Ghost calls evade Zoom defenses

CybersecurityHQ weekly analysis

Welcome reader to your CybersecurityHQ report

Brought to you by:

👣 Smallstep Secures Wi-Fi, VPNs, ZTNA, SaaS and APIs with hardware-bound credentials powered by ACME Device Attestation

🏄‍♀️ Upwind Security – Real-time cloud security that connects runtime to build-time to stop threats and boost DevSecOps productivity

🔧 Endor Labs – App security from legacy C++ to Bazel monorepos, with reachability-based risk detection and fix suggestions across the SDLC

 📊 LockThreat – AI-powered GRC that replaces legacy tools and unifies compliance, risk, audit and vendor management in one platform

Forwarded this email? Join 70,000 weekly readers by signing up now.

Get annual access to our deep dives, weekly cyber intel podcast report, premium content, AI Resume Builder, and more — all for just $299. Corporate plans are now available too.

Introducing the CISO Access Plan Unlock premium CybersecurityHQ insights at no cost, exclusively for CISOs. Reach out to me to claim your access.

CISO Weekly Briefing: SharePoint Exploitation, FBI Botnet Takedown, and Record M&A Activity

The week of July 31 - August 6, 2025, marked a significant escalation in both the volume and sophistication of cyber threats, with over 300 security incidents reported, representing a 20% increase from the previous week. SharePoint phishing attacks emerged as the dominant threat vector, potentially compromising thousands of services and prompting Microsoft to confirm active exploitation. This coincided with successful attacks on critical infrastructure, including a Chinese state-backed botnet affecting 200,000 devices globally that was subsequently disrupted by the FBI.

The financial impact of these incidents continues to grow, with over 17 million records exposed across multiple breaches including Google, Pandora, and Northwest Radiologists. Supply chain vulnerabilities proved particularly damaging, with a single WordPress plugin compromise affecting over 1 million sites. Meanwhile, the cybersecurity market responded with significant consolidation activity, including 48 M&A transactions in July and $1.17 billion in funding across 41 rounds, signaling strong investor confidence despite the challenging threat environment.

Organizations face immediate challenges from actively exploited zero-day vulnerabilities in SonicWall SSL VPN, Fortinet FortiManager, and Adobe AEM Forms, requiring emergency patching within 24 hours. The convergence of nation-state activities, AI-enhanced attack methods, and traditional ransomware campaigns demands a comprehensive response strategy that balances immediate tactical needs with longer-term architectural improvements.

Critical Developments Requiring Immediate Action:

  • 300+ new security incidents reported (20% increase from previous week)

  • SharePoint phishing flaw exploited affecting thousands of services globally

  • 17M+ records exposed including Google, Pandora, Northwest Radiologists (348K+)

  • 10+ critical zero-day vulnerabilities actively exploited (CVSS 9.5+)

  • Immediate action required: Patch SharePoint, SonicWall SSL VPN, Fortinet FortiManager within 24 hours

Quick Stats Risk Matrix (July 31 - August 6, 2025)

Category

Volume

Threat Actor

Exploitability

Sector Sensitivity

SharePoint Phishing Exploits

🔴 5

🔴 5

🔴 5

🔴 5

Supply Chain (WordPress/Salesforce)

🔴 5

🟠 4

🔴 5

🔴 5

Zero-Days (Fortinet/SonicWall)

🔴 5

🔴 5

🔴 5

🔴 5

Ransomware (Akira/BlackSuit)

🔴 5

🔴 5

🟠 4

🔴 5

AI-Enhanced Attacks

🟠 4

🟠 4

🟠 4

🟠 4

Hardware/Firmware (Dell/D-Link)

🟡 3

🟠 4

🟠 4

🟠 4

State-Sponsored Activity

🟠 4

🔴 5

🟡 3

🔴 5

Credential Theft

🔴 5

🟡 3

🔴 5

🔴 5

Key Risk Insights:

  • Platform vulnerabilities (SharePoint, WordPress) represent the highest immediate risk

  • Supply chain attacks demonstrate cascading impact potential across organizations

  • State actors show increased pre-positioning for potential future conflicts

  • Credential theft surge (800% increase) validates market focus on identity security

Threat Landscape Overview

This week's threat landscape reflected both continuity and evolution in attack patterns. While ransomware groups maintained pressure on healthcare and financial sectors, new attack vectors emerged through trusted platform exploitation. The SharePoint phishing campaign represents a shift toward weaponizing ubiquitous business tools, while the FBI's disruption of a 200,000-device Chinese botnet reveals the scale of pre-positioned infrastructure awaiting activation.

Organizations reported challenges in maintaining patch velocity as the number of critical vulnerabilities requiring immediate attention increased by 67% compared to the previous week. The emergence of "Ghost Calls" C2 techniques using legitimate Zoom and Teams infrastructure demonstrates adversaries' continued innovation in evading traditional security controls. These developments occur against a backdrop of significant market consolidation, with cybersecurity M&A activity reaching 48 transactions in July alone.

Key Messages for Board

Strategic Threat Assessment

Analysis of this week's incidents reveals three primary attack patterns:

  1. Platform exploitation: Adversaries targeting widely-deployed platforms (SharePoint, WordPress, Salesforce) for maximum impact

  2. AI integration: Both offensive tools (GenAI phishing) and defensive capabilities (98% accurate deepfake detection) maturing rapidly

  3. Supply chain focus: Single points of failure creating cascading impacts across thousands of organizations

Market Response

  • M&A acceleration: 48 cybersecurity transactions in July 2025, $1.17B in funding

  • Regulatory enforcement: DOJ's $1.75M settlement with Aero Turbine signals increased compliance scrutiny

  • Government investment: $100M CISA/FEMA grants for state and local cybersecurity enhancement

Business Implications

  • Financial exposure: Projected Q3 impact of $1.4-3B if current trends continue

  • Operational disruption: Average remediation time increasing due to vulnerability volume

  • Compliance requirements: NIST AI framework and quantum cryptography mandates approaching

Critical Incidents This Week

Priority 1: Platform-Level Compromises

SharePoint Phishing Campaign

  • Scope: Thousands of services potentially affected

  • Technique: Exploitation of phishing vulnerabilities for credential harvesting

  • Microsoft response: Confirmed active exploitation, patches in development

  • Business impact: Enterprise-wide data exposure risks

WordPress Supply Chain Attack

  • Scale: Over 1 million sites compromised through malicious plugin

  • Method: Backdoor installation providing persistent access

  • Detection challenges: Many organizations remain unaware of compromise

  • Remediation: Plugin audits and integrity verification required

Salesforce Data Theft (Ongoing from Previous Week)

  • New victims: Google and Pandora confirmed this week

  • Attribution: ShinyHunters extortion group

  • Data exposed: Customer PII, purchase histories, authentication tokens

  • Investigation status: Full victim list still being determined

Priority 2: Zero-Day Exploitation

Critical Vulnerabilities Under Active Attack

Vendor

Product

Vulnerability

Status

Impact

SonicWall

SSL VPN Gen 7

Authentication bypass

Akira ransomware active

Network compromise

Fortinet

FortiManager

API RCE

Mass exploitation

Infrastructure control

Adobe

AEM Forms

Deserialization

PoC public

Web application takeover

VMware

ESXi Hypervisor

Privilege escalation

Ransomware targeting

Virtual infrastructure

Apache

OFBiz

Unauthenticated RCE

Scanning detected

Business process exposure

GitLab

CI/CD Platform

Pipeline execution

Supply chain risk

Development pipeline

Priority 3: Ransomware and Data Breaches

Healthcare Sector Impact

  • Northwest Radiologists: 348,118 records exposed

  • Central Maine Healthcare: Patient information compromised

  • Sector-wide targeting: Akira ransomware via SonicWall vulnerabilities

Financial Services

  • Cryptocurrency theft: $900K+ drained via weaponized smart contracts

  • EvilProxy deployment: MFA bypass targeting financial institutions

  • Okta warnings: Credential stuffing against identity platforms

Other Notable Breaches

  • Chanel: Customer data exposed (Salesforce-related)

  • Denmark energy: Critical infrastructure disruption

  • Cisco.com: Voice phishing exposing user profiles

  • PBS: Employee data leaked on Discord

Priority 4: Nation-State Activity

China Operations

  • 200K-device botnet: FBI disruption of global infrastructure

  • APT41 activity: New backdoor deployment in Southeast Asia

  • Strategic positioning: DHS confirms ongoing critical infrastructure infiltration

Russia Activities

  • BlackSuit ransomware: Healthcare sector targeting continues

  • Secret Blizzard: Moscow embassy attacks identified

  • Sanctions impact: New restrictions on cybercrime groups

Iran and North Korea

  • Defense contractor targeting: Fake job offers for IP theft

  • UNC4899: Continued LinkedIn/Telegram recruitment scams

  • Cryptocurrency focus: Both nations increasing crypto-targeting operations

Priority 5: Emerging Techniques

AI-Enhanced Threats

  • Ghost Calls: C2 via legitimate conferencing platforms

  • ClickFix: CAPTCHA-based malware distribution

  • GenAI phishing: Government impersonation with high success rates

Hardware/Firmware Vulnerabilities

  • Dell ReVault: 100+ laptop models vulnerable to login bypass

  • D-Link devices: Legacy vulnerabilities under active exploitation

  • Android/Qualcomm: Kernel flaws in millions of devices

Financial Impact Analysis

Documented Incidents and Market Activity

Confirmed Financial Impacts This Week

Incident/Activity

Documented Impact

Type

Microsoft Bug Bounties

$17M paid to 344 researchers

Security Investment

CISA/FEMA Grants

$100M allocated

Government Funding

M&A Activity (July)

48 deals, $1.17B total funding

Market Investment

Crypto Smart Contract Thefts

$900K+ stolen

Actual Losses

DOJ Settlement (Aero Turbine)

$1.75M fine

Compliance Penalty

Chinese Hacker Theft

$3.3M (extradited)

Criminal Losses

Major Funding Rounds This Week

Company

Amount

Purpose

Noma Security

$100M

AI Security Platform

Wallarm

$55M

API Security

Cyata Security

$8.5M

AI Agent Security

Dawnguard

$3M

Security by Design

Reach Security

$10M

Exposure Management

Breach Scope Indicators

Organization

Records Exposed

Sector

Northwest Radiologists

348,118

Healthcare

Google

Undisclosed

Technology

Pandora

Undisclosed

Retail

WordPress Sites

1M+ sites affected

Multiple

Chinese Botnet

200K devices

Global Infrastructure

Market Signals

  • Cybersecurity M&A: 48 transactions in July represents continued consolidation

  • AI Security Focus: Multiple AI-focused deals (SentinelOne-Prompt, Cyata funding)

  • Compliance Emphasis: DOJ settlement establishes precedent for PE firm liability

  • Identity Priority: Continued focus following previous week's Palo Alto-CyberArk deal

Strategic Action Framework

Immediate Response (0-24 Hours)

Technical Priorities

  1. Deploy SharePoint security patches and disable external sharing

  2. Emergency patch SonicWall, Fortinet, Adobe systems

  3. Audit and secure WordPress plugin installations

  4. Implement Ghost Calls detection in collaboration tools

  5. Enable enhanced MFA across Salesforce integrations

Operational Requirements

  1. Establish incident command structure with defined escalation paths

  2. Coordinate with CISA on threat intelligence sharing

  3. Prepare breach notifications for regulatory compliance

  4. Engage cyber insurance carriers on potential claims

  5. Communicate with key vendors on security posture

Short-Term Actions (24-72 Hours)

Security Enhancements

  • Deploy AI-powered email security for phishing detection

  • Implement firmware integrity monitoring for hardware

  • Establish continuous vulnerability scanning program

  • Enhanced monitoring for ransomware indicators

  • Third-party risk assessments for critical vendors

Process Improvements

  • Reduce patch deployment time to 12-hour target

  • Mandatory security awareness training on AI threats

  • Update incident response playbooks for platform attacks

  • Establish vendor security requirements framework

  • Create AI security governance structure

Strategic Initiatives (This Week)

Architecture Decisions

  1. Evaluate platform diversification to reduce single points of failure

  2. Accelerate zero-trust implementation timeline

  3. Consider private cloud for sensitive data processing

  4. Implement quantum-ready cryptography pilot

  5. Design AI security testing framework

Investment Priorities

  1. Identity and access management enhancement ($15-25M)

  2. AI security tools and training ($10-15M)

  3. Supply chain security platform ($5-10M)

  4. Incident response capacity expansion ($5-8M)

  5. Compliance automation tools ($3-5M)

Industry Intelligence Update

Cybersecurity M&A Landscape

Major Transactions This Week

Completed Acquisitions

Acquirer

Target

Value

Strategic Focus

SentinelOne

Prompt Security

Undisclosed

AI agent security capabilities

Axonius

Cynerio

$100M+

Medical device security expansion

Commvault

Satori Cyber

Undisclosed

Data and AI security

Darktrace

Mira Security

Undisclosed

Network visibility enhancement

LevelBlue

Trustwave

Undisclosed

MDR services integration

Orange Cyberdefense

Ensec

Undisclosed

Swiss market expansion

Vanta

Riskey

Undisclosed

Third-party risk monitoring

Leonardo

Axiomatics

Undisclosed

Zero trust capabilities

Zurich Insurance

BOXX Insurance

Undisclosed

Cyber insurance services

Notable Funding Rounds

New Investments

  • Dawnguard: $3M pre-seed (AI-driven security by design)

  • Cyata Security: $8.5M seed (Enterprise AI agent security)

  • Wallarm: $55M Series B (API security platform)

  • Noma Security: $100M Series A (AI security platform)

  • Reach Security: $10M seed (Exposure management)

Market Analysis

  • July activity: 48 total transactions, $1.17B in funding

  • Focus areas: AI security, compliance automation, identity management

  • Geographic spread: Increasing international M&A activity

Regulatory and Government Initiatives

Enforcement Actions

  • DOJ settlement: $1.75M fine for Aero Turbine/Gallant Capital for DFARS non-compliance

  • Significance: First major action holding private equity accountable for portfolio company cybersecurity

  • Impact: Increased due diligence requirements for M&A transactions

Government Investment

  • CISA/FEMA grants: $100M for state and local government cybersecurity

  • Focus areas: Threat detection, incident response, resilience building

  • White House crypto report: 166-page framework for digital asset security

  • NATO initiatives: Cooperative Cyber Defence Centre leadership transition

Compliance Evolution

  • NIST AI framework: Draft guidelines emphasizing secure development

  • Quantum mandate: Congressional pressure for accelerated PQC migration

  • Supply chain requirements: Enhanced third-party security obligations

  • International coordination: Increased cross-border regulatory alignment

Intelligence Gaps and Analysis

Confirmed Developments This Week

  • ✓ SharePoint phishing campaign scope and active exploitation

  • ✓ Chinese botnet infrastructure scale (200K devices)

  • ✓ AI-powered attack tool proliferation

  • ✓ Supply chain vulnerability cascading effects

  • ✓ Market consolidation acceleration in cybersecurity

Critical Information Requirements

  • ❓ Complete victim list from SharePoint campaign

  • ❓ Attribution for SonicWall initial exploitation

  • ❓ Timeline for state actor escalation scenarios

  • ❓ Full impact of WordPress plugin compromise

  • ❓ Next-generation AI malware capabilities

Threat Evolution Indicators

  • Attack velocity: Zero-day to mass exploitation <24 hours

  • Scale increase: Single compromises affecting millions

  • Tool sophistication: AI integration becoming standard

  • Target selection: Critical infrastructure pre-positioning

  • Defense gaps: Detection lag averaging 180+ days

Executive Decision Points

Immediate Board Decisions

Today's Priorities

  1. Approve emergency patching protocol with operational impact assessment

  2. Authorize incident response budget increase ($10-15M)

  3. Mandate security review of all SaaS platform integrations

This Week's Strategic Decisions

  1. Platform strategy: Diversification timeline and budget

  2. AI security: Dedicated team formation and tooling

  3. Identity investment: Acceleration of PAM deployment

  4. Quantum readiness: PQC migration roadmap approval

  5. M&A considerations: Security-focused acquisition strategy

Policy Updates Required

  1. Third-party risk management framework enhancement

  2. AI usage and security guidelines

  3. Incident notification procedures

  4. Patch management SLAs

  5. Supply chain security requirements

Security Wins This Week

Successful Defensive Actions

Law Enforcement Victories

  • FBI disrupts Chinese botnet: 200,000 infected devices neutralized globally

  • FunkSec ransomware decryptor: Released publicly, enabling victim recovery

  • International cooperation: Chinese hacker extradited to US for $3.3M theft

  • Google Big Sleep AI: Successfully identifying dormant cyber threats

  • Microsoft bounties: Record $17M paid to 344 researchers for vulnerability discoveries

Industry Defensive Improvements

  • 98% accurate deepfake detection: New AI detector successfully deployed

  • Proton authentication: Free 2FA app with desktop version launched

  • WhatsApp security: New features to identify group chat scams

  • Adobe emergency patches: Rapid response to AEM Forms vulnerabilities

  • CISA/FEMA funding: $100M allocated for state/local cybersecurity

Market Resilience Indicators

  • 48 M&A transactions: Strong market confidence despite threats

  • $1.17B in funding: Continued investor support for security innovation

  • 7 successful funding rounds: Including Vanta at $4.15B valuation

Recommendation Priority Matrix

Traffic Light System for Board Actions

🔴 RED - Critical (Within 4 Hours)

  1. APPROVE emergency patching authority for security team

  2. ALLOCATE $10M for incident response and remediation

  3. MANDATE external sharing restrictions on collaboration platforms

🟡 YELLOW - High Priority (Within 72 Hours)

  1. FUND identity security acceleration program ($25M)

  2. ESTABLISH AI Security Center of Excellence

  3. INITIATE supply chain security assessment

  4. APPROVE enhanced monitoring and detection tools

🟢 GREEN - Strategic (This Week)

  1. REVIEW platform diversification strategy

  2. ASSESS potential security-focused acquisitions

  3. UPDATE risk tolerance and cyber insurance coverage

  4. ALIGN with regulatory compliance requirements

  5. ENHANCE board cyber risk oversight structure

Conclusion and Risk Assessment

The week of July 31 - August 6, 2025, demonstrated both significant challenges and notable defensive successes. While the 300+ incidents and platform-level compromises require immediate attention, the security community's response—including FBI botnet disruptions, rapid vendor patches, and record bug bounty programs—shows effective collaboration between public and private sectors.

Key Takeaways

Positive Developments

  • Strong market confidence with 48 M&A deals and $1.17B funding

  • Successful law enforcement actions disrupting major threats

  • Rapid security vendor responses to vulnerabilities

  • Growing investment in AI-powered defenses

Ongoing Challenges

  • Platform vulnerabilities creating widespread exposure

  • 277% increase in financial impact week-over-week

  • State actors pre-positioning for potential conflicts

  • Supply chain attacks achieving massive scale

Current trends indicate continued pressure on organizational defenses, with adversaries demonstrating increased capability and coordination. However, the security ecosystem's resilience, evidenced by successful disruptions, rapid patching, and continued investment, provides reason for cautious optimism. Success will depend on maintaining the momentum of defensive improvements while addressing fundamental architectural vulnerabilities.

Cyber Threats & Attack Trends

Opinion: AI Agent Security Emerges as the Next Battlefield

This week's M&A and funding activity reveals a clear market pivot: the security industry is racing to address the ungoverned explosion of AI agents operating within enterprise environments. SentinelOne's acquisition of Prompt Security and Cyata's $8.5M seed round both target the same critical gap: autonomous AI systems that "spin up instantly, run in parallel, and take independent actions" without traditional identity controls.

The timing is no coincidence. As enterprises deploy AI agents for everything from customer service to code generation, these non-human entities are creating blind spots that traditional IAM tools cannot address. Unlike human users with defined roles and predictable behaviors, AI agents operate with fluid permissions, ephemeral lifecycles, and the ability to access multiple systems simultaneously. This represents a fundamental shift in the attack surface.

What makes this trend particularly significant is the convergence of AI security with broader market movements. Vanta's $150M raise at a $4.15B valuation, coupled with its acquisition of Riskey, signals that compliance and risk management must now encompass AI governance. Similarly, Dawnguard's "security by design" approach for AI systems suggests the market is moving beyond bolt-on solutions to foundational architecture changes.

The DOJ's $1.75M settlement with Aero Turbine adds another dimension: holding private equity firms accountable for portfolio company security. This precedent will likely accelerate due diligence around AI security postures, making solutions like Cyata's AI agent governance essential for M&A transactions.

The strategic implication is clear: AI security is transitioning from an emerging concern to a board-level imperative. Organizations that fail to implement AI agent governance risk not just breaches, but regulatory penalties and failed M&A deals. The 48 transactions totaling $1.17B in July alone suggest the market is betting heavily on this transition, with early movers positioning to define the standards for AI security in enterprise environments.

CybersecurityHQ: This Week’s Reports Based on Technical Research and Academic Papers

→ Free

  1. How AI-powered malware circumvents multi-factor authentication in enterprise environments 👉 Read the report

→ Pro subscriber-only

  1. KPIs for assessing audit efficiency gains from automated evidence collection 👉 Read the report

  2. Assessing and managing cybersecurity vulnerabilities in strategic partnerships across diverse technology ecosystems 👉 Read the report

  3. Modifying identity governance frameworks to address authentication and security challenges in machine-to-machine communication networks 👉 Read the report

And more inside - check out the full list here.

Cybersecurity Stocks

Cyber Intel Brief: Key Insights from Leading Security Podcasts

This is what you missed in this week’s Cyber Intel Report sourced from top cybersecurity podcasts and webinars, if you haven’t upgraded your membership: 

Belavia Aviation Chaos as Cyber Partisans steal passenger databases causing 80% flight cancellations while manual fallback systems prove utterly insufficient for recovery operations

DoD Cloud Insider Threat emerges through Chinese contractors acting as "digital escorts" with low-wage workers introducing persistent access while nation-states pre-exploit SharePoint at scale

MXDR Revolution Delivers 70% alert reduction through AI Tier 1-2 analyst automation as federated search enables unified visibility while 2-minute deployments democratize enterprise-grade security

And more insights in this week’s full CISO briefing.

Interesting Read

Ransomware Tactics Escalate: Semperis 2025 Risk Report

On July 31, 2025, Semperis released its annual Ransomware Risk Report based on a global survey of 1,500 organizations. The findings highlight a significant evolution in ransomware tactics, moving beyond technical extortion into psychological and legal intimidation.

According to the report, 69% of ransomware victims paid at least one ransom, and 38% were extorted multiple times. Alarmingly, 40% of organizations received threats of physical harm to executives, with the number rising to 46% in the United States. Additionally, 47% were threatened with regulatory complaints as part of the extortion effort.

This shift underscores the increasingly aggressive nature of ransomware campaigns. Attackers are expanding their playbooks to target not only IT systems but also the personal safety of leadership teams and the legal standing of companies.

CISO implications:

  • Update incident response protocols to include executive protection and coercion handling.

  • Ensure legal and compliance teams are prepared to assess and counter regulatory threats.

  • Equip crisis communications teams to manage reputational attacks and extortion claims.

  • Include non-technical threat scenarios in board-level risk briefings.

Fresh From the Field: Security Resources You Can Use

Title

Publisher / Authors

Focus

Access Link

Innovation Law Insights

DLA Piper

Legal and regulatory updates, including new cyber incident reporting rules in Italy.

Read Article

NIST Cybersecurity Insights Blog: Reflections from the First Cyber AI Profile Workshop

NIST

Key takeaways from a workshop on integrating AI into the NIST Cybersecurity Framework.

Read Article

Security and Privacy in the Internet of Everything (IoE): A Review on Blockchain, Edge Computing, AI, and Quantum-Resilient Solutions

MDPI

A review of security challenges in the "Internet of Everything" and solutions using AI, blockchain, and quantum-resilient cryptography.

Read Article

America's AI Action Plan: What's In, What's Out, What's Next

Goodwin

An analysis of the U.S. government's AI Action Plan, focusing on governance and risk management implications.

Read Article

State of Agentic AI Security and Governance 1.0

OWASP GenAI Security Project

An overview of the security and governance landscape for autonomous AI systems and agentic applications.

Read Report

Social Media Highlights

Cyber insurer denies $18.3million ransomware claim. | Steven Swift posted on the topic | LinkedIn

Cyber insurer denies $18.3million ransomware claim. Cites improper MFA configuration. Its unusual for a ransomware claim to be denied. Typically, insurers simply opt not to renew an agreement if your risk posture doesn't align with their risk tolerance. However, if you tell your insurance provider you have MFA in place, and they find out you were breached because the impacted account didn't have MFA in place, you should expect the claim to be denied. This sounds obvious, but I see it ALL THE TIME. One of the first questions we ask when looking over a new client's security posture, is what (and who) does and does not have MFA in place. Followed by whether or not MFA is optional or enforced, and what exceptions are configured. This isn't a problem unique to MFA. There's usually a gap between security controls that are in place on some of the systems, some of the time. And the ideal state, which is all systems all of the time. This is why we validate things in security. Try to configure things correctly, and then check your work. As a side note, MFA alone isn't enough anymore. Yes, it'll meet your insurance requirements. But everyone should be implementing phishing resistant policies to protect against AITM attacks. Without this in place, it's pretty easy for an attacker to trick a user into approving a MFA prompt, and then hijacking the session remotely. One of the more common and effective attacks we're seeing in the wild these days. | 52 comments on LinkedIn

www.linkedin.com/posts/steven-swift-5238956a_cyber-insurer-denies-183million-ransomware-activity-7357165973293944832-VC9S?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAONOooB5j8lxIaRgySmiFL-N020Kx9sCI4

Stay safe, stay secure.

The CybersecurityHQ Team

Reply

or to participate.