Researchers at Digital Shadows report having collected over 24 billion usernames and passwords from the dark web – an increase of 65% in just two years. Even after removing duplicates, they still found 6.7 billion unique credentials, an increase of 34% in just two years. Excerpts: We collated more than 24 billion compromised credentials.approximately 6.7 billion credentials had a unique username-and-password pairingThe most common password, 123456, represented 0.46 percent of the total of the 6.7 billion unique credentials.Information-stealing malware persists as a significant threat to your credentials. Some of these tools can be bought for as little as $50, and…
ISBuzz Team
Akamai security researchers have released discovery on Panchan, a new peer-to-peer botnet and SSH worm that emerged in March and has been actively breaching Linux servers since. Panchan, written in Golang, utilizes its built-in concurrency features to maximize spreadability and execute malware modules. The malware also harvests SSH keys to perform lateral movement. To view the full report: https://www.akamai.com/blog/security/new-p2p-botnet-panchan
Following the Department of Energy’s report released yesterday on National Cyber-Informed Engineering Strategies, experts commented below.
Following the news that the Department for Work and Pensions has been knowingly sending people the wrong pension amounts due to an IT system error for the last twenty years, industry leaders reacted below how this has increased the risk to pensioners from opportunistic scammers.
Proofpoint has discovered a potentially dangerous piece of functionality in Office 365 or Microsoft 365 that allows ransomware to encrypt files stored on SharePoint and OneDrive in a way that makes them unrecoverable without dedicated backups or a decryption key from the attacker. The research focused on two of the most popular enterprise cloud apps – SharePoint Online and OneDrive within the Microsoft 365 and Office 365 suites and shows that ransomware actors can now target organizations’ data in the cloud and launch attacks on cloud infrastructure. More information: https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
Microsoft has made the announcement that it will acquire cyber threat analysis and research company, Miburo.
It has been reported that web performance firm Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack last week that peaked at 26 million request per second (rps). It was caused by a small but powerful botnet of just 5,067 devices. This attack didn’t originate from compromised low-bandwidth Internet of Things devices like many other DDoS or junk traffic attacks on websites, but rather from cloud service providers, according to Cloudflare. That it came from cloud provider infrastructure suggests the attackers hijacked higher-bandwidth virtual machines and servers, the firm suggests. This attack was over HTTPS, the…
Researchers at Aqua Security discovered that “tens of thousands of user tokens” are exposed through the Travis CI API allowing access to more than 770 million logs containing credentials for as GitHub, AWS, and Docker Hub. Team Nautilus found that tens of thousands of user tokens are exposed via the Travis CI API, which allows anyone to access historical clear-text logs. More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub.Based on the Travis CI…
New research, released today by Arctic Wolf has discovered that UK cybersecurity professionals are overworked and lacking in confidence to stop cyberattacks. The research found that UK organisations are being put in a precarious and unsecure position, with over a quarter (27%) of respondents stating they don’t feel knowledgeable enough as an individual to spot a cyber threat. The critical nature of these revelations becomes even more apparent when noting the report also discovered that 30% of cybersecurity workers claim they don’t know how to use their organisation’s security tools effectively. Other findings show that more needs to be done…
Interpol has just announced a 76-nation operation to crack down on fraud, including telecommunications or scamming fraud, particularly telephone deception, romance scams, e-mail deception, and connected financial crime – see here. The operation has resulted in: 1,770 locations raided worldwideSome 3,000 suspects identifiedSome 2,000 operators, fraudsters, and money launderers arrestedSome 4,000 bank accounts frozenSome USD 50 million worth of illicit funds intercepted