All in Cybersecurity News
This week Between the Hacks reports on a cyberattack that shuts down Honda factories worldwide, a global vishing campaign attacks almost 100,000 inboxes, a UPnP vulnerability exposes millions of Internet-connected devices, update your Windows 10 systems now, and how to protect your digital privacy while protesting.
Annual cybersecurity reports are a rich resource of statistics and information for cybersecurity professionals, academics, journalists and anyone who is interested in cybersecurity. Below is a categorized list of many of these reports…
This week Between the Hacks reports on two critical vulnerabilities patched in Zoom, 80% of data breaches leverage compromised credentials, attackers are targeting your mobile device to get access to your company network, a 64 year-old man pleads guilty to a business email compromise charges, and use HTTPS Everywhere to better secure your browsing.
This week Between the Hacks reports on phish-testing remote employees, 70% of mobile and desktop apps contain open-source security flaws, the Red Cross calls for governments to band together to stop cyberattacks against hospitals, updates on BlackHat USA 2020’s virtual event, and tips to better secure your Gmail account.
This week in Between the Hacks, Apple adds contact tracing to the iPhone, a new LogMeIn phish, Windows 7 use is increasing, Verizon releases their 13th annual DBIR report, and Mikko Hyppönen’s Disobey keynote from February, 2020.
Reports released annually by cybersecurity companies are rich resources for cybersecurity professionals, academics, journalists and really anyone who is interested in cybersecurity. Among the dozens that are released each year, arguably the most famous of these is the Verizon Data Breach Investigations Report, also known as the DBIR. This week, Between The Hacks eagerly reviewed the newly released 2020 Verizon Data Breach Investigations Report. At 119-pages, this is the 13th edition of the DBIR and it is the most extensive with more than 32,000 incidents, 3,950 of which were confirmed breaches. If you’re strapped for time, or if you’re more of a TL;DR person and the thought of 119 pages of security stats turns your eyelids into weighted blankets, fear not, there is also a 19-page DBIR Executive Summary available for download.
This week Between the Hacks reports on a 238% increase in cyberattacks against the financial sector, Windows 10 quietly gets a packet sniffer, Google plans to unload resource-hogging ads, a Nigerian crime ring files fraudulent unemployment claims, and a browser plug-in that helps prevent websites from tracking you online.
The decades old joke that “DEF CON has been cancelled”, is now a reality. Well, not cancelled as much as moved online to become a virtual conference for the first time.
On Friday May 8th, 2020, DEF CON tweeted “The #DEFCONiscanceled meme has crossed over into real life, courtesy of #COVID19. In early March we had hopes that things would be stable by August. That is no longer realistic.”
This week Between the Hacks reports on a data breach of 28,000 GoDaddy accounts, Firefox alerts you if you use a leaked password, a new IoT botnet, and a critical vulnerability in all Samsung phones for the past 6 years. Also, to stay up to date on cybersecurity news daily, try out our tip of the week, the Cyberwire podcast.
This week Between the Hacks reports on movies infected with malware, the NSA shares tips for teleworkers, a gif hijacks Microsoft Teams, and for the third time in 7 years, the iPhone has a word of death! Also bolster your security and privacy by changing DNS servers and a proof that robots can lie.
The world of cybersecurity is a constant cat and mouse game where attackers find new and creative ways to attack and the defenders discover those methods and figure out how to stop the attacks. The latest wrinkle in this spin around the hamster wheel was revealed by researchers at Barracuda Networks, who discovered that threat actors are now using, “reCAPTCHA walls to block URL scanning services from accessing the content of phishing pages.”
This week the U.S. AIr Force invites hackers to try and hack into an orbiting satellite, your employer may be infecting your home network, Sextortion pays big for scammers, an iOS vulnerability may have silently infected your device just by receiving an email and this week’s tip will help you secure your home network.
Your work computer might be the device that lets a threat actor into your home network. According to research conducted by cybersecurity companies, Arctic Security and Team Cymru, more than 50,000 U.S. organizations have sent their employees to a work from home environment with malware-infected computers.
On a corporate network, firewall rules and cybersecurity tools block certain types of traffic…
Another week of Zoovid-19 news as Zoom and COVID-19 dominate the cybersecurity headlines. Two Zoom zero-day exploits go up for sale. Zoom faces another class-action lawsuit. It’s not all bad news though, Zoom has been busy patching and making strides to regain trust. COVID-19 help is a click away. Social media companies battle Coronavirus misinformation. Home routers are compromised and this blog was selected by Feedspot as one of the Top 100 Cyber Security Blogs on the web. Thanks to all of the readers.
Whether you celebrate Easter, or Passover, or just surviving another week in self-quarantined, social distancing, please stay safe, stay well, and check in with family, friends and neighbors.
This week we have more updates to the Zoom and COVID-19 sagas (now coined Zoovid-19). More than 2,300 Zoom credentials are found in an underground forum. Sixteen malicious coronavirus mobile apps are discovered, a sextortion campaign takes on different themes, and phishers pretend to be President Trump.
Zoom sees rapid growth with lots of growing pains, the FBI warns of teleconference hijacking, a data breach exposes GE employee data, for the third week in a row, we saw a rapid increase in COVID-19 Coronavirus phishing and cyberattacks, and Marriott reports a data breach…again.
Malware: A malicious app that supposedly tracks Coronavirus victims, is actually demanding ransom payment from Android users. via @gcluley
Cyberattack: Cyberattack Hits U.S. Health Agency Amid COVID-19 Outbreak
More Patches: Adobe Releases Critical Patches for Acrobat Reader, Photoshop, Bridge, ColdFusion -
Botnet: Zxyel Flaw Powers New Mirai IoT Botnet Strain -
Credit Card Skimming: NutriBullet and others caught in online credit card skimming attack!
Data [Re]Breach
Tech companies Helping businesses and schools stay connected in response to Coronavirus
FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts
Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed…Then patched
Comcast Publishes info about customers who pay to have their info private
An employee of Shark Tank star Barbara Corcoran thought it was a routine wire transfer. The email request did not look unusual, and the amount of the transfer did not raise suspicion. But it was a clever scam, and nearly $400,000 was deposited into the bank account of a phishing scammer. Corcoran, who is well known as one of the “sharks” on ABC’s TV show, Shark Tank, shared details of a cybersecurity breach at her company with ABC News.
"This morning I wired $388,000 into a false bank account…
