Select Page

Cybersecurity News

Weekly Summary of the Top Stories in Cybersecurity

Cybersecurity News: August 23, 2021

Cybersecurity News: August 23, 2021

Ransomware Attacker Offers Employees a Cut if They Install DemonWare on Their Organization’s Systems

Dark Reading, Kelly Jackson Higgins
“I don’t know how successful it will be at the end of the day, but they are not looking at a high success rate…They want to make enough money to make the ROI.” Read More

Hackers who breached T-Mobile stole personal data for ~49 million accounts

ARS Technica, Dan Goodin
“The haul includes customers’ first and last names, date of birth, SSN, and driver’s license/ID information …. The unknown hackers obtained the same data from more than 40 million records belonging to former or prospective customers who had previously applied for credit with T-Mobile.” Read More

Small companies make good targets for cybercriminals

Beta News, Clive Madders
“Their defences are very likely vulnerable, offering a soft target to cybercriminals…with 61 percent of SMBs reporting being victim to at least one cyber attack in the past year.” Read More

Secret terrorist watchlist with 2 million records exposed online

Bleeping Computer, Ax Sharma
“Such databases are regarded as highly sensitive in nature, considering the vital role they play in aiding national security and law enforcement tasks.” Read More

US Agencies Ordered to Pinpoint Critical Software

Infosecurity Magazine, Sarah Coble
“The federal government must improve its efforts to detect, identify, deter, protect against, and respond to these campaigns and their perpetrators.” Read More

Cybersecurity News: August 16, 2021

Cybersecurity News: August 16, 2021

Microsoft confirms another Windows print spooler zero-day bug

Bleeping Computer, Lawrence Abrams
“An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.” Read More

Data Breach at Georgia Health System

Infosecurity Magazine, Sarah Coble
“SJ/C employees had to revert to downtimes procedures such as using pens and paper to complete documentation. While the incident led to EHR downtime, imaging, primary care, surgery, and special physician appointments were unaffected.” Read More

Hackers netting average of nearly $10,000 for stolen network access

ZD Net, Jonathan Greig
“The most common features of these sales are RDP credentials and VPN credentials, both of which are being used considerably more due to the pandemic.” Read More

One million stolen credit cards leaked to promote carding market

Bleeping Computer, Lawrence Abrams
“At present, the feedback returned to our analysis team is still limited, but they are showing an incidence close to 50% of cards still operational, not yet identified as compromised.” Read More

Millions of Senior Citizens’ Personal Data Exposed by Misconfiguration

Infosecurity Magazine, James Coker
“[The misconfigured bucket] contained more than one million files and 182GB of data, none of which was encrypted and did not require a password or login credentials to access.” Read More

Cybersecurity News: August 9, 2021

Cybersecurity News: August 9, 2021

New phishing campaign lures victims with compromised SharePoint website

IT Pro, Rene Millman
“The lure email pretends to be a “file share” request to access some so-called ‘Staff Reports,’ ‘Bonuses,’ ‘Pricebooks,’ and other content hosted in a supposed Excel spreadsheet.” Read More

Average Cost to Buy Access to a Compromised Company: $1,000

Dark Reading, Robert Lemos
“We think it means that the initial access brokers, the most successful ones, they found more ready buyers and so they are trading in private conversations, which is harder to be tracked by researchers.” Read More

Chinese Hackers Compromised Telecom Companies, Researchers Say

Bloomberg, Ryan Gallagher
“”…the hackers had obtained ‘the holy grail of espionage,’ by gaining total control of the telecommunication networks they penetrated.” Read More

This Android malware steals your data in the most devious way

BGR, Andy Meek
“For the first time…we are seeing an Android banking Trojan that has screen recording and keylogging as (the) main strategy to harvest login credentials in an automated and scalable way.” Read More

Chipotle email marketing hacked to send phishing emails

TechRadar, Anthony Spadafora
“Many of the emails sent out from the hacked Mailgun account led users to a fake Microsoft login page with the aim of harvesting their credentials.” Read More

Cybersecurity News: August 2, 2021

Cybersecurity News: August 2, 2021

US Government Unlikely to Ban Ransomware Payments

Dark Reading, Robert Lemos
“[I]f you ban ransom payments, now you are putting US companies in a position of another extortion, which is being blackmailed for paying the ransom and not sharing that [information] with authorities. It is a really complicated conversation…” Read More

Average organization targeted by over 700 social engineering attacks each year: report

ZDNet, Jonathan Greig
“Targeting lower level employees offers [attackers] a way to get in the door and then work their way up to higher value targets. That’s why it’s important to make sure you have protection and training for all employees, not just focus on the ones you think are the most likely to be attacked.” Read More

UC San Diego Health discloses data breach after phishing attack

Bleeping Computer, Sergiu Gatlan
“The attackers may have accessed or acquired the personal information of patients, employees, and students between December 2, 2020, and April 8, 2021, after breaching the email accounts in a phishing attack.” Read More

Cloud mishaps will worsen in the year ahead, say majority of security pros

SC Magazine, Steve Zurier
“The cloud adds much more resiliency to organizations’ infrastructure, but the drawback is the loss of visibility and control. From a detection standpoint, there’s no view into what happens inside a data center.” Read More

Officials who are US allies among targets of NSO malware, says WhatsApp chief

The Guardian, Stephanie Kirchgaessner
“This should be a wake up call for security on the internet … mobile phones are either safe for everyone or they are not safe for everyone.” Read More

No Results Found

The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.

Mitre Disrupting Advanced Persistent Threats