MFA Downgrade Attacks: Good to know.
Short article on MFA downgrade attacks; provides the basics on what it is and how to defend. Good to know for considering your own policies and processes when folks lose devices. https://www.scworld.com/perspective/why-mfa-downgrade-attacks-could-be-the-next-ai-security-crisis
When Security Awareness Fails: Effective Cyber Recovery
October 30 | Register Now! Based on Ponemon Institute research, cyber incidents reveal that recovery times are not hours, but days with organizations frequently suffering data loss. Despite the best efforts of cybersecurity awareness and security investments, organizations still need to amplify their recovery strategies to minimize business disruption and data integrity. This session will explore: How organizations should continue investing in cybersecurity Why measure cyber recovery in minutes and hours vs. days Using new cyber resilient storage capabilities to speed up recovery The cross-functional and cross-technology cyber recovery process and the importance of rehearsals and testing Register Now!Where to get cyber news: Useful links.
Here are a number of publications I use to 'try' to keep up with everything happening in cyber security: https://thehackernews.com/ https://www.darkreading.com/ https://www.scworld.com/ https://www.securityweek.com/ https://www.cybersecuritydive.com/ https://www.infosecurity-magazine.com/From Passive to Proactive: A New Cyber Resilience Foundation
We are thrilled to announce a significant evolution of the Pure Storage Cyber Resilience solution, designed to transform your defense posture from passive to proactive. The announcements on September 25th deliver on three core pillars that are essential for modern defense: 1. Dynamic Response and Recovery: Recovery time must be measured in minutes, not days. We're introducing Pure Protect™ Recovery Zones to automatically provision Isolated Recovery Environments (IREs), plus a new Cyber Resilience delivered as a Service model with Veeam to guarantee instant, validated recovery. 2. Connected Detection: We’re eliminating security blind spots by embedding detection into the data layer itself. We have several new native detection capabilities and new integrations with CrowdStrike Real-Time Threat Graph and Superna Next-Gen SIEM to accelerate threat detection and remediation. 3. Built-in Security: Security is foundational. Our platform now features mandatory safeguards like TPM and UEFI Secure Boot and Enterprise-Grade Identity and Access Management to ensure the integrity of your platform from the ground up. See our Cyber Resilience announcement blog for more details.Ransomware’s Worst Nightmare: New Cyber Resilience Arsenal (new blog post)
With the barrage of new announcements coming out of NYC Accelerate, I wrote a new blog post that is relevant to all customers, but specific to State / Local Government and Education customers summarizing what is new and the value it brings in terms of Active Cyber Resilience. Your feedback is welcome: https://goo.gle/3xzWj8P zCyber resilience news from last week
Here is a summary of some of the major events: Colt Technology Services: The UK-based telecommunications company, Colt, experienced a ransomware attack that resulted in a multi-day outage of some of its services, including hosting and its online platforms. The Warlock ransomware gang claimed responsibility, asserting they stole over a million documents. Security researchers suggest the attack may have exploited a Microsoft SharePoint vulnerability. Workday Data Breach: Workday, a provider of human resources software, confirmed that some customer information was compromised in a social engineering attack. This incident is part of a broader campaign by the ShinyHunters threat group targeting companies' Salesforce instances by impersonating IT support staff via voice phishing. Other companies affected by this campaign include Air France and KLM. Manpower Data Breach: Staffing giant Manpower disclosed a data breach that affected nearly 145,000 individuals. The incident, which occurred in late 2024 but was disclosed this past week, was caused by a ransomware attack. US Justice Department Takedown: In a significant law enforcement action, the U.S. Department of Justice announced coordinated actions against the BlackSuit (Royal) ransomware group. This operation included the seizure of servers, domains, and over $1 million in cryptocurrency, dealing a critical blow to the group's infrastructure. N-able Vulnerabilities: Security researchers identified hundreds of internet-exposed N-able N-central instances that are unpatched and vulnerable to two recently disclosed exploits. These vulnerabilities, which N-able has since patched, have been added to CISA's catalog of known exploited vulnerabilities, making them a high-priority threat for ransomware actors.Innovation @ Pure Accelerate 2025
After five months at Pure Storage, I just attended my first Pure//Accelerate Conference. Pure//Accelerate is our annual gathering of esteemed customers and partners, where we learn from each other how to improve ‘everything data’ with advanced, performant, secure, and resilient storage. A major highlight of Pure//Accelerate 2025 was the announcement of the Pure Storage Enterprise Data Cloud. This represents the next generation of storage capabilities, helping organizations leverage their data for operational excellence and efficiency. Enterprise Data Cloud delivers a unified, AI-driven control plane—via Pure Fusion—that allows organizations to manage and govern data across hybrid estates with cloud-like automation, built-in cyber resilience, and global observability. With my focus on cyber resilience and cybersecurity, I found the cyber resilience announcements especially exciting. First, we announced an integration with Rubrik’s Security Cloud to deliver the first-ever near-zero RTO solution. Rubrik and Pure Storage now combine immutable snapshots with threat analytics for rapid, trusted cyber recovery. Second, we announced integration with CrowdStrike LogScale. Pure Storage and CrowdStrike now offer on-prem storage with LogScale for fast analytics, threat hunting, and secure log retention. These announcements were extremely well received by both customers and partners. Another innovation generating buzz was our new Pure Protect capabilities. At Pure//Accelerate 2025, Pure Storage unveiled enhancements to Pure Protect, advancing cyber resilience and disaster recovery with a layered architecture that includes secure snapshots, isolated recovery environments, and cloud-based clean-room orchestration. The solution introduces policy-driven automation to streamline operations and reduce dependence on professional services, while optimizing VMware environments for increased efficiency and cost control. These advancements aim to simplify recovery, accelerate response, and strengthen data protection across hybrid infrastructures. In summary, Pure Protect can serve as the control and automation plane for layered resilience. On that note, many of my discussions with customers centered around how to leverage SafeMode Snapshots for immediate return to operations following an incident—whether from a disaster, technology outage, or cyberattack. Coming from a cybersecurity background, I was genuinely impressed by our customers' security acumen. Their expertise goes far beyond storage architectures, protocols, capacity planning, and performance. Many demonstrated strong knowledge of preventative and zero-trust controls, along with a deep understanding of immutability and indelibility. There was also strong interest in logging, anomaly detection, and especially our integrations with SecOps and UEBA. I fielded many questions about Varonis, Superna, and CrowdStrike, and how these powerful solutions help safeguard critical data assets. Superna, a sponsor of the event, also had strong attendance and interest in their breakout session. Our data protection partners—Rubrik, Commvault, and Veeam—also generated significant interest and hosted well-attended breakout sessions. Customers were particularly eager to learn how our solutions integrate seamlessly with these partners to enhance the capabilities of the Enterprise Data Cloud through robust, automated data protection workflows. The combination of our high-performance storage architecture and Pure Fusion automation impressed attendees by enabling streamlined management, rapid recovery, and enhanced security for enterprise-critical data. These integrations reassured customers that they can rely on a comprehensive, scalable solution that supports evolving data protection needs while simplifying operational complexity. This was an impressive event that made me proud to be part of Pure Storage. Resorts World was a fantastic venue, the Pure Storage event team executed flawlessly, and the keynote presentations were outstanding. If you didn’t make it this year, be sure to join us in 2026 back at Resorts World! Learn more about the Pure//Accelerate 2025 announcements at: https://www.purestorage.com/accelerate.htmlA simple way to visualize the need for Cyber Resilience
The need for cyber resilience is persistent. I use these sites to help me show folks that attacks and malicious activity are non-stop!!! Real-time and graphical, a good reminder to keep Cyber Reliance as a top priority: Checkpoint: https://threatmap.checkpoint.com/ BitDefender: https://threatmap.bitdefender.com/ Radware: https://livethreatmap.radware.com/maintenance/maintenance.html And for a summary on Ransomware, Ransomware Live: https://www.ransomware.live/
