoSpoofing” campaign has exploited Proofpoint’s email protection platform, leaving organizations vulnerable to sophisticated phishing attacks. By impersonating major corporations like IBM and Coca-Cola, cybercriminals have outsmarted security measures through manipulated email relay settings. This breach exposes the ever-changing landscape of cyber threats, signaling an urgent call for bolstered email security protocols. Experts recommend a multi-pronged defense approach, encompassing regular security audits, staff training on phishing awareness, and cutting-edge email filtering systems. Given email’s status as a prime target for cyberattacks, resilient incident response plans and secure backup solutions are now indispensable for organizations.

(Source: Techmonitor)

LEARN MORE INFO

Microsoft 365 and Azure outage takes down multiple services

 

Businesses worldwide were left paralyzed as a widespread disruption hit Microsoft 365 and Azure services. This global outage exposed the fragility of cloud-reliant operations, affecting critical services like Entra, Intune, and Power Apps. As cloud dependency grows, this outage emphasizes the necessity of comprehensive business continuity planning. IT leaders are encouraged to reevaluate their cloud approaches, potentially adopting hybrid or multi-cloud models to reduce single-point-of-failure risks. The event also stresses the importance of robust offline backups and alternative communication channels to maintain operations during cloud service interruptions.

(Source: Bleeping Computer)

LEARN MORE INFO

Acronis warns of a critical vulnerability in its Acronis Cyber Infrastructure (ACI) solution that is being actively exploited in the wild.

 

Remote attackers can now potentially seize control of entire IT infrastructures due to a dangerous flaw in Acronis Cyber Infrastructure (ACI). This critical vulnerability, already being actively exploited, enables unauthorized access through default password usage. The spectre of data breaches, service interruptions, and financial damage underscores the pressing need for immediate patching and enhanced security protocols. Companies are urged to swiftly apply released patches, perform thorough security audits, enforce strict password policies, and develop comprehensive incident response strategies.

(Source: Security Affairs)

LEARN MORE INFO

Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption

 

Enterprise virtual infrastructures are under siege as ransomware operators exploit a severe vulnerability in ESXi hypervisors. This flaw grants attackers full administrative access, potentially leading to widespread encryption of hosted virtual machines. The exploitation of this vulnerability by various ransomware groups, including those deploying Akira and Black Basta, highlights the evolving sophistication of cyber threats. As ransomware tactics continue to evolve, organizations are advised to promptly apply security updates and implement recommended safeguards against potential data loss and operational disruptions.

(Source: Microsoft)

LEARN MORE INFO

Personal data of 128,000 customers of moneylenders stolen after IT vendor hacked

 

Personal information of 128,000 customers has been exposed in a major data breach affecting 12 licensed moneylenders in Singapore. This security nightmare, caused by a hack on a third-party IT vendor, has resulted in sensitive data being leaked online. This tech nightmare throws into sharp relief the critical importance of solid data protection measures and thorough vetting of external service providers. As the Ministry of Law spearheads investigations, affected moneylenders are alerting customers and bolstering security measures. The breach underscores the imperative for organizations to prioritize data protection and customer privacy to preserve trust and meet stringent data protection regulations.

(Source: Channel News Asia)

LEARN MORE INFO

Critical Cisco bug lets hackers add root users on SEG devices

 

Email security is hanging by a thread as a critical flaw in Cisco Security Email Gateway (SEG) devices allows attackers to gain root access through malicious email attachments. This vulnerability could lead to unauthorized system alterations and permanent service denial. Cisco has issued patches to address the issue, urging immediate updates for affected devices. A layered approach to email security, including regular vulnerability assessments, swift patch management, and sophisticated threat detection systems should be prioritized by organizations following this incident. Experts recommend implementing additional safeguards such as network segmentation and comprehensive logging to mitigate potential impacts.

(Source: Bleeping Computer)

LEARN MORE INFO

Backup and Data Security Solutions

ATEGO® ENTERPRISE

This “white glove” managed service is the next generation secure offsite backup you need right now. We monitor your backups daily, help you troubleshoot any problems, and can assist you with restorations when you need it. Our Data Security Module can perform bi-directional anti-malware scans, content disarm and reconstruction (CDR), and protect your backups with biometric Deep MFA and multi-person workflow, crucial in stopping stolen credential attacks.

CRASHPLAN

Leading desktop and laptop backup solution providing automated and continuous data backup protection with unlimited capacity backup licensing and flexible deployment options. Ensures fast and complete backup and recovery anytime, anywhere.

CROWDSTRIKE FALCON

A next-generation endpoint protection platform using AI and machine learning to effectively stop breaches including true NGAV, endpoint detection and response (EDR), threat intelligence management and automation.

KNOWBE4 

World’s largest security awareness training platform with simulated phishing attacks, educating and empowering employees to strengthen IT security against cybercriminals.

GET IN TOUCH

Facebook

Twitter

LinkedIn

Website

Copyright © 2023 Pantropic Online Pte Ltd. All rights reserved.