Welcome reader to your CybersecurityHQ report.

Headlines

Bob Dyachenko of SecurityDiscovery.com and Cybernews recently discovered the so-called “Mother of All Breaches” (MOAB) — a 1.2 terabyte hoard of 26 billion records containing private information gathered over the course of multiple hacks. The motherlode is spread out over 3,800 folders and contains a nearly comprehensive collection of stolen information from major leaks over the past 10 to 15 years.

Making all of this stolen information available in a single “combo file” is not a new phenomenon, but never before has such an enormous combo file been discovered. It appears likely that the MOAB doesn’t offer up never-before-seen data. Instead, it seems to simply make multiple breaches easily accessible.

In a major first, Italy fined the city of Trento, focusing on how it employed AI in its surveillance of streets. The total fine came out to €50,000 ($54,225) and came along with orders to delete all data gathered in the affected surveillance projects.

The government privacy watchdog GPDP has never sanctioned a city before, but it made headlines in March of last year when it temporarily banned ChatGPT due to its violation of data privacy laws.

After the massive Midnight Blizzard attack on Microsoft, the company is offering new guidance for organizations to better protect themselves against attack, particularly from state-backed operations. It appears that this most recent attack took advantage of legitimate residential IP addresses in their password spray attacks — from there using OAuth apps. It is defending against these OAuth apps that the company is now centering in its guidance.

To mitigate these attacks, Microsoft advised organizations to audit the privilege levels of all identities, review and revoke consent to OAuth apps, enable multi-factor authentication, and monitor for anomalous activity.

Interesting Read

In a new article for Dark Reading, Mark Bowling describes the ever-evolving role of the CISO in light of the SolarWinds hack. This single event has shaken up the cybersecurity industry and put CISOs under unprecedented scrutiny. How can CISOs adapt to the new challenges and expectations of their role?

Bowling discusses the implications of the SEC charges against the SolarWinds CISO, the importance of working at a high-integrity organization, and the need to anticipate changing rules of accountability.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team