CDK Global, a company that provides software for thousands of auto dealers, was hit by back-to-back cyberattacks on June 19. These attacks led to an outage that continued to impact many of their sales operations on Friday, according to the Associated Press. CDK told multiple news outlets that it is "actively investigating a cyber incident," and the company shut down all of its systems out of an abundance of caution.

The recent attack on Snowflake accounts underscores a critical lesson for all cloud users: securely managing identities and access is paramount under the shared responsibility model. As more organizations leverage cloud services, it’s essential to understand that security is a collaborative effort between the service provider and the customer.

France’s cybersecurity agency ANSSI has issued an alert outlining a Russian spear phishing campaign targeting French diplomats, the Record reports. The agency attributes the campaign to “Nobelium,” a threat actor tied to Russia’s Foreign Intelligence Service (the SVR).

As workforce productivity increasingly depends on web-based applications, browsers have become essential gateways to the “connectivity economy.” According to recent data, 93% of desktop internet traffic in 2023 traversed through four popular web browsers.

Read also: A fraudster extradited from Ukraine to the US, french police dismantle coco chat website linked to cybercrime, and more.

Accessing passkeys from multiple devices can be a hassle if you don’t use a passkey manager since they’re tied to the device on which they’re generated. This means you’d have to create a passkey on multiple devices or scan a QR code to access a passkey from devices that use different Operating Systems (OS). This is inconvenient, which is why you should consider investing in a password manager to store and manage your passkeys.

The US FBI and the Department of Health and Human Services (HHS) have released a joint advisory warning of a social engineering campaign that’s targeting the healthcare industry. “Threat actors are using phishing schemes to steal login credentials for initial access and the diversion of automated clearinghouse (ACH) payments to US controlled bank accounts,” the advisory states.

Modern organizations know that protecting their data is absolutely critical. That’s where cloud security compliance comes in. Satisfying regulatory standards helps organizations protect against unauthorized access and data breaches, as well as other security incidents. Beyond protecting data, compliance also protects organizations from the legal implications and financial effects of attacks.

It seems like every other day there is a public announcement of a compromise involving unauthorised access to Microsoft 365. Privately, my security consultancy team are called in more often than we would like to deconstruct a compromise and determine if a notifiable data breach has occurred.