Super-hero passwords are easily hacked.
Views expressed in this cybersecurity-intelligence update are those of the reporters and correspondents.
Accessed on 02 October 2021, 1329 UTC.
Content provided by “Cyware.com.”
Please scroll down to read your selections.
Latest Cybersecurity News And Articles
Mozilla: Superman, Batman, Spider-Man dominate list of passwords leaked in breaches
Superhero-based passwords are increasingly showing up in datasets of breached information, according to a new blog post from Mozilla. Mozilla used data from haveibeenpwned.com to figure out the most common passwords found in breached datasets.
Chinese Hackers Used a New Rootkit to Spy on Targeted Windows 10 Users
A formerly unknown Chinese-speaking threat actor has been linked to a long-standing evasive operation aimed at South East Asian targets as far back as July 2020 to deploy a kernel-mode rootkit on compromised Windows systems.
Password-stealing Android malware uses sneaky security warning to trick you into downloading
FluBot attacks have commonly come in the form of text messages which claim the recipient has missed a delivery, asking them to click a link to install an app to organize a redelivery. This app installs the malware.
Coinbase says hackers stole cryptocurrency from at least 6,000 customers
Hackers stole from the accounts of at least 6,000 customers of Coinbase Global Inc, according to a breach notification letter sent by the cryptocurrency exchange to affected customers.
White House to convene 30-country cybersecurity meeting
The topics of the meeting, President Biden said, will include combating cybercrime, improving law enforcement collaboration, stemming the illicit use of cryptocurrency, building trusted 5G technology and better securing supply chains.
Flubot Android malware now spreads via fake security updates
The Flubot malware has switched to a new and likely more effective lure to compromise Android devices, now trying to trick its victims into infecting themselves with the help of fake security updates.
New APT ChamelGang Uses Supply Chain Weaknesses to Target Russian Energy, Aviation Firms
The new APT group is specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell.
Hydra Android Trojan Campaign Targets Customers of Commerzbank and other European Banks
Threat actors set up a page posing as the official CommerzBank page and registered multiple domains on the same IP address. Crooks used the fake website to spread fake CommerzBank apps.
Threat Actor Steals Cryptocurrency from Thousands of Coinbase Customers by Exploiting MFA Flaw
In its notification to customers, Coinbase explains that between March and May 20th, 2021, a threat actor conducted a hacking campaign to breach Coinbase customer accounts and steal cryptocurrency.
CISA Releases New Tool to Help Organizations Guard Against Insider Threats
The CISA released an Insider Risk Mitigation Self-Assessment Tool today, which assists public and private sector organizations in assessing their vulnerability to an insider threat.
Cyber Security Awareness Month: Top Five Tips Every Organization Must Follow
It’s the time of year when we need to remember and reinvigorate our efforts to achieve greater awareness of the threats and risks posed by the malicious cyber activity of sophisticated threat actors.
Email Credential Harvesting at Scale Without Malware
One of the newer techniques for BEC scams integrates spear phishing, custom webpages, and the complex cloud single sign-on ecosystem to trick users into unwittingly divulging their credentials.
Arctic Wolf acquires cybersecurity training startup Habitu8
Arctic Wolf, a managed cybersecurity company that offers a “security operations-as-a-concierge” service, has acquired Habitu8, a security training content platform for an undisclosed amount.
QNAP fixes bug that let attackers run malicious commands remotely
Three of the security flaws fixed today by QNAP are high severity stored cross-site scripting (XSS) vulnerabilities tracked as CVE-2021-34354, CVE-2021-34356, and CVE-2021-34355.
Ransomware attacks on the rise – How to counter them?
Hackers easily take advantage of the fact that the attacks are evolving rapidly and are making use of third-party software as carriers, which is something that many organizations are not ready for.
Popular Android Apps with 142.5 Million Collective Installs Leak User Data
CyberNews security researchers found that 14 top Android apps, downloaded by more than 140 million people in total, are leaking user data due to Firebase misconfigurations.
Nation-state attacks fears grow, execs don’t trust governments to protect them from cyber threats
Execs lack faith in government’s ability to protect them from cyber threats, with 60% of firms believing that spending on new security tools and services is the most effective way of stopping attacks.
Google Releases Emergency Update to Fix Two Chrome Zero-Day Vulnerabilities Under Active Exploitation
Google pushed out an emergency Chrome update to fix two zero-days, the second pair this month, that are being exploited in the wild. A dozen such zero-days have been found in 2021.
US Department Store Chain Neiman Marcus Alerts Millions of Online Customers About Security Breach
Of the 4.6 million customers potentially affected, “approximately 3.1 million payment and virtual gift cards were affected, more than 85% of which are expired or invalid,” according to a news release.
Third-party risk prevention strategies inadequate despite organizations being aware of the threats
While companies grapple with third-party cyber risk management, the weak points in their current mitigation strategies exacerbate the threat of cyber incidents, a Forrester Consulting survey reveals.