Individuals at Risk
Cyber Privacy
This Week in Database Leaks: Cognyte, CVS, Wegmans: Billions of records were found exposed this week due to unprotected databases owned by major corporations and third-party providers. DarkReading, June 18, 2021
Most health apps engage in unhealthy data‑harvesting habits: Most medical and fitness apps in Google Play have tracking capabilities enabled and their data collection practices aren’t transparent WeLiveSecurity, June 17, 2021
Cyber Defense
Vishing: What is it and how do I avoid getting scammed?: How do vishing scams work, how do they impact businesses and individuals, and how can you protect yourself, your family and your business? WeLiveSecurity, June 14, 2021
Cyber Warning
Amazon Prime Day scams resurface for 2021: With this year’s Amazon Prime Day set for June 21-22, scammers are already touting “Early Prime Day Deals,” says Bolster. TechRepublic, June 17, 2021
Cyber Danger
Digital convenience leads to lax security habits among users, survey finds: A new IBM global report examining consumer behaviors finds an average of 15 new online accounts were created and 82% are reusing the same credentials some of the time. TechRepublic, June 16, 2021
RockYou2021: largest password compilation of all time leaked online with 8.4 billion entries: What seems to be the largest password collection of all time has been leaked on a popular hacker forum. A forum user posted a massive 100GB TXT file that contains 8.4 billion entries of passwords, which have presumably been combined from previous data leaks and breaches. CyberNews, June 7, 2021
Cyber Misc
‘Oddball’ Malware Blocks Access to Pirated Software: Rather than steal credentials or hold data for ransom, a recent campaign observed by Sophos prevents people from visiting sites that offer illegal downloads. ThreatPost, June 18, 2021
Cyber Humor
Information Security Management for the Organization
Information Security Management
4 Habits of Highly Effective Security Operators: These good habits can make all the difference in advancing careers for cybersecurity operators who spend their days putting out fires large and small. DarkReading, June 18, 2021
The Art and Strategy of Becoming More Cyber Resilient: In the military, the art of strategy is key. It teaches how to win a war through a series of battles, campaigns and tactics. In the cybersecurity world, we have been on the defensive side for as long as we can remember. We focus on frameworks and tactics such as Defense in Depth, the onion or defensive layer theory, and perimeter security. And that’s why threat actors still have control of the battlefield today. Instead, in order to become more cyber resilient, we need to take a leap into the offensive side, always thinking about our enemies’ strategies. SecurityIntelligence, June 17, 2021
The Hottest Cybersecurity Must-Reads for the Busy Security Practitioner: You’re busy. We get that. Let’s suppose you’re like most of your colleagues in security. In that case, it’s almost like Groundhog Day. It starts with chasing the latest threat and protecting your company or agency from attacks. It ends with you wondering where the last eight (or more) hours went. This leaves you little time to do what you really want to do — transform your work into an enabler of growth and innovation. Take a breath. We can help. SecurityIntelligence, June 16, 2021
The many ways a ransomware attack can hurt your organization: Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason. TechRepublic, June 16, 2021
The many ways a ransomware attack can hurt your organization: Loss of revenue, brand and reputation damage, employee layoffs and business closures were some of the effects of a ransomware attack, according to Cybereason. TechRepublic, June 16, 2021
Secure The Human
Why a Phishing Attack Is Still Profitable — And How To Stop One: As the business world continues to grapple with an expanding definition of new normal, the phishing attack remains a common tactic for attackers. Why are phishing attacks still happening? How can we prevent them? We spoke to a threat analyst who has the answers. SecurityIntelligence, June 16, 2021
Cyber Insurance
Ransomware claims are roiling an entire segment of insurance industry: The recent surge of ransomware attacks is upending the cyber-insurance industry, pushing up the requirements and cost of coverage just as more companies need it. SeattleTimes, June 17, 2021
Cybersecurity in Society
Cyber Crime
Carnival Cruise Cyber-Torpedoed by Cyberattack: This is the fourth time in a bit over a year that Carnival’s admitted to breaches, with two of them being ransomware attacks. ThreatPost, June 18, 2021
Faux ‘DarkSide’ Gang Takes Aim at Global Energy, Food Sectors: A DarkSide doppelganger mounts a fraud campaign aimed at extorting nearly $4 million from each target. ThreatPost, June 18, 2021
EA source code stolen by hacker claiming to sell it online: More organizations feel the pain as the ransomware scourge grows more pernicious. ars technica, June 10, 2021
Cyber Espionage
Sprawling cyber-espionage campaign linked to Chinese military unit: Cybersecurity experts have uncovered evidence that interconnects several multi-year and sprawling cyber-espionage campaigns to a Chinese military unit operating out of the city of Ürümqi in China’s western province of Xinjiang. TheRecord, June 16, 2021
Cyber Privacy
Colorado is the third state to pass a consumer-data privacy bill. Now what?: Yes, you can ask a company to delete your personal data. No, it doesn’t apply to all personal data. And yes, many companies in-and-out of Colorado must figure out how to manage this by July 2023. The Colorado Sun, June 17, 2021
Know Your Enemy
Inside a ransomware attack: how dark webs of cybercriminals collaborate to pull one off: In their Carbis Bay communique, the G7 announced their intention to work together to tackle ransomware groups. Days later, US president Joe Biden met with Russian president Vladimir Putin, where an extradition process to bring Russian cybercriminals to justice in the US was discussed. Putin reportedly agreed in principle, but insisted that extradition be reciprocal. Time will tell if an extradition treaty can be reached. But if it is, who exactly should extradited – and what for? The Conversation, June 18, 2021
How Does One Get Hired by a Top Cybercrime Gang?: The U.S. Department of Justice (DOJ) last week announced the arrest of a 55-year-old Latvian woman who’s alleged to have worked as a programmer for Trickbot, a malware-as-a-service platform responsible for infecting millions of computers and seeding many of those systems with ransomware. KrebsOnSecurity, June 15, 2021
National Cybersecurity
The Cybersecurity 202: Here are four cyber takeaways from the Biden-Putin summit: Expectations were set exceedingly low for President Biden making any progress on U.S.-Russia hacking tensions during his meeting yesterday with Vladimir Putin. And it seems Biden cleared that very low bar. The Washington Post, June 17, 2021
Poland says recent attacks on local politicians originated from Russia: The Polish government said that a recent wave of cyberattacks that have targeted the email accounts of local political figures originated from Russia. TheRecord, June 17, 2021
G7 calls on Russia to crack down on ransomware gangs: In light of the recent wave of high-profile ransomware attacks that have caused havoc in the US and Europe, the member states of the G7 group have called on Russia and other countries to crack down on ransomware gangs operating within their borders. TheRecord, June 14, 2021
Cyber Fine
First American Financial Pays Farcical $500K Fine: In May 2019, KrebsOnSecurity broke the news that the website of mortgage settlement giant First American Financial Corp. [NYSE:FAF] was leaking more than 800 million documents — many containing sensitive financial data — related to real estate transactions dating back 16 years. This week, the U.S. Securities and Exchange Commission settled its investigation into the matter after the Fortune 500 company agreed to pay a paltry penalty of less than $500,000. KrebsOnSecurity, June 18, 2021
Cyber Law
Senators Draft a Federal Breach Notification Bill: Bipartisan Legislation Would Require Notifying CISA Within 24 Hours of a Breach Discovery. BankInfoSecurity, June 18, 2021
Critical Infrastructure
50,000 security disasters waiting to happen: The problem of America’s water supplies: “If you could imagine a community center run by two old guys who are plumbers, that’s your average water plant,” one cybersecurity consultant said. NBC, June 17, 2021
Cyber Enforcement
Law Enforcement’s Cybercrime Honeypot Maneuvers Paying Off: Closing EncroChat and Sky, Plus Careful Word-of-Mouth Management, Drove Anom Uptake. BankInfoSecurity, June 18, 2021
In Ransomware Battle, Bitcoin May Actually Be an Ally: Webs of Criminality Are Recorded on Bitcoin’s Blockchain. BankInfoSecurity, June 17, 2021
Microsoft Disrupts Large-Scale, Cloud-Based BEC Campaign: Varied cloud infrastructure was used to phish email credentials, monitor for and forward finance-related messages and automate operations. ThreatPost, June 15, 2021
Ukrainian Police Nab Six Tied to CLOP Ransomware: Authorities in Ukraine this week charged six people alleged to be part of the CLOP ransomware group, a cybercriminal gang said to have extorted more than half a billion dollars from victims. Some of CLOP’s victims this year alone include Stanford University Medical School, the University of California, and University of Maryland. KrebsOnSecurity, June 15, 2021