SecureTech Solutions’ Post

2 years ago “almost all AT&T customers” were hacked by using their services. And another hack in 2023. How do they just now notice and disclose? Should you your company or organization need a alternative solution that is actually 3rd party free, provides you data ownership, and Cybersecurity, we are here for you! The old legacy solutions have proven to not provide the safety you deserve, time and time again! https://lnkd.in/eGEw7Git

It's #cybersecurityawareness month once again. In observance, here's a recap of the top cyber incidents the world has seen since 1988... Take note, stay savvy and safe, keep vigilant!

The attack, from a group security firm Volexity calls GruesomeLarch, shows the boundless lengths well-resourced hackers will go to hack high-value targets, presumably only after earlier hack attempts haven’t worked. When the GruesomeLarch cabal couldn’t get into the target network using easier methods, they hacked a Wi-Fi-enabled device in a nearby building and used it to breach the target’s network next door. After the first neighbor’s network was disinfected, the hackers successfully performed the same attack on a device of a second neighbor. GruesomeLarch performed credential-stuffing attacks that compromised the passwords of several accounts on a web service platform used by the organization's employees. Two-factor authentication enforced on the platform, however, prevented the attackers from compromising the accounts. So GruesomeLarch found devices in physically adjacent locations, compromised them, and used them to probe the target’s Wi-Fi network. It turned out credentials for the compromised web services accounts also worked for accounts on the Wi-Fi network, only no 2FA was required. Adding further flourish, the attackers hacked one of the neighboring Wi-Fi-enabled devices by exploiting what in early 2022 was a zero-day vulnerability in the Microsoft Windows Print Spooler. The 2022 hack demonstrates how a single faulty assumption can undo an otherwise effective defense. For whatever reason—likely an assumption that 2FA on the Wi-Fi network was unnecessary because attacks required close proximity—the target deployed 2FA on the Internet-connecting web services platform (Adair isn’t saying what type) but not on the Wi-Fi network. That one oversight ultimately torpedoed a robust security practice. #APT https://lnkd.in/eqfiFrC6

My latest contribution to the Cybersecurity Today week in review and it's a barn burner. On ransomware actors who turn tail and do exit scams: "...essentially these are little cockroaches, though. They just scurry they hide and then they reform and they come back again a rebranded group." On cyber chaos theory: "cyber chaos theory … We presume with great arrogance that we have control over increasingly complex opaque systems or systems-in-systems..." https://lnkd.in/eA88U--Y

‘Lack of proper security’ at Hackney Council led to 2020 cyber attack, UK data watchdog finds https://lnkd.in/eW7ERBTt Is your business prepared for a cyber attack? Speak to our friendly team to see how you can mitigate the risk 📞 0117 900 5000 #CyberAttacks #BusinessRisks

Systems are only as strong as the weakest links. At a foundation level, Cyber Security starts with Governance and Management of Principles, Policy, People, Processes, and Procedures, which then flows onto the technology and strategy. Not the other way around. https://lnkd.in/gX-GHDJr

 Imagine this: the very tools you trust to protect you online—your two-factor authentication, your car’s tech system, even your security software—turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn’t fiction; it’s the new cyber reality. Today’s attackers have become so sophisticated that they’re using our trusted tools as secret pathways, slipping past defenses without a   trace. For banks  , this is especially alarming. Today’s malware doesn’t just steal codes; it targets the very trust that digital banking relies on. These threats are more advanced and smarter than ever, often staying a step ahead of defenses https://lnkd.in/giSDDZsF

CrowdStrike's recent event on July 19th has sparked discussions within the cybersecurity community. The incident raises questions about whether it was a system glitch or a hacking incident? With big players like CrowdStrike and Microsoft involved, the oversight of testing a driver update before deployment came as a surprise due to their renowned quality control practices. Additionally, the discovery of a Sys file referencing a non-existent address in the stack pointed to potential malicious activities, (a tactic commonly used by hackers to exploit privileged accounts through memory manipulation) These developments have attracted attention, especially with the group USDOD now involved in sharing crucial updates. What do you think ? Another exploit of Trusted Supplier or Still quality control issue Stay informed on the latest cybersecurity news by checking out the details here: https://lnkd.in/dmMTvmhf

Defending Against Hackers in the Public Sector Is a Different Beast https://lnkd.in/eGm6PAUT The general perception of hackers is that they’re Mr. Robot-esque renegades who utilize futuristic technologies in order to single-handedly take down monolithic foes, like multinational corporations or entire governments. The reality is more mundane. Most malicious actors choose the path of least resistance, such as straightforward phishing attempts, in order to acquire credentials that grant them network access. Simple tactics work, so if it ain’t broke, don’t fix it. There is one area, however, where sophisticated hacks are more common: the public sector. The value of public sector data Public sector data, from citizen records to national security intelligence, isn’t […]