Many users are sharing passwords with someone outside their household

https://www.helpnetsecurity.com/2021/11/26/maintain-access-streaming-account/

Excerpt:

“According to a survey by The Harris Poll, one in 10 Americans would prolong a relationship with a friend or partner to maintain access to their streaming account. Moreover, 68% of Americans admitted to using the same password on multiple accounts and 64% only change their passwords if they have to, leaving them vulnerable to cybercrime.”


Why cybersecurity training needs a post-pandemic overhaul

Victor Kritakis

https://www.helpnetsecurity.com/2021/11/23/employees-cybersecurity-training/

Excerpt:

“COVID-19 may have ushered in the rise of remote work (either temporarily or permanently) but not all organizations were prepared to manage a fully remote workforce and the cybersecurity challenges that come with it.”


Microsoft Exchange servers hacked in internal reply-chain attacks

Bill Toulas

https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-in-internal-reply-chain-attacks/

Excerpt:

“Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails.”


52% of SMBs have experienced a cyberattack in the last year

https://www.helpnetsecurity.com/2021/11/19/smbs-cyberattack/

Excerpt:

“The consequences of a breach have never been more severe, with global cybercrime collectively totaling $16.4 billion each day, a Devolutions survey reveals.”


‘My bank account was in a shambles’: The ordeal of an identity theft victim

David Tsrouya

https://www.welivesecurity.com/2021/11/18/my-bank-account-shambles-ordeal-identity-theft-victim/

Excerpt:

“When a former neighbor contacted Martin Kaul (not his real name) in August 2020 to tell him that he’d received a letter at his old address, Martin thought nothing of it. But when he actually read the letter, which was from a mobile phone company he hadn’t signed any contract with, it dawned on him that he’d fallen victim to a scam – unknown fraudsters had misused his identity to sign costly contracts in his name. As it soon turned out, far more than ‘just’ once.”


The COVID-19 crisis has fueled the increase of cybercrime in all its forms

https://www.helpnetsecurity.com/2021/11/18/covid-19-cybercrime/

Excerpt:

“The accelerated digitalization related to the COVID-19 pandemic has significantly influenced the development of a number of cyber threats, according to the new edition of Europol’s Internet Organised Crime Threat Assessment.”


The six most common threats against the device that knows you best

Christine Bejerasco

https://www.helpnetsecurity.com/2021/11/18/mobile-threats-safe/

Excerpt:

“What is the most intimate relationship in your life—aside from your partner, your children or your parents? For many of us, it’s our mobile phone. It’s the last thing we see before sleep, and it’s usually the first thing in our hands each morning.


76% of gamers were financially affected by a cyberattack, losing $700+ on average

https://www.helpnetsecurity.com/2021/11/17/gamers-cyberattack/

Excerpt:

“NortonLifeLock published the findings of a global study that sheds light on the cyber risks impacting the gaming community. The survey, conducted by The Harris Poll among more than 700 American adults who currently play online games, found that 47% of American gamers have experienced a cyberattack to their gaming account or device. Of those, 76% report that they were financially affected as a result, losing a striking $744 on average.”


Internal audit leaders expect new risks to emerge post-pandemic

https://www.helpnetsecurity.com/2021/11/16/internal-audit-risks/

Excerpt:

“COVID-19 stretched organizational resources and unleashed new risks on a global basis, prompting an ongoing pivot by internal audit departments to address the evolving challenges, according to a survey by AuditBoard.”


American spy hacked Booking.com, company stayed silent

Merijn Rengers, Stijn Bronzwaer, Joris Kooiman

https://www.nrc.nl/nieuws/2021/11/10/american-spy-hacked-bookingcom-company-stayed-silent-a4065086

Excerpt:

“In early 2016, an American hacker broke into the servers of hotel website Booking.com and stole details of thousands of hotel reservations in countries in the Middle East. After two months of research, four Booking.com IT-specialists determined that the hacker was a man who had close ties with American intelligence services.”


FBI system hacked to email 'urgent' warning about fake cyberattacks

Ionut Ilascu

https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/

Excerpt:

“The Federal Bureau of Investigation (FBI) email servers were hacked to distribute spam email impersonating FBI warnings that the recipients' network was breached and data was stolen.”


Humanizing hackers: Entering the minds of those behind the attacks

Sashank Purighalla

https://www.helpnetsecurity.com/2021/11/11/humanizing-hackers/

Excerpt:

“Have you ever wondered what are hackers like, where they are based, and what are they thinking?”


The world’s worst kept secret and the truth behind passwordless technology

Tom Jermoluk

https://www.helpnetsecurity.com/2021/11/11/passwordless-technology-truth/

Excerpt:

“One of the biggest security risks of modern-day business is the mass use of passwords as the prime authentication method for different applications. When the technology was first developed, passwords were perceived by individuals and businesses alike as a sure way of securing access to systems and sensitive data. Today, however, the flaws behind this form of authentication are crystal clear: not only do they make life more difficult for the user, but they also create a false sense of security and leave major holes in a business’s defenses.”


Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT

Trend Micro Research

https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html

Excerpt:

“As a part of our threat research, we closely monitor actively exploited vulnerabilities and misconfigurations. One such frequently abused misconfiguration is that of exposed Docker REST APIs.”


77% of rootkits are used for espionage purposes

https://www.helpnetsecurity.com/2021/11/05/rootkits-espionage/

Excerpt:

”In a new report, Positive Technologies analyzes this past decade’s most infamous families of rootkits – programs that hide the presence of malicious software or traces of intrusion in victim systems.”


SSU identifies FSB hackers responsible for over 5,000 cyber attacks against Ukraine (video)

https://ssu.gov.ua/en/novyny/sbu-vstanovyla-khakeriv-fsb-yaki-zdiisnyly-ponad-5-tys-kiberatak-na-derzhavni-orhany-ukrainy

Excerpt:

”The SSU Cyber Security Department identified hackers of the notorious ARMAGEDON group, which carried out over 5,000 cyber attacks against public authorities and critical infrastructure of Ukraine. They are officers of the ‘Crimean’ FSB and traitors who defected to the enemy during the occupation of the peninsula in 2014.”


CERT-FR warns of Lockean ransomware attacks against French companies

Pierluigi Paganini

https://securityaffairs.co/wordpress/124171/malware/cert-fr-warns-lockean-ransomware.html

Excerpt:

“France’s Computer Emergency Response Team (CERT-FR) officials identified a new ransomware gang named Lockean that is responsible for a long list of attacks against French companies over the past two years.The list of targeted French organizations includes the transportation logistics firm Gefco, pharmaceutical groups Fareva and Pierre Fabre, and the newspaper Ouest-France.”


Annual Cost of Child Identity Fraud Almost $1Bn

Sarah Coble

https://www.infosecurity-magazine.com/news/annual-cost-child-identity-fraud/

Excerpt:

“New research published today by Javelin Strategy & Research puts the annual cost of child identity theft and fraud in the United States at nearly $1bn.”


40% of organizations suffered a cloud-based data breach in the past 12 months

https://www.helpnetsecurity.com/2021/11/02/experienced-cloud-based-data-breach/

Excerpt:

“Despite increasing cyberattacks targeting data in the cloud, 83% of businesses are still failing to encrypt half of the sensitive data they store in the cloud, raising even greater concerns as to the impact cyber criminals can have. 40% of organizations have experienced a cloud-based data breach in the past 12 months, according to a study conducted by 451 Research.”


California Health Network Reports Data Breach

Sarah Coble

https://www.infosecurity-magazine.com/news/california-health-network-reports/

Excerpt:

“Cyber-criminals may have accessed the protected health information (PHI) of hundreds of thousands of patients of a network of community health centers based in California.

Nonprofit Community Medical Centers (CMC), which is headquartered in the city of Stockton, primarily serves low-income patients, migrants, and homeless people in the Northern California counties of San Joaquin, Solano, and Yolo.”


The Toronto Transit Commission (TTC) hit by a ransomware attack

Pierluigi Paganini

https://securityaffairs.co/wordpress/124066/malware/toronto-transit-commission-ransomware.html

Excerpt:

“The Toronto Transit Commission announced on Friday that its systems have been infected with ransomware, the attack began on Thursday night and disrupted its activities. At this time, no ransomware gang has taken responsibility for the attack.”