Publicly Shared SAS Token for Storage Account Causes 38 TB Data Leak at Microsoft
Security researchers at Wiz have identified a major leak of internal data at Microsoft. The breach occurred three years ago in 2020 when an employee shared a URL for a blob store in a public GitHub repository while contributing to open source AI learning models. Wiz reported the data leak to the Microsoft Security Response Center (MSRC) in June, and on Monday, MSRC issued an advisory confirming this was an internal data leak involving...
QakBot Botnet Dismantled and 700,000 Infected Devices Cleaned
The U.S. Federal Bureau of Investigation (FBI) and the U.S. Department of Justice have recently announced that the QakBot malware network has been successfully dismantled and around 700,000 computers that had been infected with the malware have been cleaned. QakBot (aka QBot/Quackbot/Pinkslipbot) is a second-stage modular malware that was initially a banking Trojan and an information stealer, to which backdoor and self-propagation...
Data Breach Costs Reach Record High of $9.48 Million in the United States
Data breach costs have increased to record levels, with the average cost of a data breach now $4.45 million globally – a 2% increase from last year and a 15% increase since 2020. U.S. data breaches cost an average of $9.48 million and healthcare data breaches are the most expensive, costing an average of $10.93 million. This is the thirteenth consecutive year that healthcare data breaches have topped the list as the most expensive...
Cloud Transition Security Guidance Issued by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a factsheet to help organizations securely transition from on-premises to cloud and hybrid environments and ensure data and critical assets are properly secured. The factsheet can be used by network defenders, analysis, and incident responders and suggests several open source tools that complement those provided by cloud service platforms and providers (CSPs)....
Verizon 2023 DBIR: DoS Attacks Dominate 2022 Cyberattacks and BEC Attacks Double
The recently published Verizon 2023 Data Breach Investigations Report provides insights into the tactics, techniques, and procedures that cyber actors are using to gain access to networks to achieve their objectives. The data for the report comes from security incidents and data breaches between Nov. 1, 2021, to Oct. 31, 2022, which this year includes 953,894 security incidents and 254,968 confirmed breaches, including more than...
University Alert System Hijacked by Ransomware Gang and Used to Aid Extortion
A ransomware gang has hijacked an alert system used by a university and used it to issue threats to staff and students to pressure the university into paying the ransom. The attack was conducted by the Avos ransomware gang on Bluefield University in Virginia. Like many universities, Bluefield has an emergency alert system that sends SMS messages and emails to staff and students to warn them about emergencies and threats, such as...
World Password Day – A Reminder to Improve Password Hygiene
The first Thursday of May is World Password Day, a day dedicated to raising awareness of the importance of password security and the promotion of password best practices. The idea of a Password Day came from the security researcher Mark Burnett, who suggested in 2005 in his Perfect Passwords book that everyone should have a password day where they took the time to update their passwords. In 2013, World Password Day became official and...
Concern Grows About Ease of Bypassing Bypass Security Controls of AI Chatbots
Security researchers have demonstrated it is possible to hack the large language models that power AI-based chatbots such as ChatGPT to get around the security protections that have been put in place to prevent abuse, and by doing so get these chatbots to generate text about illegal activities and hate speech. These large language models have tremendous potential but there are growing fears that there is also considerable potential...
IT Professionals are Pressured into Keeping Security Breaches Quiet
Malicious actors are increasingly using automation to conduct sophisticated attacks at scale and organizations are struggling to defend against attacks. IT teams are typically incredibly overworked and lack the resources they need to proactively improve defenses, instead they are bogged down reacting to threats and dealing with security incidents. Security teams are under pressure to prevent breaches, but when security breaches occur,...
Atlassian Confirms SiegedSec Hackers Stole Employee Data and Office Floor Plans
The enterprise software provider, Atlassian, has confirmed that a hacking group has downloaded sensitive employee data and office floor plans, but says its systems were not breached. A threat group called SiegedSec recently announced on their Telegram channel that they had hacked into the software of Atlassian and exfiltrated sensitive data. In the announcement, they said they had stolen sensitive data from the $44 billion software...
One-fifth of the U.S. Department of the Interior Passwords Successfully Cracked in Password Test
A recent investigation of the password management practices of the U.S. Department of the Interior has identified multiple password failures which are putting its internal network and applications at risk of compromise. The investigation was conducted by the Department of the Interior Office of Inspector General (DOI OIG) to determine how well the Department’s password management and enforcement controls were working. The...
Hacker Claims to Have Scraped the Data of 400 Million Twitter Users
A hacker has recently posted a listing on a popular hacking forum advertising a data set that includes the public and private data of approximately 400 million Twitter users. The data was allegedly obtained by exploiting an API vulnerability in 2021 that has since been patched. The same vulnerability was exploited previously in a 5.4 million record data breach – one which the Irish Data Protection Commission has just started...
What are the HIPAA Password Requirements?
Before answering the question what are the HIPAA password requirements, it is important to note that passwords are not a requirement of HIPAA if Covered Entities use an alternative authentication method to “verify that a person or entity seeking access to ePHI is the one claimed” (Security Rule Standard §164.312(d)). According to the Department of Human Services´ Guide to the Technical Security Standards there are three ways in which...
Survey Reveals Serious Password Manager Mistake That Puts Millions at Risk of Identity Theft
Passwords are often a security weak point, but not because of the level of security they provide. If a sufficiently long password is set following password best practices, the account would be well secured. A password of 15 characters containing upper- and lower-case characters, numbers, and symbols would take about a billion years to crack using the GPUs currently available, according to a study by Hive Systems. Increase it to 18...
63 Unique Zero Day Bugs Identified and Exploited at Pwn2Own Toronto 2022
A contest run by Trend Micro’s Zero Day initiative at Pwn2Own Toronto 2022 that rewards hackers for identifying and exploiting zero-day vulnerabilities has seen exploits demonstrated for 63 unique zero-day bugs in consumer products, earning hackers a total of $989,750 in prize money. This was the 10th year that the contest has been held, and this year saw 26 contestants and teams try to hack the commercial software solutions of 66...
Public and Nonpublic Information of 5.4 Million Twitter Users Leaked
A collection of public and non-public information of 5.4 million Twitter users has been released on a hacking forum and can be downloaded free of charge. This is not a recent data breach, but a batch of data that was first listed for sale in December 2021, which the hacker listed for $30,000 at the time. Public information on Twitter users was scraped and combined with legitimate phone numbers and email addresses, which are not...
The Worst Passwords of 2022 Revealed
The List of the worst passwords of 2022 has been published, pointing the spotlight on poor password practices. Despite the risks, these terrible passwords are still used by many people to “secure” their accounts. The worst passwords of 2022 do nothing of the sort. These passwords are top of the list in brute force attempts to access accounts and will provide almost instant access to any account that they have been used to secure. The...
CISA Issues Guidance on Vulnerability Categorization, Prioritization, and Management
Many organizations struggle with vulnerability management due to the number and complexity of new resources and limited resources to devote to remediating vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently issued guidance to help organizations improve vulnerability management by implementing an efficient process for assessing and remediating vulnerabilities. Large organizations generally...
Q3 Sees Insider Threat Incidents Reach All-Time High
The Kroll Q3 2022 Threat Landscape report shows an increase in insider threat incidents, which reached the highest level to date in Q3, accounting for 35% of all unauthorized access incidents. Kroll has attributed the increase to the phenomenon known as the great resignation, where large numbers of employees are changing jobs following the COVID-19 pandemic. These incidents commonly occur during the employee termination process and...
Medibank Refuses to Pay Ransomware Gang to Prevent Release of Customer Data
In October, Medibank, one of the largest private health insurers in Australia, suffered a ransomware attack that involved the theft of the data of almost 10 million customers. The group behind the attack is thought by some security researchers to be the notorious REvil ransomware gang. The new operation is known as BlogXX, after the name of the website used by the group. In conversations with victims, the group calls itself Sodinokibi...
Cybersecurity Awareness Month 2022 Focuses on People
Cybersecurity Awareness Month 2022 runs from October 1 to October 31, with the month of October having been dedicated to improving awareness about cybersecurity since 2004. Throughout October, the U.S. Cybersecurity and Infrastructure Security (CISA) and the National Cybersecurity Alliance (NCA) will lead a collaborative effort between government and industry to improve cybersecurity awareness in the United States and beyond. The...
TikTok Denies Theft of 2 Billion Data Records and Source Code
On September 3, 2022, a hacker operating under the name of AgainstTheWest claimed on a hacking forum that TikTok and WeChat had been breached and a database had been stolen from an Alibaba cloud repository that contained the personal information of users of the platforms. TikTok and WeChat are both Chinese companies; however, the companies are not owned by the same parent company, which suggests that the hacking claim may not be...
NSA and CISA Issue Guidance for Developers on Securing the Software Supply Chain
Guidance has been released by the U.S. National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the Office of the Director of National Intelligence (ODNI) on steps that can be taken by developers to secure the software supply chain. Cybercriminals and nation-state threat actors have targeted the software supply chain to efficiently attack large numbers of businesses, such as the SolarWinds...
Claroty Reports 57% Increase in Disclosed XIoT Vulnerabilities in 1H, 2022
There was a 57% increase in reported vulnerabilities affecting extended Internet of things (XIoT) devices in the first half of 2022, compared to the last half of 2021, according to the recently published State of XIoT Security: 1H, 2022 report from cybersecurity firm Claroty. XIoT is an umbrella term that covers connected cyber-physical devices within industrial, healthcare, and commercial enterprise IoT environments. Data collected...
NHS 111 Services Disrupted by Cyberattack on Managed Service Provider
The National Health Service (NHS) in the United Kingdom is currently dealing with a cyberattack on one of its managed service providers, Advanced. Birmingham-based Advanced helps operate NHS 111 services. NHS 111 is a web and telephone service where patients can get quick health and mental health information on non-urgent medical matters. Advanced detected the cyberattack on Thursday, August 4, 2022, and has confirmed it has affected...
Data Breach Costs Reach Record High of $4.35 Million; $9.4m in the US
The average cost of a data breach in 2022 has risen to $4.35 million and $9.4 million in the United States, according to the 2022 Cost of a Data Breach Report from IBM. For the past 17 years, IBM has been releasing annual reports that track the average cost of data breaches. 2022 has set new records for breach costs, with the average global cost of a data breach 2.6% higher than in 2021, and almost 13% higher than in 2020. This year’s...
NIST Releases Updated HIPAA Security Rule Guidance
The National Institute of Standards and Technology (NIST) has refreshed its HIPAA Security Rule compliance guidance. The guidance was last updated in 2008 and a lot has changed in the past 14 years ago, including the release of the NIST Cybersecurity Framework. The new guidance serves as a practical guide for the healthcare industry to help with the implementation of the HIPAA Security Rule, to better protect healthcare data from...
42% Of Americans Use the Same Password for Multiple Accounts
A recent survey conducted on 2,000 Americans by OnePoll on behalf of AT&T has provided insights into the level of cybersecurity knowledge of Americans and the cybersecurity risks many people take when using the Internet. According to the survey, 70% of respondents said they felt they were knowledgeable about cybersecurity and understand how hackers gain access to sensitive information on devices, but in many cases that knowledge...
Web Server Hacking Incident Results in $875,000 HIPAA Fine for Oklahoma State University
On January 5, 2018, Oklahoma State University – Center for Health Sciences (OSU-CHS) reported a web server hacking incident to the U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR). The subsequent OCR investigation determined multiple areas of noncompliance with the Privacy, Security, and Breach Notification Rules of the Health Insurance Portability and Accountability Act (HIPAA). Yesterday, OCR...
Study Highlights the Importance of Password Complexity
Poor security practices are commonly exploited by threat actors, and one of those practices that stands out is the exploitation of weak credentials. A password is often all that stands between a cyber threat actor and sensitive business data. If that password is chosen poorly, or heaven forbid is a default password that has not been changed, a hacker’s life is made so much easier. With the processing power of modern GPUs, weak...
PFC USA Data Breaches Affects Almost 660 Healthcare Provider Clients
Professional Finance Company Inc., (PFC) one of the largest accounts receivable management agencies in the United States, has announced that it was the victim of a ransomware attack in February 2022. While the intrusion was detected promptly and was blocked on February 26, 2022, the forensic investigation confirmed that the attackers accessed files on its network, which included the personal information of individuals that had been...
Hacker Claims Records of 1 Billion Chinese Nationals Stolen from Shanghai National Police
A hacker operating under the name ChinaDan claims to have stolen over 23 terabytes of data from Shanghai National Police (SHGA) databases. The dataset includes personal information on more than 1 billion Chinese nationals and several billion case records. The dataset, which spans several individual databases, is being offered for sale on hacking forums for 10 bitcoins – approximately $197,000. The data includes personal information...
How to Reduce Password Security Risks
Passwords are used to prevent unauthorized access to accounts and data. While passwords can be effective, there are password security risks that need to be reduced to a low and acceptable level, otherwise, accounts and sensitive data could be extremely vulnerable to cyberattacks. Password Security Risks If everyone set a strong, unique, and suitably long password for every account, passwords would provide a good level of protection;...
Cybersecurity Agencies Recommend Using PowerShell to Improve Forensics and Incident Response
Windows PowerShell is a useful and powerful scripting language and configuration management tool that can be used by Windows and system administrators for creating scripts to automate tasks. PowerShell is also extremely useful to cyber threat actors, who often abuse PowerShell after gaining access to victims’ networks. By using PowerShell, they don’t have to download their own toolsets and can hide their malicious activity. The...
Exposed Elasticsearch Instance Exposed the Data of Millions of BeanVPN Users
18.5GB of connection logs of individuals who use the free Virtual Private Network (VPN) service provided by BeanVPN have been exposed over the Internet. The logs contained more than 25 million records and included IP addresses, time stamps, Play Service IDs, and other sensitive data. VPNs are used by many people to hide their identities online; however, the exposed data could be used to de-anonymize users and could be used in a wide...
Feds Announce Seizure of Domains Used for Selling Stolen Credentials and Conducting DDoS Attacks
The Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) have announced they have seized the domain weleakinfo.to, along with two related domains – ipstress.in and ovh-booter.com – that were being used to sell access to stolen personal information and for conducting distributed denial of service (DDoS) attacks on victim networks. The domain seizures came following an international law enforcement...
General Motors Customers Targeted in Credential Stuffing Attack
General Motors has announced that certain customer accounts have been accessed by unauthorized individuals. Between April 11 and April 29, 2022, suspicious logins were detected in customer accounts. The investigation revealed unauthorized individuals accessed certain customer accounts and redeemed their reward points for gift vouchers. The compromised accounts contained information such as names, addresses, dates of birth, personal...
Ransomware Attacks Increased 13% in a Year
The 2022 Verizon Data Breach Investigations Report has been published, which shows the extent to which ransomware is being used in cyberattacks on businesses. Ransomware has proven to be a highly successful tool for monetizing system compromises. Threat actors gain initial access to the network, exfiltrate data, then encrypt files. Payment is demanded to prevent the sale or exposure of sensitive data and for the keys to decrypt files....
What is Password Spraying?
What is password spraying? Password spraying is a commonly used brute force method for gaining access to accounts. Here we explain what it is and how to thwart it. What is a Brute Force Attack? A brute force attack is a trial-and-error method of gaining access to an account when the password for the account is not known. In an attack, many different passwords are tried for a specific account in the hope of guessing the correct...
Common Password Attacks and How to Avoid Them
While passwordless authentication is becoming more popular, passwords remain the most common way of securing accounts and preventing unauthorized access. Passwords provide a degree of security, but there are several different password attacks that are effective at obtaining passwords to access the accounts they protect. In this post, we explain the most common password attacks, why they work, and how you can prevent them. Common...
One Fifth of Businesses Almost Forced into Insolvency Due to a Cyberattack
Many businesses struggle to survive following a cyberattack and data breach. According to a recent report from the Anglo-Bermudan insurance provider, Hiscox, one-fifth of businesses that suffered a serious cyberattack in the past 12 months nearly went insolvent as a result – 24% more than last year. It can take years of hard work to build a business, only for a mistake by an employee or an unpatched vulnerability to undo all that hard...
$150 Million Investment Plan Proposed for Improving Open-Source Security
At the Open Source Security Summit II in Washington D.C. last week, leaders of the open source community suggested a 2-year $150 million investment plan for improving open-source security in the U.S and upgrading cybersecurity resilience. More than 90 executives from over three dozen companies and government leaders were brought together by the Linux Foundation and the Open Source Software Security Foundation (OpenSSF) for the summit,...
What is Credential Stuffing?
Credential stuffing attacks are common causes of data breaches. Here we explain what a credential stuffing attack is, why they are often successful, and steps that can be taken to stop these attacks from succeeding. What is a Credential Stuffing Attack? Credential stuffing is a type of brute force attack – an attack where multiple attempts are made to guess a correct password. In a traditional brute force attack, a threat actor tries...
66% of Mid-Sized Firms Suffered a Ransomware Attack in 2021
There was a massive rise in ransomware attacks on mid-sized organizations in 2021, according to the recently published State of Ransomware 2022 report from cybersecurity firm Sophos. The survey was conducted by Vanson Bourne on 5,600 mid-sized organizations in North and South America, Europe, the Middle East, Africa, Asia, and Asia-Pacific and revealed 66% of those organizations had suffered at least one ransomware attack in 2021, up...
CISA: Hackers Actively Exploiting Windows Print Spooler Privilege Escalation Flaw
On February 2022 Patch Tuesday, Microsoft released a patch to fix a high severity Windows Print Spooler privilege escalation vulnerability, tracked as CVE-2022-22718, which was one of four privilege escalation vulnerabilities in the Windows Print Spooler component to be patched on February 8. The vulnerability was assigned a CVSS severity score of 7.8 out of 10 and was marked as ‘exploitation more likely’. Hackers can...
APT Actors Have Demonstrated the Capability to Attack ICS/SCADA Systems
Certain Advanced Persistent Threat Actors (APT) have demonstrated they have the capability to gain access to industrial control system (ICS) and supervisory control and data acquisition (SCADA) devices, including Schneider Electric programmable logic controllers (PLCs), OMRON Sysmac NEX PLCs, and Open Platform Communications Unified Architecture (OPC UA) servers, according to a joint cybersecurity alert issued by the U.S....
Microsoft Windows Autopatch to Replace Patch Tuesday
Microsoft intends to replace Patch Tuesday with a new Windows Autopatch managed service, which is due to be launched in July 2022. The new automated patching service aims to speed up the patching of known vulnerabilities and reduce the cost of patch management and will turn Patch Tuesday into “just another Tuesday.” Microsoft will be making the Windows Autopatch managed service available free of charge to Windows 10 and 11...
Average Ransom Payments Increased by 78% in 2021
The average ransomware payment increased by 78% to $541,010 in 2021, according to the recently published 2022 Unit 42 Ransomware Threat Report from Palo Alto Networks, with the average ransom demand increasing by 144% to $2.2 million. Many ransomware gangs conducted attacks last year, but the Conti ransomware gang was the most prolific and was responsible for around one-fifth of all attacks worked on by the Unit 42 team. The REvil...
SEC Proposes 4-Day Cybersecurity Incident Reporting Deadline for Publicly Traded Companies
New data breach reporting rule amendments have been proposed by the U.S. Securities and Exchange Commission (SEC) that require all publicly traded companies to report a material cybersecurity incident within 4 business days of discovery that a material cybersecurity incident has occurred. A material cybersecurity incident is any cybersecurity incident that shareholders would likely consider important. There are existing state and...
Alleged REvil Hacker Extradited to U.S. to Face Charges Over Kaseya Ransomware Attack
One of the alleged affiliates of the notorious REvil/Sodinokibi ransomware-as-a-service (RaaS) operation has been extradited to the United States to face charges related to the ransomware attacks on Kaseya and other entities in the United States. The U.S. Department of Justice believes Yaroslav Vasinskyi, 22, a Ukrainian national, is a long-standing affiliate of the REvil ransomware gang who was responsible for breaching corporate...
Survey Highlights Struggles Companies Have with User-Friendly Access Management
The password manager provider LastPass has recently published the findings of an IDC Global Survey on Identity and Access Management that has revealed many businesses are struggling to strike a balance between security and the user experience. Passwordless authentication is gaining traction, but passwords remain the primary way of preventing unauthorized account access. Password guidelines require passwords to be set that are of...
Poor Cybersecurity Practices Put Organizations’ Security at Risk
A recent survey commissioned by Mobile Mentor has revealed poor cybersecurity practices are commonplace working in highly regulated industries and those bad practices are a major threat to security. The survey was conducted by the Center for Generational Kinetics on 1,000 employees in the United States and 500 in Australia, all of whom worked in healthcare, education, finance, or the government. The study examined the endpoint...
Source Code and Internal Conti Ransomware Communications Leaked Online
An unknown individual, believed to be a member of the Conti ransomware gang, has leaked sensitive internal Conti ransomware communications and the source code of its encryptor, decryptor, builder, BazarBackdoor APIs, and TrickBot C&C infrastructure. This week has seen the Conti ransomware gang suffer a series of damaging data leaks. First came the publication of internal communications between gang members that had been stolen...
CISA Warns Critical Infrastructure Entities About the Risk of Foreign Influence Operations
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to critical infrastructure organizations about the threat of foreign influence operations. Malicious actors use a range of tactics to shape public opinion in targeted countries and undermine trust in critical infrastructure. These tactics can amplify division and sow discord, and typically involve the distribution of misinformation, disinformation,...
Free Cybersecurity Tools to Adopt to Improve Your Security Capabilities
Cybersecurity budgets are usually limited, so it is not possible to purchase multiple best-in-class cybersecurity solutions, but the good news is there are many free cybersecurity tools that can be adopted to improve security capabilities at zero cost. There is no silver bullet when it comes to cybersecurity. Several cybersecurity solutions must be used to protect against intrusions and detect and block attacks in progress, which can...
2021 Was a Record-breaking Year for Vulnerability Disclosures
Risk Based Security has released its 2021 vulnerability report which shows 2021 was a record-breaking year for vulnerability disclosures. 28,695 flaws were disclosed in 2021, which is a 23.3% increase from the 23,269 vulnerabilities disclosed in 2020. The exploitation of unpatched vulnerabilities is a common way for cybercriminals to gain access to business networks, especially ransomware actors, so it is vital for businesses to patch...
Safer Internet Day 2022: Improve Well-Being Online and Privacy and Security
Every year, a day is dedicated to making the Internet a safer place for children and young people; however, this year, rather than having a single day of activities, resources are being made available and events have been scheduled for every day of the week, with Tuesday, February 8, 2022, set as Safer Internet Day 2022. Safer Internet Day 2022 Each year has a different theme, and this year the event is focused is Improving Well-Being...
Hacker Steals $326 Million from the Wormhole Cryptocurrency Platform
A hacker has exploited a zero-day vulnerability in the Wormhole cryptocurrency platform and stole approximately $326 million in cryptocurrency. After exploiting the vulnerability, the hacker minted and stole 120,000 wrapped Ether tokens on the Solana blockchain, then converted 80,000 to Ethereum, then started to trade what remained on the Solana blockchain. The Wormhole platform is used to transfer cryptocurrency across different...
California Attorney General Shares Tips for Avoiding Identity Theft
California Attorney General Rob Bonta has provided Californians with tips for avoiding identity theft and fraud in recognition of Identity Theft Awareness Week 2022. Identity theft is where someone steals an individual’s personal data and uses the information to impersonate that individual in order to commit fraud, such as opening lines of credit in the victim’s name. As more people now rely on online services for work and personal...
January 28, 2022 is Data Privacy Day – A Day to Take Steps to Improve the Privacy of Personal Data
Today is Data Privacy Day – An annual day with a focus on raising awareness of best practices for keeping personal data private and confidential along with the techniques and tools that can be adopted by all individuals to better protect them against data theft, identity theft, and other types of fraud. Data Privacy Day – January 28 – started as Data Protection Day in 2006 and was initiated by the Council of Europe. Two years later,...
QNAP: Immediate Action Required to Prevent Deadbolt Ransomware Attacks on NAS Devices
QNAP, a Taiwanese manufacturer of network-attached storage (NAS) devices, has issued a warning to all customers to ensure they are running the latest software and to reconfigure their systems to improve resilience to ransomware attacks. A campaign has been identified involving a new ransomware variant called Deadbolt, which is being used in attacks on QNAP NAS devices that are exposed to the Internet. The campaign has only recently...
ITRC Says Record-breaking Numbers of Data Compromises Were Reported in 2021
New data from the Identity Theft Resource Center (ITRC) shows record numbers of data breaches were reported in 2021, beating the previous record of 1,506 data breaches set in 2017 by 23%. 1,862 data compromises were reported in 2021, which is a 68% increase from 2020. There was also a slight increase in the number of reported breaches involving sensitive information such as Social Security numbers, which jumped from 80% in 2020 to 83%...
Almost 6 Billion Credentials Were Leaked Online in 2021
A new report from Atlas VPN has revealed nearly 6 billion accounts were affected by data leaks and data breaches in 2021, which made 2021 a record-breaking year for credential theft. Atlas VPN obtained information on data breaches from multiple sources and includes reported data breaches between January 1st, 2021, and December 31st, 2021. In total, more than 5.9 million unique sets of credentials were stolen or leaked online in 2021....
Accellion Proposes $8.1 Million Settlement to Resolve Class Action Data Breach Lawsuit
Accellion has proposed an $8.1 million settlement to resolve a class action data breach lawsuit related to the December 2020 cyberattack on its legacy File Transfer Appliance. In December 2020, two Advanced Persistent Threat groups linked to FIN11 and the CLOP ransomware gang exploited vulnerabilities in the Accellion File Transfer Appliance (FTA) and exfiltrated a large about of customer data. Customers included law firms, insurance...
14 REvil Ransomware Gang Members Arrested by Russian Government
The Federal Security Service (FSB) of the Russian Federation has announced 14 individuals suspected of being part of the notorious REvil ransomware operation have been arrested in coordinated raids on 25 properties in the Leningrad, Lipetsk, Moscow, and St. Petersburg regions of Russia. The FSB said the arrests were made after information was passed to the FSB from U.S. authorities about the leader of the REvil operation, along with a...
New York Attorney General Issues Business Guide for Credential Stuffing Attacks
The Bureau of Internet and Technology at the Office of the New York State Attorney General (OAG) has issued a Business Guide for Credential Stuffing Attacks to raise awareness of the threat and offer advice on steps that can be taken to prevent and mitigate attacks. Credential stuffing is a type of brute force attack where credentials stolen in previous data breaches are used to gain access to other online accounts. Bots are used to...
Google Announces the Acquisition of the Israeli Cybersecurity Company Siemplify
Google has confirmed the acquisition of the Israeli cybersecurity firm Siemplify as it continues its push into the cloud-based and enterprise cybersecurity market. Siemplify was founded in Tel Aviv in 2015 by Amos Stern, Alon Cohen, and Garry Fatakhov and specializes in SOAR (security orchestration, automation, and response) technology that automates the security operations lifecycle. Siemplify has raised $58 million in investment...
LastPass Denies Data Breach After Users Claim Their Master Passwords Were Used to Access Their Vaults
Several LastPass users have claimed their master passwords have been used by unauthorized individuals to access their password vaults, including individuals who claim never to have shared their master password with any other platform, which led to claims there had been LastPass data breach. The first attacks on users’ password vaults appear to have started on Monday, December 27, 2021. A password manager allows users to easily create...
Log4J Vulnerability Scanning Tool Released by CISA
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a scanner that can be used to identify web services affected by the two recently disclosed Apache Log4J remote code execution vulnerabilities CVE-2021-44228 (Log4Shell) and CVE-2021-45046, which have been fixed, along with a further DoS vulnerability (CVE-2021-45105) in version 2.17. The scanner – available on GitHub here – was assembled with...
Actively Exploited Log4Shell Vulnerability in Apache Log4j is as Bad as it Gets
A recently discovered vulnerability in the Apache Log4j Java-based logging library is widely considered to be one of the most dangerous vulnerabilities ever to be discovered, and it is being actively exploited in the wild. The flaw is easy to exploit, can be exploited remotely without authentication, and can allow remote code execution allowing a full server takeover. A proof-of-concept (PoC) exploit for the flaw is in the public...
Survey: 90% of IT Leaders Guilty of Reusing Passwords
Bitwarden has released the results of its second annual Password Decisions Survey, which explored the technology being used by IT decision makers, the security risks they face and take, and their password management and password sharing practices. The survey was conducted on 400 IT decision makers by Propeller Insights. The survey confirmed that password manager solutions are now commonly used by businesses. 86% of respondents said...
30% of Security Breaches Are Caused by Poor Password Practices
Passwords can provide a very good level of security but many people are guilty of poor password practices. While there are now alternatives to passwords that provide a greater level of security, we are not yet at the stage when passwords can be retired and passwords are likely to remain the main method of securing accounts for some time to come. GoodFirms decided to take a closer look at password practices people to identify some of...
FBI Seizes $2.3 Million in Ransomware Payments from Russian Affiliate of REvil and GandCrab RaaS Operations
The Federal Bureau of Investigation (FBI) has seized 39.89 Bitcoins with a current value of around $2.3 million from a Russian national alleged to be an affiliate of the REvil (Sodinokibi) and GandCrab ransomware-as-a-service (RaaS) operations. According to a complaint that was unsealed on November 30, 2021, the funds were seized on August 3, 2021, from an Exodus wallet, which is used by individuals to store a range of different...
GoDaddy Data Breach Affects 1.2 Million Customers and 6 Web Hosts
On November 22, GoDaddy said it was the victim of a data breach that exposed the email addresses and customer numbers of up to 1.2 million active and inactive Managed WordPress users. The breach also exposed the original admin-level WordPress passwords for those accounts that were created when WordPress was first installed. The passwords could have allowed access to customers’ WordPress servers. Active customers also had their sFTP...
Survey Reveals Worrying Lack of Action by Consumers After Receiving a Breach Notification Letter
The National Institute of Standards and Technology (NIST) no longer recommends regular password changes for employees, as while updating passwords every few months does improve password security on paper, forcing employees to regularly change passwords does not improve security in practice. In fact, it often makes things worse as employees start with a strong password, and over time the strength of their passwords decreases. One of...
Ransomware Attacks on CNA, Colonial Pipeline, and JBS the Result of Minor Security Lapses
Ransomware attacks in 2021 have increased to record levels and no industry sector is immune. Cyber threat actors have become bolder and have conducted an increasing number of attacks on healthcare organizations, where the lack of access to systems and data has put patient safety at risk, while attacks on critical infrastructure have threatened food production and fuel availability. The escalation of attacks in the United States has...
Legitimate FBI System Hacked and Used to Send Spam Emails About Fake Cyberattack
A spam email campaign involving at least 100,000 emails has been conducted using ‘hacked’ FBI-owned servers. The messages advised the recipients that their network had been breached and data was stolen. The emails were sent from the legitimate [email protected] email account and, as such, were passed by the DomainKeys Identified Mail (DKIM) mechanism. The Spamhaus project said the messages were delivered to at least 100,000 mailboxes,...
House of Representatives Passes Two Bills to Help SMBs Improve Cybersecurity
Two bills have been passed by the U.S. House of Representatives that will help small- and medium-sized businesses improve cybersecurity. The Small Business Administration (SBA) Cyber Awareness Act of 2021 sailed through with a vote of 423/0, and the Small Business Development Center Cyber Training Act of 2021 had strong support, being passed with a vote of 409/14. The SBA Cyber Awareness Act of 2021 was introduced by Reps. Young Kim...
BlackMatter Ransomware Operation Shuts Down
Law enforcement agencies around the world have stepped up their efforts to disrupt ransomware gangs in recent months. The infrastructure of the notorious REvil ransomware gang was recently compromised by law enforcement in an international operation, Europol announced a dozen key members of ransomware gangs had been arrested in Ukraine and Switzerland, and now the BlackMatter ransomware gang has announced it is shutting down its...
Europol Announces Arrest of 12 Individuals Suspected of Conducting Over 1,800 Ransomware Attacks
Ransomware gangs have been able to conduct thousands of attacks on businesses with little threat of being caught, but the massive increase in attacks in 2020 and 2021 has seen law enforcement efforts to combat the cybercriminal activity stepped up. In the United States, ransomware attacks have been elevated to a level similar to terrorist attacks following high profile attacks on critical infrastructure, with the U.S. and its partners...
REvil Outages and Shutdown Due to Multinational Law Enforcement Effort
The ransomware attacks on Colonial Pipeline and JBS hammered home the point that ransomware attacks are a national security issue that threatens the lives of all Americans, rather than simply attacks on U.S. businesses. Following the attacks, the White House announced that additional steps would be taken to deal with the ransomware threat and disrupt the activities of ransomware groups, with additional resources made available to...
Sinclair Broadcast Group Suffers Evil Corp Ransomware Attack
The prolific Russian cybercriminal group Evil Corp has started using a new ransomware variant named Macaw Locker. The latest attack was conducted on the U.S. telecommunications conglomerate Sinclair Broadcast Group. Sinclair Broadcast Group is the second largest TV station operator in the United States and owns and operates 185 TV stations and 620 channels. The attack caused disruption to IT systems, with the technical difficulties...
$5.2 Billion in Ransomware Payments Identified by FinCEN
The U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) has identified $5.2 billion in outgoing Bitcoin transactions in cryptocurrency wallets linked to ransomware gangs, highlighting the extent to which ransomware is being used in attacks in the United States and how much money is being made by ransomware threat actors. FinCEN analyzed 635 Suspicious Activity Reports (SARs) filed by financial institutions...
Reporter Referred to Missouri Prosecutor for Notifying State About Data Leak
A reporter at the St. Louis Post-Dispatch who alerted the Missouri Department of Elementary and Secondary Education (DESE) that a web application was leaking the sensitive data of teachers and other school workers has been reported to the Cole County prosecutor by state Governor Mike Patterson. Governor Patterson has also threatened to initiate criminal proceedings against anyone who assisted the reporter or who also accessed the...
Operator of Botnet Used for DDoS and Password Spraying Attacks Arrested in Ukraine
A hacker alleged to be the creator and manager of a powerful botnet consisting of more than 100,000 devices has been arrested by law enforcement officers in Ukraine. The unnamed hacker was arrested at his home in Prykarpattia and computer equipment was seized that was being used to control the botnet. The botnet was used by paying customers for a variety of attacks, including Distributed Denial of Service (DDoS) attacks, spamming,...
Ransomware Intrusion Actor FIN12 is Aggressively Targeting the Healthcare Sector
While healthcare providers were struggling to cope with providing care to COVID-19 patients during the pandemic, they have been under attack from ransomware gangs. One group which has been particularly active and has been targeting the healthcare industry is FIN12. Approximately 20% of the attacks conducted by FIN12 since September 2020 have been on the healthcare industry, with other targeted sectors including education,...
9 out of 10 Malware Delivered via HTTPS Encrypted Connections
The latest Internet Security Report from WatchGuard Technologies has confirmed the majority of malware infections occur via HTTPS encrypted connections, which demonstrates the importance of implementing a web filtering solution capable of HTTPS inspection. If HTTPS inspection is not enabled, businesses will have no visibility into HTTPS encrypted traffic and 9 out of 10 malware downloads will not be identified and blocked. The Q2,...
October is National Cybersecurity Awareness Month
2021 National Cybersecurity Awareness Month has kicked off with the goal of improving awareness of cybersecurity and the importance of adopting cybersecurity best practices to make it harder for hackers, phishers, and online scammers to succeed. Digital safety and security have never been more important, with cyberattacks on businesses at record levels and ransomware gangs conducting huge numbers of attacks. “Our Nation is under a...
Insider Risk Self-Assessment Tool Released by CISA
Public and private sector organizations are being targeted by threat groups looking to gain access to their networks and sensitive data, but not all threats are external. Steps must also be taken to protect against insider threats, which can be just as harmful. Insiders pose a serious threat to any organization. Malicious insiders have the advantage of having institutional knowledge and being trusted with access to sensitive data and...
Security Agencies Publish New Guidance on Selecting VPN Solutions and Hardening Security
Joint guidance has been released by the National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) on selecting Virtual Private Network (VPN) solutions and hardening security. VPN solutions are implemented to improve security for remote workers, as they create an encrypted tunnel into protected networks through which all data traffic is routed; however, VPN entry points into networks can be...
Women and Minorities More Likely to Be Victims of Cybercrime
Just as there is inequality in life, there is also inequality online. Demographics play a big part in how individuals are targeted by cybercriminals and some groups of people are much more likely than others to be victims of cybercrime, according to a recent survey of 5,000 people in the United States. The study, conducted by Malwarebytes in partnership with Digitunity and the Cybercrime Support Network, is detailed in the recently...
Cyberattacks on IoT Devices More Than Double in a Year
A new report from Kaspersky found attacks on Internet-of-Things (IoT) devices have more than doubled since 2020, as cyber threat actors are increasingly turning their attention on the devices to steal sensitive data, hijack the devices and add them to botnets for conducting DDoS attacks, and for installing cryptocurrency miners. Between January 1 and June 30, 2021, Kaspersky says telemetry data collected through its honeypots shows...
288% Increase in Ransomware Attacks Between Q1 and Q2, 2021
There was a massive 288% surge in ransomware attacks between the first and second quarters of 2021, according to research recently published by NCC Group. The Conti ransomware gang was the biggest threat in this period, having conducted 22% of the attacks. The Avaddon ransomware gang was also particularly active and was behind 17% of the attacks. The Avaddon ransomware-as-a-service (RaaS) operation is believed to have been shut down,...
9 Out of 10 Industrial Companies Vulnerable to Cyberattacks
A recent study conducted by Positive Technologies has revealed 91% of industrial companies are vulnerable to cyberattacks. Positive Technologies’ penetration testers determined vulnerabilities had not been addressed in all of those companies, and that external cyber threat actors could exploit the security vulnerabilities to gain access to their corporate networks, obtain credentials, and take full control of their IT infrastructure....
CISA Adds Single-Factor Authentication for Remote and Administrative Access to Cybersecurity Bad Practices Catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its list of cybersecurity bad practices that should be avoided. The Bad Practices Catalog was first published in July 2021 and, upon its launch, only included two entries. A third has now been added to the list. The list includes practices that CISA advises against due to them being exceptionally risky. The entries on the list may seem obvious security errors...
38 Million Records Exposed Online Due to Default Settings in Microsoft App Building Tool
Researchers at UpGuard have discovered a huge amount of sensitive data have been exposed over the Internet due to default permissions not being changed on a tool developed by Microsoft for building apps. The researchers discovered many Microsoft Power Apps portals had not had the default settings changed, which were set to public access. An investigation was launched by the researchers in May 2021 after the discovery of one leaking...
CISA Publishes Guidance on Protecting Sensitive Data from Ransomware-Caused Data Breaches
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published new guidance to help public and private sector organizations deal with the increasing ransomware threat, specifically ransomware gangs using double extortion tactics in which sensitive data are located and exfiltrated prior to file encryption. Double extortion has become the norm in ransomware attacks. When data are stolen, victim organizations are required...
T-Mobile Investigating Potential Breach of Data of Millions of Customers
On Friday August 14, 2021, a cyber threat actor listed a stolen database for sale on a hacking forum which includes data from a recent hack of servers belonging to T-Mobile that allegedly contains the sensitive personal data of around 100 million T-Mobile customers. The database allegedly contains customer names, International Mobile Subscriber Identity numbers (IMSIs), International Mobile Equipment Identity numbers (IMEIs), phone...
NCSC Recommends Against Arbitrary Password Complexity Requirements
The UK National Cyber Security Centre (NCSC) has made new recommendations for password creation that are intended to ensure passwords meet requirements for complexity while also making them easy for users to remember. While the latest password guidance may reduce password complexity compared to the standard password advice of creating passwords consisting of a random selection of characters, the former approach hasn´t been wholly...
NSA/CISA Publish Guidance on Improving Kubernetes Security
The U.S. National Security Agency (NSA) and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) have issued new guidance on improving Kubernetes security. The guidance document includes best practices for securing container environments and blocking key threats such as supply chain attacks, data theft, and malicious attacks by insiders. Kubernetes is an open-source container-orchestration system used to automate the...