IT Security Newsletter - 10/22/2021
Nearly Three-Quarters of Organizations Victimized by DNS Attacks in Past 12 Months
Domain name system (DNS) attacks are impacting organizations at worrisome rates. According to a new survey from the Neustar International Security Council (NISC) conducted in September 2021, 72% of study participants reported experiencing a DNS attack within the last 12 months. Among those targeted, 61% have seen multiple attacks and 11% said they have been victimized regularly. READ MORE...
Cybercrime matures as hackers are forced to work smarter
An analysis of 500 hacking incidents across a wide range of industries has revealed trends that characterize a maturity in the way hacking groups operate today. Researchers at Kaspersky have focused on the Russian cybercrime underground, which is currently one of the most prolific ecosystems, but many elements in their findings are common denominators for all hackers groups worldwide. READ MORE...
Hacking gang creates fake firm to hire pentesters for ransomware attacks
The FIN7 hacking group is attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting. FIN7 (aka 'Carbanak') has been involved in cyberattacks and money-stealing campaigns since 2015 when they first appeared in the cybercrime space, including infecting ATMs with MITM-enabling malware. As ransomware has become a profitable field for cybercriminals, and having previous experience with fake front companies like "Combi Security", the group set up a new firm to lure legitimate IT specialists. READ MORE...
How hackers hijacked thousands of high-profile YouTube accounts
Since at least 2019, hackers have been hijacking high-profile YouTube channels. Sometimes they broadcast cryptocurrency scams, sometimes they simply auction off access to the account. Now, Google has detailed the technique that hackers-for-hire used to compromise thousands of YouTube creators in just the past couple of years. Cryptocurrency scams and account takeovers themselves aren't a rarity, look no further than last fall's Twitter hack for an example of that chaos at scale. READ MORE...
Security Teams Still Favor Prevention Over Detection
Security leaders are adjusting their technology "musts" to prioritize endpoint security, data protection, and remote access. Interest in these technologies appears to be driven by new security threats and the fact that many organizations are embracing a hybrid workforce. Security and IT teams are interested in a multilayered approach data and are working with both technologies for preventing and blocking attacks, as well as techsfor detecting and responding to breaches post-incident. READ MORE...
Update now! Chrome fixes more security issues
For the third time in a month Google has issued an update to patch for several security issues. This time the update patches 19 vulnerabilities, of which 5 are classified as "high" risk vulnerabilities. In an update announcement for Chrome 95.0.4638.54, Google specifies the 16 vulnerabilities that were found by external researchers. Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. READ MORE...
- ...in 1797, The first parachute jump is made by AndrÉ-Jacques Garnerin from a hydrogen balloon 3,200 feet above Paris.
- ...in 1907, the Ringling Brothers' company buys Barnum & Bailey, running them as separate circuses before merging them in 1919.
- ...in 1962, actor and comedian Bob Odenkirk ("Mr. Show", "Better Call Saul") is born in Berwyn, IL.
- ...in 1962, President Kennedy tells Americans about the Cuban Missile Crisis and announces the blockade of Cuba.