Identity is Security: The Perfect Storm

Another week down and many headlines to get through.  Even though we monitor cybercriminals daily, we’re always surprised when they step to a new low. This week, as many in the US are facing massive devastation, the criminals are jumping in to take advantage. Dozens of domains related to Hurricane Florence were registered within days of the storm, using terms like “funds” and “compensation.”  Whatever can be exploited will, and you can bet that there are cybercriminals waiting for their opportunity. With hurricane season just starting, this is a great time to raise the flag.

Speaking of vulnerabilities, Adobe Acrobat issued an unscheduled update this week addressing seven vulnerabilities. With such a widely used software, not patching could have wide-reaching consequences.

As for the weekly cyberattacks, breaches and data exposures, there is never a dull moment. This week, six years’ worth of customer records were exposed on a payment system that manages online payments for states and government agencies, with as many as 14 million records exposed. A marketplace was discovered selling access to thousands of breached websites, ranging from retail to healthcare, to help them execute on a number of malicious activities like spam campaigns and cryptocurrency mining.

And finally, we close out this week’s news round-up with a great conversation with Duo Security’s Director of Advisory CISOs, Wendy Nather. You may hear the term “zero trust” coming up more and more, and she helps clarify what that means in this week’s episode of Mistaken Identity.