Why do Hackers Target Law Firms? – Here’s an Example
Over the years I think many firms have started to understand that and taken steps to improve their own security posture.
And then along comes a story like this.
Will Microsoft Start Un-bundling M365 Licenses?
If Teams bundled with Office is anti-competitive, what other tools available in M365 could likewise be considered anti-competitive?
We await the results of the EU investigation.
Another Reminder of Failing to Train – Kids and Social Media
Why did we think anything on the public internet was a place to let kids roam with no training?
Linked: DNA testing firm discloses data breach affecting 2.1 million people
There is an obvious question here, right?
Why do you still have this database sitting around?
Seriously, why? Either you’re telling the truth and you have a vulnerable system sitting out there that you’ve never even used, or you have been using it and you’re lying to save face now that data has been breached. Neither one makes you look particularly good, does it?
Linked: Over 1 million GoDaddy WordPress accounts breached
The breach of the WordPress credentials is bad, as is the sFTP credentials. Sure, if you are still using the same WordPress password that GoDaddy assigned to you when you started the account, you really need to step up your game.
WordPress is an inviting target, because getting admin access to a WordPress install, or really any other content management system, makes it super easy to lock out the original owner and inject anything you want into the site. Want a place to spread malware in drive-by injections? Nothing like an already existing, and maybe even trusted, WordPress site, eh?
Linked: Federal Law Won’t Protect Your Organization from Bad User Access Control Practices
If you’ve seen references to a court ruling sort of redefining the Computer Fraud and Abuse Act recently, or even if you haven’t, this paragraph from the folks at McGuire Woods boils down the real life implications pretty well.