Cyber Security Informer

Weekly Update 76

Troy Hunt

MARCH 2, 2018

Massive, massive week! I'm not trying to make these videos longer (and the next two while I'm overseas will definitely be shorter), but yeah, this week was a biggie. Pwned Passwords dominated throughout, interrupted only by a few thousand new data breaches going into HIBP. 23:00 - Making Pwned Passwords go fast. 56:20 - The UK and AU govs and HIBP.

Data breaches

Data breaches Passwords Government

VulnRecap 1/16/24 – Major Firewall Issues Persist

eSecurity Planet

JANUARY 16, 2024

Update your instance of Popup Builder to 4.2.3 Follow this page for updates on patches. The fix: Look at Microsoft’s Patch Tuesday update from last June to find patch information for the SharePoint vulnerability. According to Bitdefender, the thermostat does not validate the authenticity of a new firmware update.

Firewall

Firewall Firmware IoT Authentication

How to Protect Against the Costly Impacts of Ransomware

CyberSecurity Insiders

OCTOBER 26, 2022

Recent research found that 47% of mid-sized organizations experienced premium increases of 76% or more in the past year. Any incident response plan must be flexible and able to adapt to rapidly-changing circumstances, so it’s important to routinely update processes and incorporate real-time, always-on monitoring of critical data.

Ransomware

Ransomware Cyber Insurance Insurance Risk

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

TrickBot helps Emotet come back from the dead

Malwarebytes

NOVEMBER 16, 2021

Not only had the infrastructure been dismantled, but previously infected computers had received a special update that would effectively remove the malware at a specific date. Out of the woods again. On November 15, security researchers who’ve tracked Emotet announced that the threat was back. A return of malspam waves and ransomware?

InfoSec

InfoSec Ransomware Malware

Cloudflare Thwarts Cyberattack with Hardware Security Keys

SecureWorld News

AUGUST 12, 2022

In less than 60 seconds, a total of 76 employees received text messages on their personal and work phones, and even some family members received messages. Update detections to identify any subsequent attack attempts. The Twilio communications API allows developers to build voice and SMS capabilities into their apps.

Phishing

Phishing Software Scams Passwords

State of API Security: Financial Services and Insurance

Security Boulevard

JULY 19, 2023

Other notable findings include: 42% of respondents have little confidence in understanding which APIs expose PII Merely 13% of respondents consider their API security programs to be advanced 36% of respondents update their APIs at least weekly, but only 10% update their documentation at the same weekly pace Only 42% of respondents identify API security (..)

Financial Services

Financial Services Insurance Digital transformation Banking

CISA alert warns of Emotet attacks on US govt entities

Security Affairs

OCTOBER 6, 2020

Emotet is a modular malware, its operators could develop new Dynamic Link Libraries to update its capabilities. The infamous banking trojan is also used to deliver other malicious code, such as Trickbot and QBot trojan or ransomware such as Conti (TrickBot) or ProLock (QBot).

Government

Government Banking Advertising Malware

Hybrid IAM and Cloud Steer Maersk Toward Improved Experiences and Cost Savings

Security Boulevard

APRIL 13, 2021

Maersk operates in 134 countries, shipping 10 million containers to 76 global ports annually with the help of 88,000 employees. And Maersk must keep every vendor, partner and customer updated during each point of the journey. But have you ever thought about what it takes to orchestrate the movement of that cargo? . Take a car battery.

Authentication

Authentication Mobile Engineering

T-Mobile API Hack Affects Data of 37 Million Customers

SecureWorld News

JANUARY 20, 2023

T-Mobile is still settling with customers over a 2021 breach in which 76 million people were affected, with the company agreeing to pay $350 million to settle claims and spend another $150 million to bolster security. Here's a SecureWorld News article from August 2021 providing an update on a breach affecting 100 million T-Mobile users.

Mobile

Mobile Hacking Data breaches Authentication

Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices

eSecurity Planet

AUGUST 10, 2021

” The only way to mitigate this is by requiring vendors to offer zero-downtime automatic updates, they wrote. ” Should Updates Be Automated? . ” Should Updates Be Automated? . “Most organizations do not have policies to patch within a few days, taking sometimes weeks to react.

IoT

IoT DDOS Internet Internet

Ransomware review: February 2023

Malwarebytes

FEBRUARY 8, 2023

Play’s surge in December activity fell by about 76% percent in January. A month where nobody refused to pay would be hugely unusual though. Having said that, the Black Basta News Tor site, where it publishes new victims, has been down for several weeks. We saw that it was reactivated on January 22, but the next day it went down again.

Ransomware

Ransomware Education Cryptocurrency Marketing

Lessons from the cyber front line

IT Security Guru

OCTOBER 3, 2022

In February 2020, the code known as Sunburst was let loose and the following month, SolarWinds unknowingly sent out Orion software updates, which included the Sunburst malware. million Americans from 48 Equifax servers over 76 days, before they were detected. In total, the hackers stole the personal information of 147.7

Encryption

Encryption Cyber Attacks Data breaches Ransomware

IoT Devices a Huge Risk to Enterprises

eSecurity Planet

JULY 22, 2021

ThreatLabz found that 76 percent of all transactions occurred over plain-text channels; 24 percent were over secure encrypted pathways. In addition, they need to update and patch the software to all IoT-related devices. Enterprises accounted for 28 percent, followed by healthcare devices at 8 percent.

IoT

IoT Risk Architecture Manufacturing

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

Elie

DECEMBER 2, 2017

From thereon, Mirai spread quickly, doubling its size every 76 minutes in those early hours. We hope the Deutsche Telekom event acts as a wake-up call and push toward making IoT auto-update mandatory. By the end of its first day, Mirai had enslaved over 65,000 IoT devices. Octave Klaba OVH’s founder did. report on Twitter.

IoT

IoT DDOS Internet Internet

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

eSecurity Planet

MAY 2, 2024

Sophos: Noted that 43% of all 2023 malware signature updates are for stealers, spyware, and keyloggers often used to steal credentials from devices. CrowdStrike: Detected significant signs of credentials theft: 76% YoY increase in victims named on eCrime dedicated link sites. 21% have at least 76 specialty security solutions.

Cybersecurity

Cybersecurity DDOS Penetration Testing Passwords

Cyber Security Informer

Weekly Update 76

VulnRecap 1/16/24 – Major Firewall Issues Persist

Webinars

Trending Sources

How to Protect Against the Costly Impacts of Ransomware

Webinars

TrickBot helps Emotet come back from the dead

Cloudflare Thwarts Cyberattack with Hardware Security Keys

State of API Security: Financial Services and Insurance

CISA alert warns of Emotet attacks on US govt entities

Hybrid IAM and Cloud Steer Maersk Toward Improved Experiences and Cost Savings

T-Mobile API Hack Affects Data of 37 Million Customers

Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices

Ransomware review: February 2023

Lessons from the cyber front line

IoT Devices a Huge Risk to Enterprises

Inside Mirai the infamous IoT Botnet: A Retrospective Analysis

2024 State of Cybersecurity: Reports of More Threats & Prioritization Issues

Stay Connected