💡

"Gives me everything I need to be informed about a topic" - __UK.Gov__

Table of Contents

1. Behind the Scenes in the Dark Web: Monitoring Your Digital Footprint

2. The Quirky World of Third-Party Data Security: Outsourcing your Anxiety

3. Farewell, Old Friend: When Software Calls it Quits

4. The Curious Case of the Army Hacker: When One Soldier Takes on Telecom Giants

5. One Mikro Typo: The DNS Misconfiguration Havoc

6. The Great Escape: When 2FA Isn't Enough

Sign up for CISO Intelligence.

21st century industry insights for the modern CISO

It won't hurt, I promise.

Email sent! Check your inbox to complete your signup.

No spam. Unsubscribe anytime.

Behind the Scenes in the Dark Web: Monitoring Your Digital Footprint

_Just because you're paranoid doesn't mean they aren't after you._

What You Need to Know

Dark web monitoring is not just a glossy clickbait term; it's a critical component for any board or executive management group pondering their organization's cyber security strategy. Hiding from prying eyes are nefarious marketplaces and databases trading sensitive information - possibly even yours. The urgency? Immediate. Uncontrolled data breaches lurk gloomily on the horizon, threatening reputational harm and financial drain. Your action is a decisive one: prioritise dark web monitoring in your organization's cyber defense portfolio to safeguard against sneaky leaks and errant data exposures.

CISO focus: Data Protection & Threat Intelligence

Sentiment: Positive

Time to Impact: Immediate

*

The Dark Underbelly of the Internet: Why Dark Web Monitoring is Essential

In the vast depths of the internet, beyond the neatly indexed pages of the World Wide Web lies the enigmatic and often menacing realm known as the dark web. Renowned for its cloak-and-dagger operations, this part of the internet is where many illicit activities occur, including the sale of personal and corporate data. For many companies, understanding and monitoring the dark web is not just necessary—it's urgent. This article explores what dark web monitoring entails, its importance, and the benefits it offers for proactive cyber security.

Unearthing the Dark Web

The dark web is a part of the internet that cannot be accessed through traditional search engines. It requires specific software, configurations, or authorization to navigate. Often stigmatized for being a haven for illicit activities including drug trafficking, weapon exchanges, and the sale of stolen data, the dark web is a double-edged sword for companies. While it drives nightmares for compliance teams, it is also a critical source for discovering possible data breaches and threats targeting your organization.

What is Dark Web Monitoring?

Dark web monitoring involves scanning various dark web data repositories for information related to your company. It flags sensitive company data that appears on illicit forums, chat rooms, and marketplaces. While it might sound like a plot point from a spy novel, dark web monitoring provides you with advanced notice. This early warning allows for strategic, pre-emptive measures—helping prevent data breaches before they manifest significant harm.

Scope of Monitoring : Includes detection of compromised credentials, intellectual property, personal identification information (PII), customer details, and other sensitive data.

Access Strategies : Utilizes specialized tools and manual tuning by experts who trace mentions of your company on the dark web.

Why Companies Need Dark Web Monitoring

1. Prevent Unauthorized Data Exposure : Rapidly identifies any stolen credentials, enabling timely response.

2. Monitor Brand Reputation : Discovers and mitigates reputational risks before they escalate.

3. Fraud Prevention and Financial Security : Shields against misuse of sensitive financial information.

4. Enhanced Customer Trust : Illegal data exposure of customers’ information is limited, maintaining customer confidence.

CISO Attention: The Essential Role of Dark Web Monitoring

Today's CISO must include dark web monitoring within the cyber security architecture to maintain a robust defense strategy. By understanding the communication channels of cybercriminals and knowing how your data might be exploited, it's possible to minimize the window of vulnerability between breach and response.

In Practice: Integrating Dark Web Monitoring

The implementation of dark web monitoring requires the installation of advanced threat intelligence systems and collaboration with skilled cybersecurity analysts. Once established, monitoring systems offer real-time alerts, giving businesses a valuable head start on cybercriminal activities.

In Summary: Illuminate the Shadows

Thinking you're safe in the digital world without dark web monitoring is akin to playing chess without seeing half the board. As cyber threats loom ever larger, integrating dark web monitoring helps provide visibility into the clandestine corners of the digital universe, ensuring fewer surprises and greater control over your company's data and reputation.

*

Vendor Diligence Questions

1. What specific methodologies do you use to search and monitor the dark web for potential data breaches?

2. How frequently do you update your threat intelligence to ensure its current relevance?

3. Can you provide concrete examples of previous successful interventions using your dark web monitoring solutions?

Action Plan

1. Evaluation : Conduct an audit to assess current vulnerabilities and risks related to potential data exposures on the dark web.

2. Vendor Engagement : Liaise with potential dark web monitoring vendors, examining their methodologies and success stories.

3. Integration : Integrate a chosen dark web monitoring solution into your company's cybersecurity infrastructure, ensuring regular updates and alerts.

4. Training : Educate your security and IT teams on utilizing dark web intelligence in threat detection and response strategies.

5. Review and Update : Schedule quarterly reviews to assess efficacy and refine strategies to adapt to evolving threats.

*

Source: What is Dark Web Monitoring? Definition + Benefits | UpGuard

The Quirky World of Third-Party Data Security: Outsourcing your Anxiety

_The only thing scarier than unsecured data is how many people won't follow the guidelines to secure it._

What You Need to Know

The increasing integration of third-party vendors in business operations has elevated concerns regarding data security. High-profile data breaches originating from vendor networks are on the rise. As board members and executive managers, you must first understand the ramifications of these breaches on your company’s reputation and financial health. Implementing a robust third-party risk management protocol is non-negotiable. Immediate actions should include revising vendor contracts to ensure compliance with data protection standards and leveraging cybersecurity frameworks to evaluate potential risks.

CISO focus: Third-Party Risk Management

Sentiment: Negative

Time to Impact: Immediate

*

How to Transform Third-Party Data Liabilities Into Fortified Assets

In an era where outsourcing has become essential for many business functions, managing third-party data security is a critical challenge. Companies increasingly rely on external partners for everything—from supply chain logistics to cloud services. But this convenience comes with risks, as these partners often have access to sensitive data. In a world sounding alarms on the rising scandals of data breaches, it’s paramount to handle these relationships with care.

The Pressing Concern: Breaches from Outsiders, and Not in a 'Friendly Neighborhood' Way

The need for stringent third-party data protection measures is no longer merely aspirational; it is essential. High-profile data breaches, like those experienced by giants such as Target, which suffered due to lapses within its vendor network, underscore the immediate necessity for a comprehensive strategy. As reported by Cyber Security Hub, third-party breaches account for more than half of all data breaches. These incidents not only damage reputations but also endanger customer trust and lead to significant financial penalties.

The Burgeoning Risk Management Strategy: Definitions and Terms

Crucially, third-party risk management isn’t just about hashing out a checklist of compliance issues—it's about embedding a culture of security. It starts with understanding the key players involved:

Third-Party Providers: Companies tasked with operational or IT services.

Data Controllers: An entity that manages data access and determines the means of processing.

Shared Responsibility Model: Understanding the risks inherent to both parties where accountability is mutual.

Building a Robust Third-Party Risk Management Framework

To effectively manage third-party risks, organizations must adopt a layered approach:

1. Due Diligence: Perform a comprehensive assessment of the potential vendor’s security practices before procurement. This initial vetting serves as the first line of defense.

2. Continuous Monitoring: Post-acquisition vigilance is critical. Employ tools for real-time observation of vendor activities and data handling procedures to keep an eye on possible anomalies.

3. Contractual Safeguards: Ensure contracts explicitly outline data protection expectations, breaches response protocols, and obligations for compliance and audits.

Implementation Case Study: Real-Life Examples of Success

For example, financial firms like JPMorgan Chase have strengthened their third-party risk management protocols by integrating advanced analytics and AI to assess vendor risk, streamline data sharing processes, and reduce exposure to cyber threats. This proactive stance has positioned them as leaders in vendor risk management best practices, protecting their clients and themselves against potential breaches.

Mismanaged Responsibilities Could Lead You to Trouble, and Fast!

Increasing regulatory demands from entities like the GDPR in Europe and CCPA in California are more than light reading—they're formidable requisites, mandating strict data protection protocols and timely breach notifications. Companies that ignore these can face severe penalties, including fines up to 4% of global revenues or $20 million—whichever is higher.

*

Vendor Diligence Questions

To initiate a robust vendor security assessment, consider the following:

1. How does the vendor encrypt data at rest and in transit, and what protocols are employed?

2. What are the vendor's incident response procedures, and are they subject to regular testing?

3. Does the vendor comply with recognized data protection frameworks like ISO 27001 or NIST?

Action Plan

1. Review Existing Vendor Contracts: Align them with current industry regulations and your internal security policies.

2. Implement a Vendor Risk Assessment Framework: Regularly evaluate vendors based on their access to sensitive data and the services they provide.

3. Develop Incident Response Protocols: Establish clear communication channels and recovery plans in collaboration with your vendors for timely breach management.

In summation, addressing third-party data security is like locking the front door but leaving the back door wide open. Vigilance, diligence, and integration of standardized procedures can ensure your organization's data remains secured, even when outsourcing crucial functions.

By implementing these strategies and tools, you can mitigate the risk posed by third-party partners and protect your organization's most valuable asset—its data.

*

Source: Ensuring Data Protection for Third Parties: Best Practices | UpGuard

*

Farewell, Old Friend: When Software Calls it Quits

_When software says 'I'm too old for this,' it's time to move on, but with a plan._

What You Need to Know

The company's software portfolio includes multiple applications reaching "end-of-life" (EOL) status soon, which means they will no longer receive support or updates from the vendor. Executive management should prioritize addressing these EOL commitments to mitigate security risks, improve operational efficiency, and ensure compliance. Your immediate task is to evaluate the affected software assets, consult your IT and cybersecurity teams for transition plans, and allocate resources for upgrading or replacing critical systems.

CISO focus: Software Lifecycle Management

Sentiment: Negative

Time to Impact: Immediate

*

[Welcome to the world of software end-of-life (EOL), a critical phase in technology management that demands immediate attention. Subscribers reading this will learn how EOL could impact their business operations, cybersecurity posture, and compliance status. Read on to discover the significance of EOL and the steps necessary to ensure a smooth transition from obsolete technology.]

End-of-Life Software: The Clock Is Ticking

Software reaching the end-of-life (EOL) phase poses significant risks, including lack of security updates, compliance headaches, and operational inefficiencies. As software ages and ceases to receive updates or support from vendors, businesses are left vulnerable to cybersecurity threats—equivalent to leaving your backdoor wide open for digital intruders. According to UpGuard, end-of-life software is the perfect beacon for malicious actors who often exploit outdated systems for cyber-attacks.

Key Risks:

Operational Vulnerability: With no updates, old software can't defend against new vulnerabilities.

Compliance Issues: Regulatory standards often require up-to-date software to safeguard data, and obsolete systems may lead to violations.

Maintenance Burden: Internal IT teams must shoulder the responsibility of maintaining unsupported systems, straining resources.

What's at Stake?

Ignoring EOL warnings might lead your organization into uncharted territories of compliance fines, data breaches, and soaring maintenance costs. Each aspect not only threatens financial resources but also tarnishes corporate reputation. EOL decisions, therefore, are pivotal in a company's strategic IT planning and operational excellence.

Immediate Steps for Organizations:

1. Asset Inventory: Conduct a thorough assessment of current software assets to identify those reaching EOL.

2. Risk Assessment: Evaluate potential risks and impacts on operations and security.

3. Cost Analysis: Understand financial implications of maintaining versus upgrading or replacing software.

Developing an EOL Strategy

Creating a meticulous EOL strategy helps organizations navigate the transition smoothly while preserving business continuity. The cornerstone of this strategy involves determining which systems are critical, exploring alternatives, and implementing changes proactively.

Strategy Outline:

* Phase One: Planning

Identify critical systems.

Assess compatibility with new/upgraded solutions.

Engage stakeholders across departments to understand business needs.

Phase Two: Execution

Prioritize systems with nearing EOL dates.

Test replacements or upgrades in controlled environments.

Rollout the transition with minimal disruption.

Phase Three: Monitoring

Ensure stability and functionality post-upgrade.

Monitor for new updates and patches regularly.

Create an iterative loop for feedback and adjustments.

*

Vendor Diligence

Questions

1. What is the vendor's timeline and commitment to decommission unsupported software?

2. Does the vendor offer a transition support package or discount for upgrading to newer software versions?

3. How does the vendor plan to address security patch management for remaining supported products?

Action Plan

For the Team Reporting to the CISO:

1. Inventory and Assessment

Compile a list of all software nearing EOL.

Conduct risk assessments to understand security implications.

2. Stakeholder Engagement

Liaise with departmental representatives to gather input on software usage and necessity.

3. Strategic Execution

Develop detailed transition plans for major applications.

Schedule and conduct tests for upgrades or replacements.

4. Training and Support

Provide training for users on new systems.

Set up a helpdesk for troubleshooting during the transition phase.

5. Post-transition Review

Collect feedback and measure system performance.

Refine the process for future EOL scenarios.

*

In the fast-paced world of software, staying current isn't just about having shiny new features—it's about protecting your business from the lurking threats of outdated technology. Embrace change, because when your old program starts planning its retirement party, it's time to think ahead, adapt, and ensure your systems keep running smoothly.

*

Source: What End-of-life Software Means for Your Business | UpGuard

*

The Curious Case of the Army Hacker: When One Soldier Takes on Telecom Giants

_Out of the barracks, into the servers—why your army vet might double as your next hacker._

What You Need to Know

The Department of Justice has confirmed the arrest of a U.S. Army soldier who has been implicated in the hacking activities against telecom giants AT&T and Verizon. This incident underscores the urgent need for corporations to reassess their cybersecurity strategies and employee vetting processes. The board and executive management are expected to review current cybersecurity response plans and ensure communication with legal advisors to mitigate potential fallout or data exposure risks. An audit of current situation reports and adherence to updated security protocols should be prioritized.

CISO focus: Insider Threats

Sentiment: Strong Negative

Time to Impact: Immediate

*

The Arrest

The landscape of cybersecurity faced a tangible impact this week as the Department of Justice arrested a U.S. Army soldier allegedly responsible for hacking into the systems of AT&T and Verizon. The DOJ’s announcement brought into sharp focus the increasingly apparent threat of insider and sophisticated cyber threats that can penetrate even the most fortified defenses.

What Happened?

According to the DOJ, the soldier leveraged his position to gain unauthorized access to AT&T and Verizon's internal networks, extracting customer data and causing considerable operational disruptions. These hacks are reported to have compromised sensitive data of millions of users across multiple states.

* AT&T and Verizon, industry stalwarts in telecommunications, have confirmed the breaches but refrained from commenting on the extent and impact.

Urgency in Response

This revelation places immense pressure on businesses to optimize their cyber defenses, particularly concerning insider threats, to prevent similar breaches in the future.

Immediate Steps

1. Security Audits: Conduct comprehensive security audits focusing on insider threat detection mechanisms.

2. Employee Training: Enforce cybersecurity awareness programs to ensure all employees understand the security protocols.

3. Enhanced Vetting: Refine employee background checks, focusing on positions with elevated access privileges.

The Wider Implication

Insider threats continue to grow, constituting a major portion of data breaches worldwide. The capability of a single individual to wreak havoc on colossal enterprises confirms that no organization is immune, regardless of size or stature.

According to Verizon's 2023 Data Breach Investigations Report, nearly 20% of breaches are attributed to insiders. This emphasizes the criticality of robust internal controls.

AT&T has iterated the importance of employing multi-factor authentication and regular system patching as fundamental steps to thwart potential breaches.

Future Preparedness Measures

Looking forward, companies must integrate advanced forensic tools and AI-driven analytics to predict and neutralize insider threats before they materialize.

Behavioral Analytics: Implements systems that recognize deviations from the norm in user activity.

Automation and AI: Use intelligent systems to both identify and mitigate risks early in their trajectory.

Timing and Impact

The effects of this hacking revelation will be immediate, prompting swift action from companies across sectors to protect their data and customer privacy. The risks posed by such insiders necessitate an immediate, cohesive response.

Industry Perspectives

Security experts suggest that while the technological aspects of cybersecurity evolve, the human factor remains an Achilles’ heel. The boldness of this soldier’s actions serves as a stark reminder of the necessity for constant vigilance.

The risks associated with insider threats are compounded when access to critical infrastructure is involved, says cybersecurity analyst Jane Broad.

Paul Reeger, a telecommunication security consultant, underscores the need for integrated solutions that encompass physical and digital security to mitigate such risks effectively.

*

Vendor Diligence Questions

1. What measures have been implemented to identify and mitigate insider threats within your service provisions?

2. Can you provide documentation of your recent internal security audits and any corrective actions taken?

3. How do you handle authentication and access controls in preventing unauthorized data access?

Action Plan

1. Review and upgrade all existing security protocols with an emphasis on thwarting insider threats.

2. Coordinate an inter-departmental response team to monitor and manage any immediate cybersecurity vulnerabilities.

3. Engage third-party cybersecurity experts to conduct an impartial security assessments and recommend enhancements.

4. Schedule regular cybersecurity training workshops for all employees emphasizing awareness and prevention of insider threats.

5. Document all actions and findings carefully to ensure compliance and to later serve as a guide for future strategies.

*

Source: DOJ confirms arrested US Army soldier is linked to AT&T and Verizon hacks

*

One Mikro Typo: The DNS Misconfiguration Havoc

_Oops, my Mikrotik did it again—playing mailman for Russian botnets!_

What You Need to Know

The latest analysis from Infoblox reveals a critical vulnerability exploited by a Russian botnet using Mikrotik routers to deliver malware through email campaigns. The botnet leverages misconfigured DNS settings to evade detection, posing a severe threat to the cybersecurity landscape. Executives are urged to initiate urgent security audits, particularly focusing on their network configurations and DNS settings, to prevent similar exploitations.

CISO focus: Threat Detection and Mitigation

Sentiment: Negative

Time to Impact: Immediate

*

In a startling revelation by Infoblox Threat Intel, the cybersecurity community was hit with news that a seemingly innocuous DNS misconfiguration can morph into a formidable cyber threat. This oversight turned thousands of Mikrotik routers into unwilling accomplices of a Russian botnet, effortlessly funneling malware into inboxes worldwide.

A Russian Botnet Takes Center Stage

The effectiveness of this botnet lies in its innovative means of bypassing email protection systems using misconfigured DNS records. By posing as legitimate sender domains, they exploit these security loopholes to distribute trojan malware effectively. While the observed payloads are dangerous in their own right—it’s likely the botnet is flexible enough to undertake a wider spectrum of malevolent activities, from data theft to launching DDoS attacks.

Mikrotik Routers as Bot Servers: The botnet harnesses thousands of compromised Mikrotik routers, utilizing their DNS misconfigurations to generate emails that evade traditional detection mechanisms.

Spamming Trojan Malware: The emails delivered carry malicious trojans, setting a foundation for broader, more destructive cyber campaigns.

Analyzing the Scale of Threat

Giving a nod to the persistence of cyber threats, the malware embedded in these emails compromises device integrity at an alarming rate. Infoblox continues its crack-down efforts by monitoring this botnet through attentive DNS tracking.

Global Network Impact: The botnet is not restricted by geographical boundaries, extending its reach across a global scale, highlighting the necessity for an international collaborative security response.

Unseen Infrastructure Loopholes: Mikrotik’s router misconfigurations underscore an overlooked aspect of cybersecurity hygiene—DNS settings, often neglected in routine security checks, now stand out as critical points of vulnerability.

Industry Response and Measures

As the tech world grapples with the intricacies of this threat, the importance of maintaining strict DNS configurations is heavily stressed. Organizations, irrespective of their size, must prepare for potential threats stemming from similar faults and adapt their defenses accordingly.

Security Audits Recommended: Comprehensive security audits focusing on network and DNS configurations.

Adaptive Defense Mechanisms: Leveraging adaptive security technologies that can dynamically respond to detected threats should be considered by all security teams.

In Retrospect... Mikrotik Routers, Friend or Foe?

The irony of security is that it's often betrayed from within—our devices, our configurations. The headlining botnet serves as a wake-up call and a reminder to refine our focus on those minute details which might otherwise escape notice.

What's Next?

With the digital ecosystem evolving and cyber threats advancing in sophistication, continuous vigilance and industry partnerships are imperative. We look to further preventive measures and the sharing of insights across platforms to harden defenses against such adaptable threats.

*

Vendor Diligence

1. How does your solution handle DNS misconfigurations?

2. Can your technology detect and mitigate distributed botnet activities?

3. What mechanisms are in place to analyze and protect against zero-day exploits like those utilized by this botnet?

Action Plan

1. Conduct Immediate Security Audit : Evaluate current DNS configurations and network security strategies.

2. Engage Incident Response Team : Prepare for potential infiltrations by botnets, emphasizing rapid detection and mitigation.

3. Strengthen Email Filtering : Enhance spam and threat detection capabilities, focusing on preventing trojan distribution.

*

Source: Infoblox One Mikro Typo Article

*

The Great Escape: When 2FA Isn't Enough

_Why be a magician when you can just phish your way past security?_

What You Need to Know

The latest cyber threat involves a sophisticated phishing kit targeting Microsoft 365 accounts, bypassing two-factor authentication (2FA) with ease. This attack method poses a significant risk to organizational security by exploiting user trust and system vulnerabilities. As board members or executive leaders, it is paramount to prioritize this issue by allocating resources to bolster cybersecurity measures, ensuring that IT teams are adequately equipped and trained to mitigate this threat.

CISO Focus: Phishing & Authentication Bypass

Sentiment: Strong Negative

Time to Impact: Immediate

*

Getting past a two-factor authentication (2FA) feels akin to cracking the combination of a safe—daunting, intricate, but highly rewarding for cyber criminals. But, recent developments have demystified this challenge, proving that with the right tools, bypassing 2FA is no longer just a reel of Hollywood fantasy.

The Anatomy of the Attack

Cybersecurity analysts have unearthed a new and sleek phishing kit aimed specifically at Microsoft 365 accounts. Analysts have dubbed it the "Sneaky 2FA Phishing Kit," a masterclass in deceptive tactics that seamlessly bypasses 2FA mechanisms. The kit entices victims with familiar-looking emails urging urgent action or showcasing enticing incentives, leading them to counterfeit login pages almost indistinguishable from legitimate ones.

Bypassing 2FA: A Not-So-Magical Trick

Once a user enters their credentials into these fraudulent pages, the kit not only captures the usernames and passwords but waits for the 2FA code, often sent through SMS or App-based authentication methods. Upon intercepting this code in real-time, the attacker swiftly gains unauthorized access to the unsuspecting user’s account. This method drastically raises the threat level because it turns one of the most secure authentication processes into a mere formality.

Implications for Organizations

The ability to bypass 2FA challenges the very foundation of cybersecurity trusts. Consequently, industries reliant on remote access, cloud computing, and digital transactions are exceedingly vulnerable. Regular awareness campaigns are now imperative to educate end-users about verifying email authenticity and recognizing phishing attempts.

Financial Impact : Unauthorized access could lead to massive data breaches, loss of intellectual property, and significant financial loss.

Reputation Damage : Public knowledge of credential theft can erode trust among consumers and investors.

The Immediate Response

Organizations need to adopt a layered security approach—moving beyond traditional 2FA to more robust multi-factor authentication (MFA) solutions. Zero Trust frameworks should be considered as they emphasize verification at every step of digital interaction, regardless of where the user logins or the security already in place.

1. User Education : Continuous training and simulated phishing exercises should be conducted to inculcate a security-first mindset among employees.

2. Advanced Authentication : Transition from basic app-based 2FA to hardware tokens or biometric verification where possible.

3. Security Audits : Frequent audits and penetration tests against these advanced threats can highlight system vulnerabilities before they are exploited.

Looking Beyond the Phish

While this attack vector remains the focal point today, it is merely a glimpse into future threats, where attack sophistication will only evolve. By fortifying present defenses, particularly in authentication processes, companies can insulate themselves against a broader range of cyber threats.

Forewarned is forearmed. The prompt implementation of the recommended steps can significantly reduce risk exposure from this alarming threat. By proactively tackling these emerging threats head-on, organizations can maintain robust cyber defenses and assure stakeholders of their commitment to safeguarding digital assets. After all, when it comes to security, playing catch-up is never an option.

*

Vendor Diligence Questions

1. Has the vendor implemented adaptive authentication techniques that mitigate phishing risks?

2. What contingency measures are in place in case 2FA is compromised?

3. How frequently is the vendor updating their platforms against emerging threats like phishing kits?

Action Plan for CISO Team

Immediate Deployment : Begin rolling out advanced MFA systems.

User Training Campaign : Develop and launch comprehensive user awareness programs tackling phishing and credential theft.

Security Policy Review : Analyze and reinforce existing security policies to align with current threat landscapes.

*

Source: New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

*

_CISO Intelligence is lovingly curated from open source intelligence newsfeeds and is aimed at helping cybersecurity professionals be better, no matter what their stage in their career._

_We’re a small startup, and your subscription and recommendation to others is really important to us._

*Thank you so much for your support!(