14 June 2022
2021
200 most common passwords of 2021
https://www.thesundaily.my/local/200-most-common-passwords-of-2021-AX8707763
Excerpt:
“PETALING JAYA: 123456 is the most popular password, according to the 2021 research by NordPass. Moreover, it is the top password in 43 countries out of the 50 analysed and is also the most popular worldwide.”
$30 million stolen from Grim Finance, audit firm blames new hire for vulnerability
Jonathan Greig
Excerpt:
“DeFi protocol Grim Finance said about $30 million was stolen this weekend by hackers exploiting a vulnerability in their platform.”
Cyber-Attack Impacts Aussie Companies
Sarah Coble
https://www.infosecurity-magazine.com/news/cyberattack-impacts-aussie/
Excerpt:
“A cyber-attack on Australian recruitment company Finite Group is impacting both companies and government agencies across the country.”
Belgian defense ministry hit by cyberattack
Laurens Cerulus
https://www.politico.eu/article/belgium-defense-ministry-hit-with-cyberattack/
Excerpt:
“Belgium's ministry of defense confirmed on Monday it had been hit by a cyberattack. Hackers exploited a vulnerability in software called Log4j, which was discovered earlier in December, a ministry spokesperson told local media. The ministry uncovered the attack last Thursday.”
Phishing attacks impersonate Pfizer in fake requests for quotation
Bill Toulas
Excerpt:
“Threat actors are conducting a highly targeted phishing campaign impersonating Pfizer to steal business and financial information from victims.”
Sainsbury's payroll hit by Kronos attack
Joe Tidy
https://www.bbc.com/news/technology-59683889
Excerpt:
“Sainsbury's is among major businesses in the UK and US affected by a cyber-attack on a payroll system provider.”
Ex-Netflix Executive Gets Prison for Accepting Tech Bribes
Excerpt:
“A former Netflix executive was sentenced Tuesday to 2 1/2 years in federal prison for taking bribes and kickbacks from tech companies to approve lucrative contracts with the streaming giant.”
Ransomware hits HR solutions provider Kronos, locking customers out of vital services
Zeljka Zorz
https://www.helpnetsecurity.com/2021/12/14/kronos-ransomware/
Excerpt:
“The end of the year chaos caused by the revelation of the Log4Shell vulnerability has, for some organizations, been augmented by a ransomware attack on Ultimate Kronos Group (UKG), one of the biggest HR and workforce management solutions providers in the US.”
A Bank SMS Text Phish Attempt
Andrew Swoboda
https://www.tripwire.com/state-of-security/security-data-protection/a-bank-sms-text-phish-attempt/
Excerpt:
“Phishing attempts over text messages are becoming more prevalent. I received an SMS text message that contained a phishing attempt for a Canadian Bank. The message implied that I have received a new notification with this bank and I should visit the provided link. I usually do not click on any links, but I decided to see what would happen when I navigated to the page.”
Police Arrest Suspected Ransomware Actor in Romania
Phil Muncaster
https://www.infosecurity-magazine.com/news/police-arrest-suspected-ransomware/
Excerpt:
“European and US law enforcers have joined forces to arrest a suspected ransomware affiliate member who targeted firms in an IT supply chain attack.”
Kronos hit with ransomware, warns of data breach and 'several week' outage
Jonathan Greig
Excerpt:
“HR management platform Kronos has been hit with a ransomware attack, revealing that information from many of its high-profile customers may have been accessed.”
Irish Health Service ransomware attack happened after one staffer opened malware-ridden email
Gareth Corfield
https://www.theregister.com/2021/12/10/ireland_health_conti_ransomware_attack_report/
Excerpt:
“Ireland's Health Service Executive (HSE) was almost paralysed by ransomware after a single user opened a malicious file attached to a phishing email, a consultancy's damning report has revealed.”
Indian Prime Minister Modi’s Twitter account was ‘briefly compromised’
Manish Singh
Excerpt:
“The Twitter account of India’s Prime Minister Narendra Modi was “briefly compromised” on Sunday, his office said.”
Brazilian Ministry of Health suffers cyberattack and COVID-19 vaccination data vanishes
Angelica Mari
Excerpt:
“Websites under Brazil's Ministry of Health (MoH) have suffered a major ransomware attack that resulted in the unavailability of COVID-19 vaccination data of millions of citizens.”
30% of online users suffered security breaches due to weak passwords
https://www.helpnetsecurity.com/2021/12/10/poor-password-practices/
Excerpt:
“A GoodFirms survey outlines the current password behavior of online users, risk factors associated with password management, and the best measures, policies, and practices to safeguard passwords from attacks or breaches. 30% of surveyees reported password leaks and security breaches owing to poor password practices and weak password setups.”
Sophisticated identity document fraud increased 57% over previous year
https://www.helpnetsecurity.com/2021/12/09/sophisticated-identity-document-fraud/
Excerpt:
“Over the past 12 months, 47% of all identity document fraud was classed as ‘medium’ sophisticated fraud, which is a 57% increase over the previous year, an Onfido report reveals.”
US Cyber Command head confirms direct actions against ransomware gangs
Michael Gariffo
Excerpt:
“General Paul M. Nakasone, head of US Cyber Command confirmed during a recent national security event that his agency has begun taking direct action against international ransomware gangs as part of a larger effort to curtail attacks on American companies and infrastructure.”
University Targeted Credential Phishing Campaigns Use COVID-19, Omicron Themes
Selena Larson And Jake G
Excerpt:
“Proofpoint researchers have identified an increase in email threats targeting mostly North American universities attempting to steal university login credentials. The threats typically leverage COVID-19 themes including testing information and the new Omicron variant.”
Cyberattack forces supermarket Spar to close some stores
Danny Palmer
https://www.zdnet.com/article/a-cyber-attack-has-forced-supermarket-spar-to-close-some-stores/
Excerpt:
A cyberattack has forced supermarket chain Spar to close some of its UK stores. The retailer, which has 2,600 locations in the UK, said it has been hit by what it describes as an "online attack", leaving some stores without the ability to take payments by card.”
Webcast: Why your email encryption solution is doomed
https://www.helpnetsecurity.com/2021/12/07/webcast-why-your-email-encryption-solution-is-doomed/
Excerpt:
“Have you tried to set up top-notch email encryption and failed? Up-to-date email encryption solutions are in states of constant change with new use-cases constantly being created.”
Cyberattack Causes Significant Disruption at Colorado Electric Utility
Eduard Kovacs
https://www.securityweek.com/cyberattack-causes-significant-disruption-colorado-electric-utility
Excerpt:
“An electric utility in Colorado has disclosed an apparent ransomware attack that resulted in significant disruption and damage.”
Cuba Ransomware Nets Nearly $50m
Phil Muncaster
https://www.infosecurity-magazine.com/news/cuba-ransomware-nets-nearly-50m/
Excerpt:
“The threat actors behind the Cuba ransomware variant have already amassed $44m through targeting of at least 49 victims, according to the FBI. The bureau’s latest 'flash' alert revealed that the group had demanded at least $74m from its victims. These victims frequently come from critical infrastructure sectors like financial, government, healthcare, manufacturing, and IT.”
Banking Trojan Targets Banking Users In Malaysia
https://blog.cyble.com/2021/12/01/banking-trojan-targets-banking-users-in-malaysia/
Excerpt:
“Trojans pose a serious threat to Android devices as they are difficult to identify as they perform malicious activities behind the garb of legitimate features. This blog focuses on one such malicious Android application that pretends to be a cleaning service in Malaysia to target users through SMS stealing and stealing bank credentials. This application appears to be mimicking the official website of cleaningservicemalaysia[.]com by creating a fake website and Android application to trick unsuspecting users into stealing their SMS data and Net banking credentials.”
FBI training document shows lawful access to multiple encrypted messaging apps
Pierluigi Paganini
https://securityaffairs.co/wordpress/125176/security/encrypted-messaging-apps-data-access.html
Excerpt:
“The Record shared an FBI training document that reveals the surveillance capabilities of the US law enforcement detailing which data can be extracted from encrypted messaging apps. The document analyzes lawful access to multiple encrypted messaging apps, including iMessage, Line, Signal, Telegram, Threema, Viber, WhatsApp, WeChat, or Wickr.”
DNA testing center admits to breach affecting SSNs, banking info of more than 2 million people
Jonathan Greig
Excerpt:
“A DNA testing company has reported a data breach that leaked the personal information -- including Social Security Numbers and banking information -- of more than 2 million people, according to a notification letter the company is sending out to those affected.”
East Asian hacker organization BlackTech launches attacks against industries such as finance and education
Excerpt:
‘BlackTech is a commercial espionage organization mainly targeting East Asia. Its activities can be traced back to 2010. Its target industries include finance, government, technology, education, sports, and culture. Its purpose is to steal confidential data (various account secrets). , Confidential documents, etc.) and obtain economic benefits. The organization mainly uses spear phishing emails to attack, and it uses Trojan horses such as Plead, TSCookie, Gh0st, and Bifrose.”
Despite the popularity of password managers, many still use pen and paper
https://www.helpnetsecurity.com/2021/12/01/password-managers-use/
Excerpt:
“Password managers are a near-defacto standard for organizations, with 86% reporting they are being put to use, according to a Bitwarden survey of over 400 U.S. IT decision makers across a wide range of industries. This reflects a 9% increase in the use of password managers over the past year”