Published: February 3, 2023
By Annie articles
Zendesk Hacked After Employees Fall for Phishing Attack
Security Week: Zendesk, a customer service solutions provider, was targeted by a SMS phishing campaign between September to October 2022. Some employees fell for the scam and handed over their account credentials to the hackers. Due to this, service data belonging to Coinigy, a cryptocurrency trading and portfolio management company, was accessed. Based on the timeline, the hack might be related to a campaign named 0ktapus, where attackers targeted more than 130 companies between March and August 2022 and also used SMS-based phishing messages to employees. Unfortunately this is not the first data breach revealed by Zendesk as they were hit by a security incident in 2019 as well.
Los Angeles school system shifts timeline of ransomware attack
Cybersecurity Dive: An update on a cyberattack we reported last October. Los Angeles Unified School District (LAUSD) was involved in the most high profile and damaging cyber attack in the education sector in 2022. Initially the district said that the breach occurred Labor Day Weekend but new details are stating that the initial point of intrusion occurred more than a month earlier. The hackers accessed files between July 31 and September 3, 2022 and the breach was undetected for a month. Vice Society claimed responsibility for the attack and stole about 500 gigabytes of data and posted 250,000 files on the dark web.
No Slack in the system: why internal communication channels are an increasing cybersecurity risk
Tech Native: Hybrid working has created a necessity for internal communication tools such as Slack and Microsoft Teams. Slack has an estimated 20 million users and while the platform is helping team members communicate and collaborate, no matter where they are located, it opens up a new route for cybercriminals to infiltrate. EA Games was a victim of a well publicized cyber attack in 2022, where Slack played a crucial role to gain access to sensitive files and hackers sending files embedded with malware. While 40% of organizations have reported a cyber intrusion due to remote work environments, reducing exposure to risk is key to staying protected and taking a holistic approach to hybrid workplace cybersecurity. Examples include educating employees on risks of attacks for any new platform they roll out and using real-time managed security services to provide secure remote access to employees wherever they work.
86% of US citizens have attempted to somehow remove or decrease their digital footprint online (source)
Organizations lose an average of $4 million in revenue due to a single non-compliance event (source)
Charlies is a 14 year cyber security expert. He started his career in the U.S. armed forces and then transitioned into commercial roles. A security engineer by training, he's well-versed in tool deployment and administration.
Ellen bring a decade of GRC expertise to the TalPoint community. She's knowledgeable on a variety of frameworks and employs a methodical approach to compliance. She's available for needs assessments, gap assessments, internal audits, and for certain frameworks running independent 3rd party audits.
Zachary bring a 20+ year career in risk management to the TalPoint community. He's worked across healthcare, finance, and supply chain manufacturing. His broad experience offers both a holistic view of risk as well as a common sense approach to risk management.