Robert Fernandes’ Post

The recent Finastra data breach was caused by compromised credentials that allowed unauthorized access to an internal Secure File Transfer Platform (SFTP). This platform was used for exchanging data with select customers, and although the incident was contained quickly, it underscores a major security gap: credential theft. Credential theft remains one of the easiest ways for attackers to bypass sophisticated defenses. Once inside, they can access sensitive systems or data without deploying malware or triggering traditional defenses. What can organizations do to prevent this? 🔒 Adopt multi-factor authentication (MFA): Make it harder for attackers to exploit stolen passwords. 🔑 Implement strong access controls: Limit access based on the principle of least privilege. https://lnkd.in/dBY-vS7G

UPDATE: Nam3L3ss Leaks Millions: Six large companies have had their data leaked (Nokia, BofA, etc.) Hackers affiliated with the Cl0p ransomware gang exploited a vulnerability and stole information from thousands of companies, impacting an estimated 2,800 organizations and nearly 100 million individuals. They even created web websites to leak the stolen data. A self-proclaimed “Data Vigilante” named Nam3L3ss has caused the widespread by leaking millions of employee records online. It's now evident this is the fallout from the major security vulnerability in file transfer software called MOVEit. There's a lot to unpack but the gist is this is the residue of an early major data breach. "Originally, the data was stolen by the Cl0p #ransomware gang after exploiting the MOVEit flaw," while Nam3L3ss is cleaning and leaking the data all over again. https://lnkd.in/gpzmYkfG #auguryit #cysec #breached

Friday thoughts: The Dark Web 😨. Financial scams are on the rise. The dark web is relentless in trying to hack your information without you knowing it. I have a client who recently received emails from identity monitoring services relating to her phone number and social security number were found on the dark web. She has a concern regarding her investments with Wells Fargo Advisors and wanted to know what if any additional measures could be taken to secure her investments. I explained how her investments are protected from a sophisticated cybersecurity team of professionals dedicated to helping protect her personal data and financial assets. The article below 👇👇👇 explains how we do it. If your financial professional doesn't offer a sophisticated cybersecurity team guarding your hard-earned money 24/7......maybe we should have a conversation. Have a great weekend everyone!

🔒 Stop the presses, folks! 🚨 First American drops the bombshell - 44,000 peeps' data was swiped in a gnarly ransomware hit. 💥 Time to batten down the hatches, IT squad! 🔐 🤖 History repeats itself - remember Equifax? We're seeing déjà vu, but let's not hit rewind. Let's learn, adapt, and fortify our defenses! 🛡️ 🧐 Prediction time! Buckle up, Cybersecurity Gurus! This year's cyber landscape promises twists and turns - ransomware on the rise, data breaches lurking, and the battle for secure systems intensifying. Can you hack it? 💻 🔑 Stay vigilant, secure those endpoints, update your defenses, and educate your workforce. Knowledge is power, and in the tech world, it's essential armor! 🛠️ ✨ Let's chat! What's your take on this breach, peeps? Share your insights and battle stories in the comments. Together we're stronger! 💪 #ainews #automatorsolutions #Cybersecurity #DataBreach #RansomwareAttack #TechTrends #StaySecure #CyberSecurityAINews ----- Original Publish Date: 2024-05-29 03:36

Nam3L3ss LEAKS MILLIONS: Six large companies have had their data leaked (Nokia, BofA, etc.) Hackers affiliated with the Cl0p ransomware gang exploited a vulnerability and stole information from thousands of companies, impacting an estimated 2,800 organizations and nearly 100 million individuals. They even created web websites to leak the stolen data. A self-proclaimed “Data Vigilante” named Nam3L3ss has caused the widespread by leaking millions of employee records online, highlighting the fallout from the major security vulnerability in file transfer software called MOVEit. There's a lot to unpack but the gist is this is the residue of an early major breach. "Originally, the data was stolen by the Cl0p hashtag #ransomware gang after exploiting the MOVEit flaw, while Nam3L3ss is cleaning and leaking the data." https://lnkd.in/er-CY8Fm

AT&T confirms legitimacy of leak involving information of 73 million people. Why it matters: 1. This data leak presents a significant risk for identity theft and other fraudulent activities, impacting 7.6 million current and 65.4 million former AT&T customers, underscoring the scale and importance of cybersecurity measures in the telecom sector. 2. The lack of clarity regarding the source of the data, whether it's from AT&T systems or a vendor, raises indices of uncertainty and potentially weak third-party security compliances, urging corporations to reassess vendor security protocols. 3. As AT&T remains a major target, with recurrent breaches in recent years, the growing risks suggest companies must evolve strategies and employ better defense mechanisms to protect customer data, highlighting the recurring challenges and vulnerabilities in safeguarding user information on a large scale. Learn more by visiting The Record from Recorded Future News: https://lnkd.in/e8RUf3a4

Ransomware criminals are escalating tactics in chilling new ways—and executives across industries should take note. Details are reported in the Venture Beat article linked below. Gist of the piece: 1) Christopher Budd, a director at the Threat Response Joint Task Force, advised that “One thing is clear: Attackers are looking not just at technical levers to pull but human levers…” 2) These include tactics such as “Posting sensitive data about executives’ family members. Making prank calls to law enforcement...Snitching on organizations that don’t pay. Scouring stolen data for evidence of enterprise or employee wrongdoing.” 3) “Ultimately, threat actors are “increasingly comfortable” leaking…extremely sensitive data such as medical records (including those of children), blood test data and even nude images.” 4) “Also…they are using phone calls and swatting — that is, making fake calls alleging violence or open shooters at a certain address. This has resulted in at least one death and serious injury.” 5) “In another shift, attackers are now not just locking up data or carrying out a denial of service attack, ‘They’re stealing the data and now they’re looking into it to see what they can find,’ said Budd. For instance, many claim they assess stolen data for evidence of illegal activity, regulatory noncompliance and financial misdoings or discrepancies.” 6) “(A)ttackers also turn the tables on target organizations by reporting them to police or regulatory bodies when they don’t pay up… ‘It may seem somewhat ironic that threat actors are weaponizing legislation to achieve their own illegal objectives,” (Sophos)X-Ops researchers write, “and the extent to which this tactic has been successful is unclear.” 7) “To make themselves appear grassroots or altruistic — and apply further pressure — some cybercriminals are also encouraging victims whose personally identifiable information…has been leaked to ‘partake in litigation’…attackers will name specific individuals and executives that they claim are ‘responsible for data leakage.’ Sophos X-Ops researchers point out that this can serve as a ‘lightning rod’ for blame; cause reputational damage; and ‘menace and intimidate’ leadership.” Dave’s take: The aggressive new tactics of cybercriminals should be on everyone’s radar screen. Who knew that cybergangs had started putting out press releases and giving detailed interviews to unleash reputational damage and criminal investigations in order to shake companies down? The fact that attackers might identify actual bad actors within an company to blackmail the organization really ought to emphasize the need not only for tighter cybersecurity, but also for more robust compliance measures to weed out such vulnerabilities in the first place. https://lnkd.in/gmkKQCQ6

Any organization could fall victim of Cyber Attacks and Data breaches... Could any organization recover? What would it mean to your organization if sensitive data was leaked? Could you recover? Talk to a security expert today so you can prepare and protect yourself from vulnerabilities and cyber criminals. #FYI #TheMoreYouKnow #GTT #DDoS #MDR #SASE #CyberSecurity #telecommunications