Cybersecurity Weekly: Equifax default password discovered, NordVPN data breach, Army retires floppy disks
A default admin password was used to "secure" sensitive data at Equifax. NordVPN suffered a data breach, exposing private encryption keys of some of its users. The U.S. Army moves on from an 8-inch floppy disk computing system. All this, and more, in this week’s edition of Cybersecurity Weekly.
Should you pay the ransom?
1. Hackers “are no longer winning,” says KPMG cyber chief
Hackers are “no longer winning the cyber crime war” following years of public and private investment and collaboration, according to KPMG's global head of cyber futures, David Ferbrache. He also said that active defense measures taken by the NCSC are effective at keeping the bad guys at bay.
Read more »
2. Microsoft to reward hackers for finding bugs in open source election software
On October 18th, Microsoft launched the ElectionGuard Bounty program, inviting security researchers from across the world to help the company discover high-impact vulnerabilities in the ElectionGuard SDK. This SDK can be integrated into voting systems and is designed to "allow individual voters to confirm their votes were correctly counted."
Read more »
3. Equifax used default admin password to secure hacked portal
According to a class-action lawsuit, Equifax staffers used the default “admin” username and password to secure a portal containing sensitive customer information. This comes in the wake of the 2017 data breach that leaked information on 148 million accounts of people in the U.S., Canada and UK.
Read more »
4. Alexa and Google Home abused to eavesdrop and phish passwords
Whitehat hackers developed eight malicious apps for the Amazon Echo and Google Home that passed Amazon or Google security-vetting processes. Behind the scenes, these "smart spies," as the researchers called them, secretly eavesdropped on users and phished their passwords.
Read more »
5. AWS servers hit by sustained DDoS attack
Businesses were unable to service their customers for approximately eight hours on Tuesday after Amazon Web Services servers were struck by a distributed denial-of-service (DDoS) attack. After initially flagging DNS resolution errors, customers were informed that the Route 53 DNS was in the midst of an attack, according to statements from AWS support.
Read more »
6. NordVPN breach FAQ — What happened and what's at stake?
NordVPN, one of the most popular and widely used personal VPN services, disclosed details of a security incident that compromised one of its thousands of servers based in Finland. A security researcher alleged that unknown attackers stole private encryption keys through the compromised server.
Read more »
7. Experts found 17 apps infected with clicker trojan in the Apple app store
The mobile apps were instructed by the command and control server to simulate user interactions, allowing crooks to fraudulently collect ad revenue. Security experts noticed the developer previously published infected apps to the Google Play store that have since been removed.
Read more »
8. Ransomware attack shuts down city of Johannesburg's systems
The City of Johannesburg municipality shut down its website, e-services platform and the billing system following a recent ransomware attack. According to the ransom note, this also led to unauthorized information access. Attackers are asking for a payment of four bitcoins (around $33,654) to be paid by October 28.
Read more »
9. U.S. Army stopped using floppy disks as storage for command system
The U.S. Army announced that it replaced the 8-inch floppy disks in a computer to receive nuclear launch orders from the President with a “highly-secure solid state digital storage solution”. The system has been operating since 1968 running on an IBM Series/1 mainframe, using 8-inch floppy disks as storage support.
Read more »
Phishing simulations & training
10. Hackers breach Avast antivirus network through insecure VPN profile
Hackers accessed the internal network of cybersecurity company Avast, likely aiming for a supply chain attack targeting CCleaner. Detected on September 25, intrusion attempts started on May 14. Following an investigation, the antivirus maker determined that the attacker was able to gain access using compromised credentials via a temporary VPN account.
Read more »
In this Series
- Cybersecurity Weekly: Equifax default password discovered, NordVPN data breach, Army retires floppy disks
- Canada Flipper Zero ban and new RustDoor macOS malware
- AnyDesk hack and iPhone patched kernel flaw
- Tesla Pwn2Own hacks and iOS push alerts abuse
- TeamViewer breach and Atlassian Jira outage
- Moscow ISP revenge hack and Microsoft Sharepoint bug warning
- X verified accounts hack and SpectralBlur macOS malware
- CISA default password alert and SOHO KV-botnet campaign
- New 5G modem flaws and Apple’s data breach report
- Staples cyberattack, Agent Racoon backdoor and other news
- British Library ransomware attack, Windows fingerprint authentication bypass
- Samsung UK data breach and ransomware actor’s SEC complaint
- ICBC ransomware attack and ChatGPT outage
- Boeing Lockbit ransomware attack, Apple’s vulnerability and WhatsApp mods spyware
- Octo Tempest hacking group and new iLeakage attack
- Okta support system breach and Google Ads fake KeePass campaign
- Skype DarkGate malware, Shadow PC breach and AvosLocker ransomware warning
- 23andMe data theft, MGM’s $100M ransomware loss and the Azure VM breach
- Malicious Bing Chat ads and FBI’s dual ransomware warning
- T-Mobile app glitch and fake Booking.com pages
- Airbus data leak, Cisco Webex ad malware and €345 million TikTok fine
- New Apple iMessage exploit and CISA’s Apache RocketMQ warning
- Forever 21 data breach and Android BadBazaar espionage
- Duolingo data leak and the Met Police IT hack
- Discord.io data breach and Ivanti Avalanche vulnerabilities
- UK Electoral Commission hack and Microsoft’s role in China email breach
- Salesforce email zero-day exploit and Microsoft Power Platform criticism
- Airlines disclose pilot data breach and the Microsoft Teams bug
- GravityRAT Android Trojan and new MOVEit Transfer flaw
- University of Manchester hack and Honda API flaws
- MOVEit zero-day exploit and the U.S. iPhone hack accusation
- Daam Android virus and Barracuda zero-day flaw
- TP-Link router exploit and 18-year-old charged with hacking DraftKings accounts
- Discord support hack and Toyota location data leak
- Twitter private tweets bug and Cisco phone router vulnerabilities
- Cisco XSS zero-day flaw and PaperCut vulnerabilities
- 3CX hackers hit critical infrastructure and secondhand routers cause security concerns
- Hyundai data breach and Microsoft’s warning to accountants
- Western Digital cloud breach and the MSI ransomware hack
- TMX loan data breach, Italy bans ChatGPT and WordPress Elementor Pro exploit
- ChatGPT data leak and Gmail message theft by North Korean hackers
- U.S. federal agency hack and the return of FakeCalls Android malware
- Massive AT&T data breach and fake jobs targeting security researchers
- U.S. Marshals service breach and TPM 2.0 security flaws
- Dangerous ChatGPT apps and food giant Dole ransomware attack
- GoDaddy malware installations, record-breaking DDoS attack and the new WhiskerSpy malware
- Reddit’s employees phished, healthcare firms targeted and the new Screenshotter malware
- JD Sports data breached, VMware ESXi servers attacked and the HeadCrab malware
- Yandex source code leaked, 4500+ WordPress sites hacked and the new SwiftSlicer malware
- PayPal accounts breached, Fortinet VPN flaw exploited, and the new Hook malware
- Twitter users’ emails leaked, ChatGPT used to write malware and Slack’s repository breach
- Reduce security events
- Reinforce cyber secure behaviors
- Strengthen cybersecurity culture at your organization
