May 22, 2025

Cyber Stories Newsletter—Week of September 16, 2024

Stay Informed on the Latest Cybersecurity News

Welcome to our latest newsletter, your essential source for this week’s cybersecurity highlights and insights.

Explore key stories from the cyber world that have dominated headlines 🌐.

Subscribe for direct access to the most current threat analyses and news items, conveniently delivered to your inbox 📬.

As always, be sure to reach out with any questions or concerns about these or any recent threats. Your security is our priority! 🚀

‍

Email attacks prevalent in critical infrastructure firms

A recent analysis shows that 80% of critical infrastructure organizations have faced email-based cyberattacks in the past year. As email security remains a major challenge, this piece discusses the persistent threat posed by phishing, malware, and data theft through malicious emails.

‍

How Shifts in Cyber Insurance Are Affecting the Security Landscape

The increasing costs of cyberattacks are driving shifts in the cyber insurance industry. Insurers are tightening underwriting standards, pushing businesses to adopt stronger cyber resiliency measures. Companies must focus on securing data with immutable backups, disaster recovery plans, and encryption to maintain insurance coverage and mitigate potential ransomware impacts. These evolving requirements are reshaping both cybersecurity practices and the insurance landscape.

‍

Construction firms breached in brute force attacks on accounting software

Hackers are targeting construction firms by brute-forcing passwords on exposed Foundation accounting software servers, exploiting default credentials. These attacks, observed by Huntress, enable attackers to execute commands through compromised Microsoft SQL servers, impacting multiple companies. Firms are urged to secure their systems by rotating credentials and limiting public exposure.

‍

AT&T agrees to $13 million fine for third-party cloud breach

AT&T has agreed to pay a $13 million fine to the FCC for mishandling customer data breaches that occurred between 2013 and 2014. The company was found to have violated privacy protection rules, as employees accessed and sold sensitive customer information without consent. This settlement underscores the importance of safeguarding consumer data and adhering to regulatory standards.