The real way to get that water bottle into the airport isn’t hiding it in your kid’s backpack. It’s pretending to be the TSA agent.

That’s how Adam Meyers, senior VP of counter adversary operation at the cybersecurity company CrowdStrike, thinks of an authentication takeover known as “Kerberoasting,” which leaves the Dasani out of the boarding line, so to speak, and just focuses on getting that TSA uniform right.

And the Kerber-attack is on the rise, according to recent cybersecurity industry reports, likely for one reason: Impersonation doesn’t require any malware in the carryon.

“What we’re seeing the threat actors are doing is they’re really looking to steal identities,” Meyers told IT Brew.

Read more here.—BH

Do you work in IT or have information about your IT department you want to share? Email [email protected].

You’re giggling, but this silly word has some serious consequences. Never heard of it? You’ve definitely experienced it: Streaming cost hikes, aggressive paywalls, apps stealing data, the general decline of online life—this is enshittification.

In our newly enshittified () age, people turn toward personal VPNs to protect their online identities. But employees using VPNs is complicating the workplace for security and IT pros.

To give you the scoop on how to tackle personal VPN use at work, Kolide by 1Password put together a blog post that dives into the risks, rewards, and factors driving the popularity of this phenomenon.

So, what’s the best way to approach the personal VPN pickle?

Give Kolide’s post a read.

Challenges with technology infrastructure are the biggest barrier to enterprises looking to improve their margins by cutting costs, according to the 2024 edition of Deloitte’s MarginPLUS survey.

Deloitte polled nearly 300 business leaders on business margin improvement and technology transformation efforts, and found that 82% reported their companies had missed cost reduction targets. The number of respondents who named “challenges with technology infrastructure to meet new internal business conditions” as a barrier to success rose from 31% in the last edition of the survey to 50% in 2024.

Other top challenges in 2024 included being unable to rapidly change cost structures (48%), attract or retain talent (43%), or enable digital infrastructure to meet new external business conditions and scale (40%).

“Over half of the respondents said data and [generative] AI strategies was where their focus would be in the upcoming year for margin improvement strategies,” Annie Adams, a managing director in Deloitte’s mergers, acquisitions, and restructuring practice, told IT Brew. “Companies are really trying to figure out how to use data better.”

Read more here.—TM

Do you work in IT or have information about your IT department you want to share? Email [email protected]. Want to go encrypted? Ask Tom for his Signal.

Seven hackers affiliated with the Chinese government have been charged with “conspiracy to commit computer intrusions” and “conspiracy to commit wire fraud,” operating as part of APT31—also known as Violet Typhoon—a threat group that for years has targeted US “foreign critics, businesses, and political officials in furtherance of the PRC’s economic espionage and foreign intelligence objectives,” according to the US Attorney’s Office for the Eastern District of New York (EDNY).

“Their sinister scheme victimized thousands of people and entities across the world, and lasted for well over a decade,” Breon Peace, US attorney for the EDNY, said in a press release on March 25.

Keep reading here.—AF

Do you work in IT or have information about your IT department you want to share? Email [email protected].

Adios, audit woes. Wherever you are in your audit journey, it’s safe to say the compliance process can be a touch overwhelming. Enter Thoropass. Whether it’s SOC 2, SOC 1, ISO 27001, HITRUST, or more, Thoropass can unlock multi-framework compliance for your company and provide full visibility—all in one place. Get started.