Super-hero passwords are easily hacked.

Views expressed in this cybersecurity-intelligence update are those of the reporters and correspondents.

Accessed on 02 October 2021, 1329 UTC.

Content provided by “”


Please scroll down to read your selections.

Filter Alerts by

Latest Cybersecurity News And Articles

Mozilla: Superman, Batman, Spider-Man dominate list of passwords leaked in breaches

Superhero-based passwords are increasingly showing up in datasets of breached information, according to a new blog post from Mozilla. Mozilla used data from to figure out the most common passwords found in breached datasets.

Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users

A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.

Password-stealing Android malware uses sneaky security warning to trick you into downloading

FluBot attacks have commonly come in the form of text messages which claim the recipient has missed a delivery, asking them to click a link to install an app to organize a redelivery. This app installs the malware.

Coinbase says hackers stole cryptocurrency from at least 6,000 customers

Hackers stole from the accounts of at least 6,000 customers of Coinbase Global Inc, according to a breach notification letter sent by the cryptocurrency exchange to affected customers.

White House to convene 30-country cybersecurity meeting

The topics of the meeting, President Biden said, will include combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, building trusted 5G technology and better securing supply chains.

Flubot Android malware now spreads via fake security updates

The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates.

October 1, 2021

New APT ChamelGang Uses Supply Chain Weaknesses to Target Russian Energy, Aviation Firms

The new APT group is specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell.

Hydra Android Trojan Campaign Targets Customers of Commerzbank and other European Banks

Threat actors set up a page posing as the official CommerzBank page and registered multiple domains on the same IP address. Crooks used the fake website to spread fake CommerzBank apps.

Threat Actor Steals Cryptocurrency from Thousands of Coinbase Customers by Exploiting MFA Flaw

In its notification to customers, Coinbase explains that between March and May 20th, 2021, a threat actor conducted a hacking campaign to breach Coinbase customer accounts and steal cryptocurrency.

CISA Releases New Tool to Help Organizations Guard Against Insider Threats

The CISA released an Insider Risk Mitigation Self-Assessment Tool today, which assists public and private sector organizations in assessing their vulnerability to an insider threat.

October 1, 2021

Cyber Security Awareness Month: Top Five Tips Every Organization Must Follow

It’s the time of year when we need to remember and reinvigorate our efforts to achieve greater awareness of the threats and risks posed by the malicious cyber activity of sophisticated threat actors.

Email Credential Harvesting at Scale Without Malware

One of the newer techniques for BEC scams integrates spear phishing, custom webpages, and the complex cloud single sign-on ecosystem to trick users into unwittingly divulging their credentials.

Arctic Wolf acquires cybersecurity training startup Habitu8

Arctic Wolf, a managed cybersecurity company that offers a “security operations-as-a-concierge” service, has acquired Habitu8, a security training content platform for an undisclosed amount.

QNAP fixes bug that let attackers run malicious commands remotely

Three of the security flaws fixed today by QNAP are high severity stored cross-site scripting (XSS) vulnerabilities tracked as CVE-2021-34354, CVE-2021-34356, and CVE-2021-34355.

Ransomware attacks on the rise – How to counter them?

Hackers easily take advantage of the fact that the attacks are evolving rapidly and are making use of third-party software as carriers, which is something that many organizations are not ready for.

Popular Android Apps with 142.5 Million Collective Installs Leak User Data

CyberNews security researchers found that 14 top Android apps, downloaded by more than 140 million people in total, are leaking user data due to Firebase misconfigurations.

Nation-state attacks fears grow, execs don’t trust governments to protect them from cyber threats

Execs lack faith in government’s ability to protect them from cyber threats, with 60% of firms believing that spending on new security tools and services is the most effective way of stopping attacks.

Google Releases Emergency Update to Fix Two Chrome Zero-Day Vulnerabilities Under Active Exploitation

Google pushed out an emergency Chrome update to fix two zero-days, the second pair this month, that are being exploited in the wild. A dozen such zero-days have been found in 2021.

US Department Store Chain Neiman Marcus Alerts Millions of Online Customers About Security Breach

Of the 4.6 million customers potentially affected, “approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid,” according to a news release.

Third-party risk prevention strategies inadequate despite organizations being aware of the threats

While companies grapple with third-party cyber risk management, the weak points in their current mitigation strategies exacerbate the threat of cyber incidents, a Forrester Consulting survey reveals.