Devastating cyberattacks often can be prevented with basic cybersecurity measures. The LastPass breach will be remembered as paradigmatic. The blast radius from this August 2022 breach grew from bad to catastrophic during a six-month period. Initially, the LastPass CEO declared the breach contained. However, in November 2022, an unknown threat actor was discovered to have accessed the LastPass' cloud-based storage environment and encrypted password vaults using information obtained during the August incident. READ MORE...
Hyundai has disclosed a data breach impacting Italian and French car owners and those who booked a test drive, warning that hackers gained access to personal data. Hyundai is a multinational automotive manufacturer selling over half a million vehicles per year in Europe, with a market share of roughly 3% in France and Italy. According to multiple reports on Twitter and a sample of the notice shared by "HaveIBeenPwned" creator Troy Hunt, the incident has exposed the following types of data: READ MORE...
A new Python-based credential harvester and SMTP hijacking tool named 'Legion' is being sold on Telegram that targets online email services for phishing and spam attacks. Legion is sold by cybercriminals who use the "Forza Tools" moniker and operate a YouTube channel with tutorials and a Telegram channel with over a thousand members. READ MORE...
Hyper-volumetric DDoS (distributed denial of service) attacks in the first quarter of 2023 have shifted from relying on compromised IoT devices to leveraging breached Virtual Private Servers (VPS). According to internet security company Cloudflare, the newer generation of botnets gradually abandoned the tactic of building large swarms of individually weak IoT devices and are now shifting towards enslaving vulnerable and misconfigured VPS servers using leaked API credentials or known exploits. READ MORE...
Some sectors have high confidence in their in-house cybersecurity expertise, while others prefer to enlist the support of an external provider to keep their systems and data secured. While threat detections continue to rise, the widening cybersecurity skills gap is leaving businesses exposed. It is an issue particularly felt by SMBs forced to rein in their spending due to the current economic climate. READ MORE...
It used to be that people were the greatest cybersecurity vulnerability, but this is no longer true. The rise of the internet made people more connected than ever. Attackers capitalized on that fact and targeted employees directly to gain access to an organization. Leveraging highly automated methods (such as phishing that redirects users to compromised websites), attackers must only fool one employee to start a catastrophic attack against the entire organization. READ MORE...