April 16, 2024 at 09:47AM The LockBit ransomware group launched a sophisticated attack in West Africa using a leaked variant of LockBit 3.0. Kaspersky discovered this new variant and flagged its ability to generate custom, self-propagating ransomware. The attack involved using leaked privileged credentials and affected multiple systems. Organizations are advised to take preventive measures … Read more
April 12, 2024 at 02:25PM CISA issued an emergency directive in response to a Russian cyber threat targeting Microsoft email accounts. The group, known as Midnight Blizzard, is exfiltrating information and has already affected several companies. The directive requires federal agencies to investigate, reset compromised credentials, and secure privileged accounts. All organizations are urged to … Read more
April 10, 2024 at 10:21AM Password reuse poses a significant cybersecurity risk for organizations. Despite strong password policies, end-users often prioritize convenience, leading to widespread reuse. This creates opportunities for hackers to exploit and gain unauthorized access to sensitive data. Addressing this issue requires a multi-faceted approach including user education, multi-factor authentication, password managers, and … Read more
March 27, 2024 at 06:17PM A targeted multi-factor authentication bombing campaign is targeting Apple device owners, bombarding them with password reset requests. It aims to exhaust users into accidentally allowing a password reset and includes sophisticated tactics such as spoofed support calls. Users are advised to be cautious and vigilant in responding to unexpected alerts … Read more
March 25, 2024 at 08:51AM Microsoft discovered a data breach by Russian-state hackers accessing an old, inactive account using a password spray attack. This breach compromised sensitive email accounts and highlighted the vulnerability of all user accounts, not just privileged ones. Organizations are urged to prioritize robust password protection measures, including strong password policies, multi-factor … Read more
March 19, 2024 at 02:22PM The Ukrainian cyber police, in collaboration with national police, have arrested three individuals accused of hijacking over 100 million emails and Instagram accounts worldwide, using specialized software to brute-force account passwords. The cybercriminals sold access to compromised accounts and are charged with unauthorized interference in information systems, with a potential … Read more
March 8, 2024 at 11:03AM CISA outlined key actions for securing open source software during a two-day security summit with community leaders. Steps include promoting security principles, implementing new security measures, and collaboration efforts. The Rust Foundation and Python Software Foundation announced plans to enhance security for their respective platforms. Additionally, other organizations, such as … Read more
March 7, 2024 at 01:35AM Group-IB’s annual High Tech Crime Trends report revealed 225,000 stolen ChatGPT stealer logs were found for sale on the dark web between January and October 2023, with a 36% increase in the number of logs from June to October. This poses significant security risks for businesses, as compromised logins expose … Read more
March 5, 2024 at 10:56AM Passwords are crucial for security but can also incur significant costs. Forgotten passwords and resets affect productivity, costing organizations time and money. Help desk queries and support staff add to expenses. Weak passwords also pose security risks, leading to data breaches and financial implications. Using MFA, SSO, training employees, and … Read more
March 5, 2024 at 10:02AM Summary: Biometrics, though dating back to 1901, has significantly evolved with widespread use in public and private sectors. However, there are security risks, as shown by gaps in the US DoD’s biometrics data management. Enterprises also face data theft and privacy concerns, emphasizing the need for robust security policies and … Read more