This week, we dive into the SEC updating its breach disclosure timelines, Microsoft finally forcing all sign-ins to Azure to use MFA, malvertising is back targeting PuTTy and WinSCP, and UnitedHealth confirms it paid the ransom for the attack it suffered several weeks ago.
SEC gives organizations 30 days to send data breach notifications
Link: Bleeping Computer
The United State's SEC (Securities and Exchange Commission) has updated its regulations affecting specific financial institutions, requiring them to disclose data breach incidents within 30 days of discovery. Originally introduced in 2000, these rules include developing and implementing data protection policies, confidentiality and security assurances, and protecting against any potential threats.
Microsoft to start enforcing Azure multi-factor authentication
Link: Bleeping Computer
Finally, Microsoft will start forcing MFA for all users signing into Entra ID (formerly Azure) this July. Currently, this change will only affect users with specific administrator roles within a tenant, with further rollouts for CLI, PowerShell, and Terraform sign-ins.
This is a welcomed addition to all Entra ID environments and while we would still recommend forcing all users to use MFA, coupled with specific and dedicated Conditional Access policies, progress is progress.
Malvertising targeting PuTTy and WinSCP
Link: Bleeping Computer
Rapid7 recently reported that search engine campaigns were displaying ads for fake installations of PuTTy and WinSCP, specific tools targeted for administrators and their workflows. For those unaware, malvertising is a campaign where attackers purchase Google ads to promote fake download sites for Putty and WinSCP they control.
Given the rise in these attack vectors, we'd recommended avoiding downloading apps from unofficial sources wherever you can. And, if you have to download from the web, stay away from any "promoted" links on Google offering downloads for the same thing.
UnitedHealth confirms it paid ransomware group
Link: Bleeping Computer
UnitedHealth has confirmed it paid a ransom to protect data stolen during a breach it suffered in February. With early estimates reporting the attack caused roughly $872 million in damages, UnitedHealth noted that $22 million of that was paid in a ransom directly to the attackers.