Sometimes unplugging the router and plugging it back in doesn’t solve the network issue.

The Black Lotus Labs team from telecom company Lumen Technologies revealed a security incident that led to over 600,000 routers going offline, rendering many of the small-office and home-office devices “permanently inoperable” and requiring a hardware-based replacement.

The shutdown, reportedly caused by remote malware, demonstrates an unusual network security incident impacting residential devices frequently not configured with enterprise-level access control measures to prevent attacks, according to one IT pro.

“This type of attack is so rare because it doesn’t net the attacker anything,” Ryan English, information security engineer at Lumen, told IT Brew.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

If your org uses Microsoft 365, don’t ignore this number: 53%. That’s how many Microsoft 365-based companies lost data in SaaS applications during the past 12 months, according to ESG.

Even worse, less than 25% of those affected companies will recover 100% of their Microsoft 365 data. Do you have a solid data protection plan in place? Let Veeam help you get one.

Protect your data with resources like:

• this infographic on 7 Critical Reasons for Microsoft 365 Backup
• this ebook covering 8 Benefits of a Backup Service for Microsoft 365

Stay secure out there.

Ask Blackberry VP of Product Security Christine Gadsby a question and you’ll get a thorough answer. The 15-year Blackberry veteran has been in management at the company since 2011 and is an encyclopedic resource on all things cyber.

IT Brew caught up with Gadsby in San Francisco at the RSA Conference and got to pick her brain on a number of issues, including how saturation expands the threat surface.

We asked Gadsby how she sees the overall cyberthreat landscape going forward over the next year—specifically, the supply chain. Here’s what she said.

This interview has been edited for length and clarity.

In your expert opinion, where do you see the next six months or the next year going with respect to the overall threat surface?

It is sort of an interesting crystal ball moment. I am seeing the industry start to look at this more like a supply chain—all of it, not just software. But if you look at any company—whatever the company, if you are a software supply-chain company or you make donuts, it doesn’t matter—you have a supply chain of some sort. You make something, it goes to market, and you sell it and [if] you have customers, [then] you have their data.

Read more here.—EH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

For that reason, I’m out. Entrepreneur and investor Mark Cuban—whose net worth is $5.4 billion—said his Gmail account was hacked by someone pretending to be a Google employee, MSN reported.

Cuban posted on X over the weekend, explaining that the threat actor named “Noah” called and told him that an intruder had tried to gain access. That’s when the hacker walked him through what he thought was Google’s account recovery process.

Dialing in. The phone number that “Noah” spoofed—650-203-0000—is, in fact, a working number for Google Assistant, and Rachel Tobac, CEO of SocialProof Security in San Francisco, posted on X that changing caller ID “takes less than a minute and can be done using apps available on the App Store.”

“The scam is simple,” she wrote: Threat actors use data breaches or data brokerage sites to find a victim’s number. Next, they’ll use a spoofing app to choose which number to display on caller ID; call the victim while posing as customer support; and tell the victim that, due to an incident, they must “follow the steps” for account recovery. From there, the victim could pass along sensitive info to the attacker, such as a password, multi-factor authentication code, or “account recovery details.”

Keep reading here.—AF

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Ready to develop intelligent AI with RAG? Retrieval-augmented generation (RAG) equips organizations with the domain-specific, real-time data needed to build AI assistants and chatbots. Check out NVIDIA’s new ebook to dig into the core concepts and fundamentals today + download for free.