White Tuque Newsletter | September 2024

Top News in Cyber Defence

White Tuque Newsletter | September 2024

CyberSafe Chronicles​

Tuque's Take on the News

Construction firms breached in brute force attacks on accounting software

Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks. The malicious activity was first spotted by Huntress, whose researchers detected the attacks on September 14, 2024.

Huntress has already seen active breaches through these attacks at plumbing, HVAC, concrete, and other sub-industry companies. In these attacks, the attackers are taking advantage of a combination of exposed services amplified by users not changing default credentials on privileged accounts.

Read More… 

White Tuque’s TakeBrute force method of breaching passwords and gaining access to privileged accounts is one of the oldest methods out there! 

The main reasons these attacks persist are:

  • Many users still use weak, easily guessable passwords
  • Automated tools make it easy for attackers to try large numbers of password combinations quickly

To protect against brute force attacks:

  1. Use strong, unique passwords for each account (long, with a mix of characters)
  2. Implement multi-factor authentication
  3. Use account lockouts after multiple failed login attempts

Believe you need more guidance securing your systems and endpoints? Our approach is streamlined and refined to be relevant and tangibly useful for promoting best practices. Visit www.whitetuque.com/help to learn more.

Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable

A lack of cyber security expertise and employee training threatens the protection of cloud environments, according to new research by Check Point Software.

In its 2024 Cloud Security Report, the firm found that 61% of organizations experienced at least one security incident related to public cloud use in the past year, a significant increase from 24% the previous year.

Of those incidents, 21% resulted in a data breach. A shortage of skills was cited by 32% of respondents as a barrier to cybersecurity defense in cloud environments. Lack of security awareness among employees was cited by 41% of experts as a barrier.

Read More…

White Tuque’s TakeUnderstanding your organization’s current security skill set and assessing what course of action to take in upskilling your employees is the first step to bridging the gap. Key is to foster a continuous learning culture: Encourage ongoing education and pursuit of certifications to keep pace with the rapidly evolving threat landscape.

Don’t think you have time for more training or need customized cybersecurity program development? Our approach is streamlined and refined to be relevant and tangibly useful for promoting best practices. Visit www.whitetuque.com/help to learn more. 

What We Have Been Up To

June: White Tuque was invited to represent Chicago as part of the US Business Delegation to the Toronto Stock Exchange!

Last week, World Business Chicago invited cross-border business leaders to open the Toronto Stock Exchange and White Tuque was there! 

“Airplanes, stadium seating and opening trading days, the only time it pays to be on the shorter side. It was an amazingly cool experience to be able to open the trading day on the TSX representing White Tuque USA, 1871, and the City of Chicago as part of the US Business Delegation to the Toronto Stock Exchange. We had the opportunity to start the day off connecting with stakeholders from both sides of the border. It was a privilege to take part and so much fun to help ring the opening bell!” 

– Rob Stewart, Founder

August: Healthcare Think Tank event at VelocityTX on AI & Cyber!

Earlier in August White Tuque took part in Healthcare Think Tank‘s fascinating panel discussion around AI & Cybersecurity, hosted by VelocityTX in #SanAntonioTX. We want to thank the organizers at Healthcare Think Tank, especially Linda Elliott, for their efforts in assembling a group with diverse perspectives and experiences in cybersecurity, tech, and healthcare. Thank you to Velocity.TX for hosting the in-person and online event, broadening the reach of this discussion across North America. 

Finally, we’re grateful to Prateek Agrawal for representing White Tuque on the panel. His expertise in risk mitigation and cybersecurity added valuable insights into what the future of AI and healthcare means today, and the impacts for the future.

Coming Up: October is Cybersecurity Awareness Month!

Keep an eye out in October for interesting and engaging webinars featuring White Tuque’s experts and insights from our partners to improve your overall cyber awareness and to learn things you can implement now to protect your business.

SecTor 2024 is right around the corner!
White Tuque team will be at one of the biggest security conferences, SecTor! Visit us at booth #930! October 22nd - 24th! Metro Toronto Convention Centre, South Building Promo code for discounted passes: WhiteTuque2024
Register Here
Qualys Security Conference (QSC) San Diego
White Tuque's VRM Team - Raymond Kyte and Victor Diev will be attending Qualys Security Conference (QSC) San Diego, October 7 - 10th. Join us to know more about vulnerability management and how we can help improve your security.
Register Here
Artificial Intelligence: Understanding the Risks
Join us for an eye-opening education session on the risks of Artificial Intelligence (AI), presented by White Tuque Founder Robert D. Stewart. Learn how to protect yourself from cyber risk. Barrie Public Library, Painswick Branch, October 1st, 7-8 pm No registration needed, free event!
More Information
Cybersecurity Insights: Vulnerabilities, Insider Threats, and the Future of Online Safety
In this weekend edition of Cybersecurity Today, host Jim Love is joined by regulars Terry Cutler of Cyology Labs and David Shipley of Beauceron Security, alongside special guest Laura Payne from White Tuque. They discuss significant cybersecurity news including the new additions to CISA's known exploited vulnerabilities catalog, a hilarious yet eye-opening domain purchase incident, and the ongoing issue of insider threats.
Listen Here

Would you like more information on this topic?

White Tuque Newsletter | May 2024

CyberSafe Chronicles Newsletter Content Tuque’s Take on the News LastPass: Hackers targeted employee in failed deepfake CEO call LastPass revealed recently that threat actors targeted one of its employees in a voice phishing attack, using

Revealing the Power of Cyber Asset Management

In the fast-paced digital era where organizations heavily rely on technology, managing cyber assets has become a critical aspect of ensuring a secure and resilient digital landscape. Cyber Asset Management (CAM) plays a pivotal role

Work With Us.

  •  

Robert D. Stewart

Founder & Head, Strategic Threat Intelligence

Robert is a technology incident and crisis management specialist with over 3200 hours leading critical recoveries and investigations within regulated industries.

Robert has built cyber incident and global crisis processes for the Fusion Centres of two major North American banks. With an extensive focus on operational resiliency, Robert worked as a Global Crisis Management Specialist, leading the technical migration for the pandemic for a multi-national financial institution.

Robert is a threat intelligence specialist focused on preventing large scale incidents and attacks before they happen, with unparalleled experience in incident response: 650 critical incidents within the global financial sector leading to the recovery of over 250 unique global financial systems, with 6000 executive communications and briefings issued, and over 200 post-incident reviews.