TechRepublic reports: “Survey of more than 1,000 professionals reveals that most think their work password practices are secure, but the reality of the situation is anything but. Nearly half admit to password sharing, more than a third say they write their passwords on paper, and one in four said they still have access to accounts from past jobs. The survey, performed by passwordless security company Beyond Identity, suggests a need for businesses to tighten up their password policies, but with an important caveat: Making the process too laborious for employees means that they’ll just find a way to circumvent the rules.…
ISBuzz Team
BACKGROUND: Following the news that REvil ransomware gang has executed a mass supply chain attack through management provider Kaseya and demanded $70m paid in Bitcoin in return to unlock all the files. Cybersecurity experts commented below why combining a supply chain attack with ransomware is a lethal mix with powerful results.
BACKGROUND: A successful ransomware attack on a single company has spread to at least 200 organizations and likely far more, making it one of the single largest criminal ransomware sprees in history. The attack believed to be carried out by the prolific ransomware gang REvil against Kaseya, an international company that remotely controls programs for companies managing internet services businesses.
The National Security Agency, along with CISA, the FBI, and the National Cyber Security Centre has released the joint advisory: Russian GRU conducting global brute force campaigns to compromise enterprise and cloud environments. In response, experts offer perspective.
In 2020, as countries around the world were forced into lockdown, the number of online gamers skyrocketed. In fact, by the end of March 2020, the number of both active users and concurrent users actively playing games on Steam (the most popular online gaming platform, community, and store) reached an all-time record. This record was once again broken in March 2021, with the platform reaching nearly 27 million users. Naturally, as online gaming has become increasingly popular, cybercriminals have been looking for ways to exploit this trend for their personal gain. In spring of last year, Kaspersky researchers found that…
BACKGROUND: A group of top agencies in the United States and United Kingdom on Thursday warned of an ongoing campaign by Russian government-backed hackers using “brute force” hacking techniques to target hundreds of organisations around the world. The FBI, the National Security Agency (NSA), the Cybersecurity and Infrastructure Security Agency (CISA), and the U.K.’s National Cyber Security Centre issued a joint advisory outlining the hacking campaign, ongoing since 2019 and carried out by the Russian General Staff Main Intelligence Directorate (GRU).
BACKGROUND: It has been reported that one of the UK’s top cyber officials has warned of the growing threat to cross-border telecoms, energy and transport infrastructure in Ireland, as she praised continued close cooperation with the UK on security. Speaking remotely at an Institute of International and European Affairs (IIEA) event in Dublin, National Cyber Security Centre (NCSC) CEO, Lindy Cameron, noted that the two countries have “shared cyber interests” and a strong bilateral partnership. This will become increasingly important given the likelihood of escalating cyber-threats impacting both Northern Ireland and its southern neighbor.
BACKGROUND: PrintNightware, a critical Windows print spooler vulnerability that allowed for remote code execution was known as CVE-2021-1675. Exploits were publicly available after Microsoft’s patches failed to fix the issue completely and the security researchers had already published their code, said they deleted it, but it was already branched on GitHub.
The Babuk Locker ransomware builder was uploaded to VirusTotal last week, giving threat actors the ability to modify the ransom note with their own contact info and use it to target Windows, VMware ESXI, Network Attached Storage (NAS) x86, and NAS ARM devices. Security researchers with MalwareHunterTeam also said ID Ransomware received a sharp spike in Babuk Locker submission starting on June 29th. An expert with Blue Hexagon offers perspective.
BACKGROUND: McAfee finds security vulnerabilities in Peloton products.