LastPass Breach Reveals Important Lessons
Devastating cyberattacks often can be prevented with basic cybersecurity measures. The LastPass breach will be remembered as paradigmatic. The blast radius from this August 2022 breach grew from bad to catastrophic during a six-month period. Initially, the LastPass CEO declared the breach contained. However, in November 2022, an unknown threat actor was discovered to have accessed the LastPass' cloud-based storage environment and encrypted password vaults using information obtained during the August incident. READ MORE...
Hyundai data breach exposes owner details in France and Italy
Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data. Hyundai is a multinational automotive manufacturer selling over half a million vehicles per year in Europe, with a market share of roughly 3% in France and Italy. According to multiple reports on Twitter and a sample of the notice shared by "HaveIBeenPwned" creator Troy Hunt, the incident has exposed the following types of data: READ MORE...
Legion: New hacktool steals credentials from misconfigured sites
A new Python-based credential harvester and SMTP hijacking tool named 'Legion' is being sold on Telegram that targets online email services for phishing and spam attacks. Legion is sold by cybercriminals who use the "Forza Tools" moniker and operate a YouTube channel with tutorials and a Telegram channel with over a thousand members. READ MORE...
DDoS attacks shifting to VPS infrastructure for increased power
Hyper-volumetric DDoS (distributed denial of service) attacks in the first quarter of 2023 have shifted from relying on compromised IoT devices to leveraging breached Virtual Private Servers (VPS). According to internet security company Cloudflare, the newer generation of botnets gradually abandoned the tactic of building large swarms of individually weak IoT devices and are now shifting towards enslaving vulnerable and misconfigured VPS servers using leaked API credentials or known exploits. READ MORE...
What are the cybersecurity concerns of SMBs by sector?
Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured. While threat detections continue to rise, the widening cybersecurity skills gap is leaving businesses exposed. It is an issue particularly felt by SMBs forced to rein in their spending due to the current economic climate. READ MORE...
The new weakest link in the cybersecurity chain
It used to be that people were the greatest cybersecurity vulnerability, but this is no longer true. The rise of the internet made people more connected than ever. Attackers capitalized on that fact and targeted employees directly to gain access to an organization. Leveraging highly automated methods (such as phishing that redirects users to compromised websites), attackers must only fool one employee to start a catastrophic attack against the entire organization. READ MORE...
- ...in 1861, after a 33-hour bombardment by Confederate cannon, Fort Sumter in Charleston Harbor surrenders.
- ...in 1870, the Metropolitan Museum of Art is founded in New York City.
- ...in 1984, Pete Rose becomes the first player in National League history to get 4,000 career hits.
- ...in 1997, Tiger Woods becomes the youngest golfer to win golf's Masters Tournament, at the age of 21.
