Riskigy Cybersecurity & Tech Advisors

Join us in our month-long campaign dedicated to promoting #CybersecurityHygiene and keeping your digital world safe! 🌐🔒 Throughout October, we'll be sharing expert tips, best practices, and essential knowledge to help you: Here are five facts about how Multi-Factor Authentication (MFA) protects accounts from hackers: 🛡️Additional Layer of Security: MFA requires users to provide two or more verification factors to gain access to an account. This means that even if a hacker manages to steal a password, they still need another form of verification, which significantly reduces the likelihood of unauthorized access. 🛡️Mitigates Phishing Attacks: Even if users fall for a phishing scam and reveal their passwords, MFA can prevent hackers from accessing accounts because they would still need the second factor of authentication, such as a text code or a fingerprint. 🛡️Protection Against Credential Stuffing: Credential stuffing involves attackers using stolen passwords from one service to break into other accounts. MFA reduces the effectiveness of these attacks, as the stolen password alone is insufficient for accessing an account. 🛡️Secure Remote Access: With the increasing shift towards remote work, MFA ensures that users accessing company resources from outside the corporate network are indeed who they claim to be. This added layer of verification helps secure sensitive data against unauthorized access. 🛡️Reduces Risks from Weak Passwords: Users often create weak or easily guessable passwords. MFA compensates for this weakness by requiring an additional authentication factor, ensuring that even compromised passwords are insufficient on their own to breach accounts. Implementing MFA is a vital step toward enhancing account security and protecting sensitive information from unauthorized access. ✅ Stay tuned for more updates on our Cybersecurity Awareness Month activities, and don't hesitate to reach out if you have any questions about improving your cybersecurity posture. Riskigy Cybersecurity & Tech Advisors #cybersecurity #riskigy #security #vciso #knowledge #cyberawareness #CybersecurityAwarenessMonth #Cybersecurity #CybersecurityAwareness #CybersecurityTips #CyberSafety #DataProtection #Infosec #PhishingAwareness #SecureOurWorld #SeeYourselfInCyber

⚠️ A former Disney World employee hacked servers after being fired, altering prices, adding profanities, and mislabeling allergy info.  ⚠️ Palo Alto Networks warns of potential PAN-OS RCE vulnerability. An advisory published on Friday, the firm said it doesn't yet have additional information regarding this alleged security flaw and added that it has yet to detect signs of active exploitation. ⚠️ Nokia says hackers leaked third-party app source code. Nokia's investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted. and much more in the Riskigy Cybersecurity & Tech Advisors Cyber Weekly Newsletter for Friday November 8, 2024 ✅ Be sure to check out our latest Blog Post highlight "FBI Issues warning about Fraudulent Emergency Data Requests". Learn how hackers are abusing the poor controls of the EDR system to quickly obtain critical information from tech companies and service providers in urgent situations, bypassing the normal process of obtaining a court order or subpoena. ✅ Subscribe to our alerts and newsletters to stay update on the latest awareness tips, news and alerts from Riskigy to empower your team to #BeCyberSmart #CyberAware  "AN INVESTMENT IN KNOWLEDGE ALWAYS PAYS THE BEST DIVIDEND" - BEN FRANKLIN Riskigy Cybersecurity & Tech Advisors #cybersecurity #riskigy #security #vciso #knowledge #cyberawareness #alert #threatintel #needtoknow #newsalert #infosec #News #NewsUpdate #LatestHeadlines #CurrentEvents #NewsAlert #TopStories #NewsBulletin #NewsNow

DocuSign's API actively exploited to harvest signatures. Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal. ⚠️ The API is meant to help customers automate the sending of documents that need signing, track their status, and retrieve them when signed. ⚠️ Threat actors are using legitimate paid DocuSign accounts abusing the API to send fake invoices that mimic the look and feel of reputable software firms. ⚠️ The API abuse has been going on for a while now, and customers have reported the campaigns many times on the platform's community forums. Here are three key tips to train users to avoid e-signature phishing scams: ✅ Educate employees on common signs of phishing attempts in e-signature emails. ✅Train employees to independently confirm the legitimacy of e-signature requests before taking any action. ✅Instruct users to carefully examine URLs and attachments in e-signature emails before clicking or downloading. By focusing training on these key areas, organizations can significantly improve their employees' ability to detect and avoid falling victim to e-signature phishing scams. Regular phishing simulations and security awareness training are also important for reinforcing these skills. More information from BleepingComputer "DocuSign's Envelopes API abused to send realistic fake invoices" https://lnkd.in/g4VRFdcD

Using on-prem SharePoint? Corporate networks are under attack using a recently patched Microsoft SharePoint bug. This Microsoft SharePoint RCE bug exploited to breach corporate networks is a recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 and is now being exploited to gain initial access to corporate networks. ⚠️ CVE-2024-38094 is a high-severity (CVSS v3.1 score: 7.2) RCE flaw impacting Microsoft SharePoint, a widely used web-based platform functioning as an intranet, document management, and collaboration tool that can seamlessly integrate with Microsoft 365 apps. ⚠️ Third-party backups were also targeted for destruction, but so far the attackers failed in their attempts to compromise those. ⚠️ Microsoft fixed the vulnerability on July 9, 2024, as part of the July Patch Tuesday package, marking the issue as "important." To identify SharePoint systems vulnerable to CVE-2024-38094, companies should take the following steps: ✅ Use vulnerability scanning tools to specifically check for CVE-2024-38094 across your SharePoint infrastructure. Many scanners have been updated to detect this vulnerability. ✅ Identify accounts with Site Owner permissions, as the vulnerability requires these privileges to exploit4. Review if these permissions are necessary and revoke if not. ✅ Check if the July 2024 security updates have been applied to your SharePoint servers. The vulnerability was patched in the July 2024 Patch Tuesday release. More details BleepingComputer "Microsoft SharePoint RCE bug exploited to breach corporate network" https://lnkd.in/gBddBneZ Cybersecurity Is Complex! Riskigy Cybersecurity & Tech Advisors Is Here To Help Riskigy Cybersecurity & Tech Advisors #riafortify #cybersecurity #riskigy #security #vciso #GRC #knowledge #cyberawareness #needtoknow #defender #knowledgesharing #newsalert #threatintel

Check out Riskigy's Cyber Weekly Newsletter and embark on a journey of continuous learning with us. Each week we curate a comprehensive briefing on Security, Tech, and Cybercrime, delivering it straight to your inbox. This Weeks Need-to-Know News and Alerts ⚠️ LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number.  ⚠️ The FBI and the U.S. CISA have disclosed that Chinese hackers breached commercial telecommunication service providers multiple U.S. broadband providers including Verizon, AT&T, and Lumen Technologies in the United States. ⚠️ Microsoft Entra "security defaults" to make MFA setup mandatory. This move is part of the company's Secure Future Initiative, launched in November 2023.  ⚠️ Federal Bureau of Investigation (FBI) is warning of schemes taking advantage of the upcoming U.S. general election to scam people out of their money or personal data. and much more! 🔗 Explore our blog for posts detailing the latest in cybersecurity and technology news, and don't forget to subscribe to stay up-to-date with current trends and events that matter to you. Benjamin Franklin once said, "An investment in knowledge always pays the best dividend." #CyberSecurity #TechTrends #ComplianceRegulations #ContinualLearning #Riskigy #WeeklyNewsletter #KnowledgeShare #Newsletter

As we approach the final week of Cybersecurity Awareness Month 2024 and unleashing the ghosts and ghouls of Halloween, we have released the Cyber Weekly Newsletter for Friday October 25th, 2024 The Latest Terrifying Need-to-Know News and Alerts ⚠️ UnitedHealth says data of 100 million stolen in Change Healthcare breach. In May, UnitedHealth CEO Andrew Witty warned during a congressional hearing that "maybe a third" of all American's health data was exposed in the attack. ⚠️ VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability. The software update addresses an already patched security flaw in vCenter Server that could pave the way for remote code execution. The vulnerability has a CVSS score: 9.8. ⚠️ Fortinet warns of new critical FortiManager flaw used in zero-day attacks. Tracked as CVE-2024-47575 and exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices.  ⚠️ Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack. The vulnerability, tracked as CVE-2024-20481 (CVSS score: 5.8), affects the Remote Access VPN (RAVPN) service of Cisco ASA and Cisco Firepower Threat Defense (FTD). and much more... ✅ Cyberthreats are everywhere, you don’t have to face them alone. Get Cybersecurity & Tech help from Riskigy! Riskigy Cybersecurity & Tech Advisors #cybersecurity #riskigy #security #vciso #knowledge #cyberawareness #alert #threatintel #needtoknow #newsalert #infosec #News #NewsUpdate #LatestHeadlines #CurrentEvents #NewsAlert #TopStories #NewsBulletin #NewsNow #cyberawareness #CybersecurityAwarenessMonth #Cybersecurity #CybersecurityAwareness #CybersecurityTips #CyberSafety #DataProtection #Infosec #PhishingAwareness #SecureOurWorld #SeeYourselfInCyber

We are helping our network embrace their inner Cybersecurity Hero this cybersecurity awareness month. Instead of donning a ghostly sheet or a vampire cape, trade those in and be a Cybersecurity champion against the digital ghouls lurking in the dark web. This Halloween, show off your Cybersecurity Awareness by dressing up as your favorite cybersecurity hero. Embrace your inner cybersecurity superhero this Halloween! #CyberSecurityHero #DigitalDefender #SpookySec #CTRLALTTrickOrTreat #BooToMalware

Your data is as valuable as gold, protecting it from the unseen specters of cyber threats is crucial. Our latest blog post delves into the eerie reality of data breaches within service providers and offers powerful wards to keep your information safe. Don't let your data get caught in the web of digital ghosts! 👻💻 Read now and ensure you're not the next victim of these hauntings. Your digital peace of mind awaits. Click the link to exorcise those data demons! https://lnkd.in/gihqsktB Riskigy Cybersecurity & Tech Advisors #cybersecurity #riskigy #security #vciso #knowledge #cyberawareness #alert #threatintel #needtoknow #StaySafeOnline #InfoSec #ProtectYourData #CyberSecurityAwareness #ThinkBeforeYouClick #OnlineSafety #CyberSmart #SecureYourInfo 

In our latest newsletter, we dive deep into the need-to-know news, alerts, and practical tips that can help you navigate the cyber landscape with confidence. From the newest phishing tactics making the rounds to innovative ways to fortify your passwords, we've got you covered. 🕵️♂️🔐 Why wait for a breach to think about cybersecurity? Proactive protection is the name of the game, and our Cyber Weekly newsletter is your playbook. ✅ Sign up now to stay a step ahead of the hackers and make every click a secure one. Riskigy Cybersecurity & Tech Advisors #CybersecurityAwarenessMonth #BeCyberSmart #StayInformedStaySecure #CyberAlerts #ProtectYourDigitalLife #cybersecurity #riskigy #security #vciso #knowledge #cyberawareness #alert #threatintel #needtoknow #newsalert #infosec #News #NewsUpdate #LatestHeadlines #CurrentEvents #NewsAlert #TopStories #NewsBulletin #NewsNow

October is Cybersecurity Awareness Month, and it's the perfect time to spruce up our password hygiene! Our latest post is a refresher on Password best practices to keep your online world and data safe and sound. ⚠️ Many password breaches happen due to human error. Educating yourself and others about the importance of good password hygiene can go a long way toward enhancing collective cybersecurity. As we celebrate Cybersecurity Awareness Month, it's the perfect time to highlight common password mistakes businesses and individuals make and how to avoid them. Learn more at https://lnkd.in/eptf9DvF Your passwords are the keys to your digital kingdom; guard them well! 🔑🏰 #CybersecurityAwarenessMonth #BeCyberSmart #PasswordProtectors #SecureYourSpace #Riskigy #cybersecurity #cyberawareness #cybersecurityawarenessmonth #NCSAM #cybertraining #cyberthreats #onlinesafety #dataprotection #cyberdefense #digitalsecurity #cyberresilience #passwords #passwordmanagement #NIST