Cybersecurity News of the Week, September 19, 2021


The first annual SecureTheVillage Golf Tournament is October 20! Celebrate cybersecurity awareness month on the links. Includes breakfast, lunch, and cocktail reception afterwards. Not a golfer? That’s OK. Come to the reception. A limited number of foursomes and sponsorships are still available.

Individuals at Risk

Cyber Privacy

IOTW: Ransomware thieves publish major airlines’ passenger information: Ransomware group LockBit attacks Bangkok Airways and releases passenger data including passport and credit card information. CyberSecurity Hub, September 3, 2021

Cyber Defense

Microsoft accounts can now go fully passwordless: You can delete your Microsoft account password. TheVerge, September 15, 2021

Cyber Update

Microsoft Patch Tuesday, September 2021 Edition: Microsoft today pushed software updates to plug dozens of security holes in Windows and related products, including a vulnerability that is already being exploited in active attacks. Also, Apple has issued an emergency update to fix a flaw that’s reportedly been abused to install spyware on iOS products, and Google‘s got a new version of Chrome that tackles two zero-day flaws. Finally, Adobe has released critical security updates for Acrobat, Reader and a slew of other software. KrebsOnSecurity, September 14, 2021

Cyber Warning

Beware of these 5 common scams you can encounter on Instagram: From cybercriminal evergreens like phishing to the verification badge scam, we look at the most common tactics fraudsters use to trick their victims. WeLiveSecurity, September 13, 2021

Cyber Misc

Jaw-dropping moments in WSJ’s bombshell Facebook investigation: New York (CNN Business)This week the Wall Street Journal released a series of scathing articles about Facebook, citing leaked internal documents that detail in remarkably frank terms how the company is not only well aware of its platforms’ negative effects on users but also how it has repeatedly failed to address them. CNN, September 16, 2021

Cyber Humor

Information Security Management for the Organization

Information Security Management

FBI and CISA warn of state hackers exploiting critical Zoho bug: The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are actively exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. BleepingComputer, September 16, 2021

REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out: Bitdefender worked with law enforcement to create a key to unlock victims encrypted in ransomware attacks before REvil’s servers went belly-up on July 13. ThreatPost, September 16, 2021

X-Force Report: No Shortage of Resources Aimed at Hacking Cloud Environments: As cybercriminals remain steadfast in their pursuit of unsuspecting ways to infiltrate today’s businesses, a new report by IBM Security X-Force highlights the top tactics of cybercriminals, the open doors users are leaving for them and the burgeoning marketplace for stolen cloud resources on the dark web. The big takeaway from the data is businesses still control their own destiny when it comes to cloud security. Misconfigurations across applications, databases and policies could have stopped two-thirds of breached cloud environments observed by IBM in this year’s report. Security Intelligence, September 15, 2021

Close to half of on-prem databases contain vulnerabilities, with many critical flaws: The Microsoft Exchange attack wave revealed the risks, but patching isn’t always straightforward. ZDNet, September 14, 2021

What is a cyberattack surface and how can you reduce it?: Discover the best ways to mitigate your organization’s attack surface, in order to maximize cybersecurity. WeLiveSecurity, September 14, 2021

What Is Zero Trust? It Depends What You Want to Hear: The cybersecurity world’s favorite catchphrase isn’t any one product or system, but a holistic approach to minimizing damage. Wired, Septemer 12, 2021

Secure The Human

Cybersecurity Training: How to Build a Company Culture of Cyber Awareness: When I attended new employee orientation at a global technology company several decades ago, I remember very brief cybersecurity training. The gist was to contact someone in IT if we noticed any potential issues. While I was with the company, I only thought about cybersecurity when I passed the server room, and I could only peek into that locked, dark room full of machines when one of the tech guys opened the door. Back then, I always felt that it was someone else’s job to keep our data safe. Time and experience have changed the way I look at things. SecurityIntelligence, September 15, 2021

Cybersecurity in Society

Cyber Crime

Customer Care Giant TTEC Hit By Ransomware: TTEC, [NASDAQ: TTEC], a company used by some of the world’s largest brands to help manage customer support and sales online and over the phone, is dealing with disruptions from a network security incident resulting from a ransomware attack, KrebsOnSecurity has learned. KrebsOnSecurity, September 15, 2021

Ransomware accounted for a quarter of all cyber insurance claims in Europe between 2016 and 2020: Almost a quarter of all cyber insurance claims filed between 2016 and 2020 across continental Europe have been related to ransomware attacks, according to insurance giant Marsh. TheRecord, September 15, 2021

Ransomware encrypts South Africa’s entire Dept of Justice network: The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. BleepingComputer, September 15, 2021

Cyber Attack

Anonymous hacks and leaks data from domain registrar Epik: Hacktivist group Anonymous has successfully breached and leaked the database of Epik, a controversial web hosting provider and domain registrar that has given shelter to many right-wing websites over the past few years, such as Gab, Parler, and The Donald. TheRecord, September 15, 2021

Cyber Leak

Over 60 million wearable, fitness tracking records exposed via unsecured database: Data sources included Apple’s HealthKit and Fitbit. ZDNet, September 13, 2021

Cyber Espionage

Pegasus: iPhone hit by NSO Group spyware to hack Saudi activist: Canada-based research group discovers Israeli-developed exploit named ‘Forcedentry’ while testing a Saudi activist’s iPhone. Middle East Eye, September 14, 2021

Know Your Enemy

How Attackers Invest in Cloud-Focused Cybercrime: A new study reveals an active underground market for access credentials to tens of thousands of cloud accounts and resources. Attackers appear to be in lockstep with enterprise organizations in the march to the cloud — but with an entirely different set of objectives, research shows. DarkReading, September 15, 2021

This US company sold iPhone hacking tools to UAE spies: An American cybersecurity company was behind a 2016 iPhone hack sold to a group of mercenaries and used by the United Arab Emirates. Technology Review, September 15, 2021

National Cybersecurity

America Has a GPS Problem: The system is essential but also vulnerable. We need a backup. The New York Times, January 23, 2021

Cyber Law

Twitch sues users over alleged “hate raids” against streamers: Lawsuit accuses anonymous users of “targeting black and LGBTQIA+ streamers.” ars technica, September 11, 2021

Cyber Defense

First on CNN Business: Moody’s is spending $250 million to measure the risk of America’s biggest companies getting hacked: (CNN Business)Moody’s is spending hundreds of millions of dollars to better evaluate the cybersecurity risks that face America’s largest corporations. CNN, September 13, 2021

Ransomware Stopper: Mandatory Ransom Payment Disclosure: “Silence is gold.” So says ransomware operator Ragnar Locker in the latest “press release” to be issued via its Tor-based data leak site. BankInfoSecurity, September 10, 2021

Cyber Enforcement

This wannabe hacker was caught in a pretty embarrassing way: Hacker is accused of cracking over 2000 passwords every week. TechRadar, September 12, 2021

‘Every message was copied to the police’: the inside story of the most daring surveillance sting in history: Billed as the most secure phone on the planet, An0m became a viral sensation in the underworld. There was just one problem for anyone using it for criminal means: it was run by the police. The Guardian, September 11, 2021

Become A CyberGuardian

Protect your community: take the CyberGuardian Pledge, join our email list, get invited to events.

Take the Pledge