Password Reuse at 60% as 1.5 Billion Combos Discovered Online
A security vendor discovered nearly 1.5 billion breached log-in combos circulating online last year and billions of more pieces of personal information (PII), with password reuse and weak hashing algorithms commonplace.
Poor password security is still rife: for users with more than one password stolen last year, SpyCloud found that 60% of credentials were reused across multiple accounts, exposing them to credential stuffing and other brute force tactics.
Nearly two million passwords contained “2020,” while almost 200,000 featured COVID-related keywords like “corona” and “pandemic.”
The Best Practices and Trends: Voice Biometrics forecasts increased uptake of voice biomaetics, primarily in customer-experience use cases and also for employees and business in the financial service sectors- as the COVID-19 pandemic heightens security risks for organizations and their customers across the globe. Unlike passwords or other types of biometrics, voice is not static and already has numerous security features to combat fraud. Passwords may be vulnerable to replay attacks, stuffing, snooping and spraying, and fingerprint data is sold on the dark web, while voice biometrics are tough to crack. Voice biometrics can substitute traditional authentication methods (cards, passwords, signature, fingerprint, etc) in security access control, allowing employees or business stakeholders safer entry into business premises. While the human voice is already the gateway to several services and applications that have become an important part of our daily lives, the voice print is expected to play a significant role in the banking sector, with several banks across the globe saying they are planning to rollout voice biometrics to offer customers new products and services without unnecessarily increasing risk or fraud rates. https://www.itweb.co.za/content/dgp45va6Kop7X9l8
CloudSphere, a cloud management platform organization, released a report which shows “32% of enterprises experienced unauthorized access to cloud resources, and another 19% were unaware if unauthorized access occurred.” This is mostly due to poor enforcement of identity and access management (IAM) policies in the cloud.
The complexity of cloud environments and integrating more than one cloud environment makes it difficult for organizations to know which level of access the end users have at times. The article states, “Research found that while 78% claimed to be able to enforce IAM policies, 69% reported policy enforcement issues created unauthorized access.” While organizations may think they have access control, in reality there is a gap in policy enforcement, leading to failures.
IAM policies often fail due to the need to configure the cloud environment manually. Most organizations don’t have the security resources to address this issue directly. They are focused on the day to day activities and often grant too much access in lieu of restricting access. They also don’t incorporate alerting or automation to make sure they are notified when too many unauthorized attempts are happening.
This report highlights the need for organizations to focus on IAM. Without proper IAM, an organization is leaving themselves vulnerable to data leakage, reputation damage and financial loss.
Financial Crime Surges in 2020 Following Shift to Digital Banking and Commerce
This is according to one Financial Crime Report Q1 – 2021, which compared the volume of financial fraud and crime in Q4 and Q1 2020, with the latter quarter mainly unaffected by the pandemic.
The study found there was a 650% surge in account takeover (ATO) in Q4 compared to Q1, with malicious actors taking advantage of the growth in online accounts during the crisis. The authors noted that the expansion of online banking and real-time payment functions have made it easier for fraudsters to transfer funds or buy goods with stolen credentials once an account has been accessed.
There was also a 250% increase in attempted fraud on online banking detected between the two periods, fuelled by a 200% growth in mobile banking. This shift to digital banking led to a reduction in telephone and branch fraud rates.
In regard to card fraud, the researchers revealed there was a 48% fall in card present attacks as physical shopping declined during the pandemic, with this type of transaction dropping by 20%. Card not present transactions went up by 35% between Q1 and Q4 2020, and unsurprisingly, fraud attacks targeting this increased, making up 70% of all fraud.
Video sharing platform, TikTok, agreed to pay a $92 million settlement on class-action lawsuit that invades user privacy. The lawsuit alleges TikTok was using a complex AI system to capture facial features in user submitted videos. Based on the facial features captured, algorithms are established to try to identify the user’s age, gender, and ethnicity. Furthermore, the lawsuit claims there was other personally identifiable information being captured and shared with other third-parties such as Facebook and Google without user consent. The biggest controversy is the collection of data of minors and some were as young as six years old.
GitHub Informs Users of ‘Potentially Serious’ Authentication Bug
GitHub on Monday informed users that it had discovered what it described as an “extremely rare, but potentially serious” security bug related to how some authenticated sessions were handled.
GitHub said the vulnerability was caused by a race condition that in extremely rare circumstances resulted in a user’s session being routed to the browser of a different authenticated user, providing this second user with a valid and authenticated session cookie for the first user’s account.
GitHub’s Chief Security Officer said this issue is not the result of compromised account passwords, SSH keys, or personal access tokens (PAT), and there is no evidence that this is the result of any other GitHub system compromised. Instead, this problem is caused by the rare and isolated incorrect handling of authenticated sessions. In addition, it is impossible for a malicious user to deliberately trigger or target this issue.
The Microsoft-owned software development platform said the issue was discovered on March 2 and an initial patch was rolled out on March 5. A second patch was released on March 8 and on the evening of the same day the company decided to invalidate all authenticated sessions to completely eliminate the possibility of exploitation.
Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report
Four previously unknown or ‘zero-day’ vulnerabilities in Microsoft Exchange Server are now being used in widespread attacks against thousands of organizations with potentially tens of thousands of organizations affected, according to security researchers. Microsoft, which issued emergency patches for last week, attributed the attacks to a newly discovered hacking team it calls Hafnium, most likely a China-backed group. Microsoft said they were “limited targeted attacks” but warned they could be more widely exploited in the near future. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an order to agencies to apply the patches for on-premise Exchange systems or to simply disconnect vulnerable servers after seeing “active exploitation” of the vulnerabilities. In other words, patch now or cut off a vital communications tool. Microsoft urged Exchange customers, which range from large enterprise to small businesses, to apply the patches immediately because “nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems.” CISA over the weekend warned that it was “aware of widespread domestic and international exploitation” of Microsoft Exchange Server vulnerabilities and urged the scanning of Exchange Server logs with Microsoft’s IOC detection tool to help determine compromise.
Chris Krebs, the former director of CISA, reckons government agencies and small businesses will be more affected by these attacks than large enterprise. He believes the Exchange bugs will disproportionately affect small businesses and organizations in the education sector as well as state and local governments. The Hafnium attackers deployed “web shells” on compromised Exchange servers for the purpose of stealing data and installing more malware. Web shells are small scripts that provide a basic interface for remote access to a compromised system. The webshell gives the hackers administrative access to the computers/servers. The Hafnium hackers have accelerated attacks on vulnerable Exchange servers since Microsoft released the patches. The bugs are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.
#IWD2021: Pandemic Fails to Shatter Glass Ceiling for Women in Cyber
Although the pandemic has brought forth many more cybersecurity job opportunities, few women are able to reach senior positions. Many companies are more willing to take new hires in 2020 and respondents have expressed they feel secure in this new job market. However, looking beyond job security, in top-level management, only about 1-% of board positions and 16% of management roles are held by women. In polls from younger women, they expressed they find the industry important and interesting but only 26% were likely to consider a career in the industry.
Research from the CIISec found that 57% of women in cybersecurity believe it’ll take more than a decade to find equality in the workplace and 20% responded they don’t think it’ll ever happen. By bringing in awareness about the huge gender gaps, hopefully in the future, there will be more initiative to help to diversify the job pool and creating opportunities for women in this industry.
SITA, an aviation IT company has been breached in supply chain attack affecting multiple airlines and millions of passengers. SITA provides IT and telecom services to around 400 members in the industry, serving 90% of the global airlines business. Attackers compromised passenger data stored on its SITA passenger system servers in the US. The servers operate passenger processing systems for airline clients. SITA had contacted the affected PSS customers and all related organizations. The information compromised was the membership numbers, tier status, and membership name. Some of the airlines that were affected include Malaysian airlines, Singapore airlines, Finnair, etc.
A software provider, Precise Biometrics, currently develops software to improve companies’ access control like the implementation of biometrics. Although their many methods to implement the access control, the experts point out that the traditional access solutions contain several problems, such as tags, keys, and passcodes. In order to avoid this issue, facial recognition provides a high-secure authentication to reduce some issues from the traditional access controls. Precise Biometrics develops an approach that combines the traditional and digital methods to satisfy the requirements, and it and Qualcomm collaborate to develop fingerprint software for ultrasonic 3D sensors. In doing this new technology, the company will move from open-source to cloud-based, and its clients can add new features as needed. Also, this company offers a stand-alone solution, which a web relay controlling the entrance point and a solution that integrates with an existing access management system. This can help many companies reduce the cost to update their access control systems.
“Microsoft hack: Biden launches emergency taskforce to address cyber-attack”
The Biden administration is launching an emergency taskforce to address an aggressive cyber-attack that has affected hundreds of thousands of Microsoft customers around the world – the second major hacking campaign to hit the US since the election.The attack, first reported by security researcher Brian Krebs on 5 March, allowed hackers to access the email accounts of at least 30,000 organizations in the US. These back channels for remote access can affect credit unions, town governments and small business, and have left US officials scrambling to reach victims, with the FBI on Sunday urging them to contact the law enforcement agency. https://www.theguardian.com/us-news/2021/mar/08/microsoft-cyber-attack-biden-emergency-task-force
More breaches to Microsoft accounts have been occurring thanks to a fake Google reCAPTCHA site. The false Google reCAPTCHA site performs a test to make sure the user is a human, and once they’ve passed the test, the user is then directed to a phishing page that looks identical to the Microsoft landing page for logging in. This attack specifically targets senior positions in businesses such as Managing Director or Vice President. I believe this article, and many other articles that I’ve previously submitted, show the importance of having a multi-factor authentication method on accounts to prevent total loss of an account. While the phishing page gets your username and password, MFA methods need more such as an external authenticator, either physical key or software installed on a mobile device.
Microsoft hack: Biden launches emergency taskforce to address cyber-attack
The Biden administration is launching an emergency taskforce to address an aggressive cyber-attack that has affected hundreds of thousands of Microsoft customers around the world The attack infiltrated Microsoft Exchange accounts using tools that give the attackers “total, remote control over the affected systems”, The attack may have claimed over 60,000 victims, including the European Banking Authority. The Chinese hacking group, which Microsoft calls Hafnium, appears to have been breaking into private and government computer networks through the company’s popular Exchange email software for a number of months, initially targeting only a small number of victims Microsoft has issued patches for the attack on Tuesday, but fixing the issue will be more complicated as these patches do not undo the damage already caused
The article I chose this week is about enforcement of access controls in the cloud and how many companies attempt to repeat their access controls in the cloud using the same policy methods as they do for on premise infrastructure. Similarly, identity and access management tools are simply retrofit to accommodate cloud environments and as organizations move to a multi-cloud environment the tools and policy sets cannot easily determine who has access to what data in their cloud environments resulting in a exposure of 32% of access policy violations.
I’m stuck on biometrics! It’s such an evolving topic in the IT industry. With lofty goals of it being the way of an authenticated future, IT professionals are forgetting that like anything else, it can be hacked! Which brings me to the article for this week! It’s a little old but it’s the thing we fear most. Poor security configurations leading to the exposure of biometrics online. In 2019, a service that reviews VPNs uncovered vulnerable ports (surprise surprise) which lead to a database that contained over 27.8 million records and 23 GBs of data that included admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff. And one wild guess as to what entities these biometrics were being used in? Banks, UK police and defense firms. the articles goes on to comment on how common these “mistakes” are but that the true test is how you react when they are found. I feel so safe right now.
Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices
Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content.
Tracked as CVE-2021-1844, the vulnerability was discovered and reported to the company by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research.
According to the update notes posted by Apple, the flaw stems from a memory corruption issue that could lead to arbitrary code execution when processing specially crafted web content. The company said the problem was addressed with “improved validation.”
The latest development comes on the heels of a patch for three zero-day vulnerabilities (CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871) that was released in January. The weaknesses, which allow an attacker to elevate privileges and achieve remote code execution, were later exploited by the team behind the “unc0ver” jailbreak tool to unlock almost every single iPhone model running 14.3.
Users of Apple devices or those running a vulnerable version of Chrome are advised to install the updates as soon as possible to mitigate the risk associated with the flaws. https://thehackernews.com/2021/03/apple-issues-patch-for-remote-hacking.html?&web_view=true
Microsoft announced four zero-day vulnerabilities in its Exchange servers this week. In a blog post Microsoft attributes the attack to a nation state hacker group called HAFNIUM. The vulnerabilities affect the on-premises version of Microsoft Exchange Server. Microsoft Exchange Online is not affected by these vulnerabilities. We ony a few on prem exchange servers to migrate to office 365 online, so we have have dodged a bullet. The companies and organizations still using on prem Exchange seem to have a bunch of patching to do as well as some forensic work to rule out any foul play.
Kaspersky said that most threat intelligence analysts are not allowed to share artifacts with their counterparts in professional networks, thus hindering the global fight against cyber attacks. The report shows that it shows that two-thirds (66%) of threat intelligence analysts participate in a professional community in order to gain access to the latest and actionable information to help them protect the organization.
This includes subscribing to the vulnerability database (61%), participating in professional forums and blogs (45%) and receiving threat intelligence from paid (42%) and free (33%) feeds.
However, employers generally oppose these same analysts who share their own intelligence with external communities. More than half (52%) claimed that they did not allow such activities.
Zibai Yang says
Password Reuse at 60% as 1.5 Billion Combos Discovered Online
A security vendor discovered nearly 1.5 billion breached log-in combos circulating online last year and billions of more pieces of personal information (PII), with password reuse and weak hashing algorithms commonplace.
Poor password security is still rife: for users with more than one password stolen last year, SpyCloud found that 60% of credentials were reused across multiple accounts, exposing them to credential stuffing and other brute force tactics.
Nearly two million passwords contained “2020,” while almost 200,000 featured COVID-related keywords like “corona” and “pandemic.”
https://www.infosecurity-magazine.com/news/password-reuse-60-15-billion/
Ting-Yen Huang says
Pandemic to speed up adoption of voice biometrics
The Best Practices and Trends: Voice Biometrics forecasts increased uptake of voice biomaetics, primarily in customer-experience use cases and also for employees and business in the financial service sectors- as the COVID-19 pandemic heightens security risks for organizations and their customers across the globe. Unlike passwords or other types of biometrics, voice is not static and already has numerous security features to combat fraud. Passwords may be vulnerable to replay attacks, stuffing, snooping and spraying, and fingerprint data is sold on the dark web, while voice biometrics are tough to crack. Voice biometrics can substitute traditional authentication methods (cards, passwords, signature, fingerprint, etc) in security access control, allowing employees or business stakeholders safer entry into business premises. While the human voice is already the gateway to several services and applications that have become an important part of our daily lives, the voice print is expected to play a significant role in the banking sector, with several banks across the globe saying they are planning to rollout voice biometrics to offer customers new products and services without unnecessarily increasing risk or fraud rates.
https://www.itweb.co.za/content/dgp45va6Kop7X9l8
Jonathan Castelli says
CloudSphere, a cloud management platform organization, released a report which shows “32% of enterprises experienced unauthorized access to cloud resources, and another 19% were unaware if unauthorized access occurred.” This is mostly due to poor enforcement of identity and access management (IAM) policies in the cloud.
The complexity of cloud environments and integrating more than one cloud environment makes it difficult for organizations to know which level of access the end users have at times. The article states, “Research found that while 78% claimed to be able to enforce IAM policies, 69% reported policy enforcement issues created unauthorized access.” While organizations may think they have access control, in reality there is a gap in policy enforcement, leading to failures.
IAM policies often fail due to the need to configure the cloud environment manually. Most organizations don’t have the security resources to address this issue directly. They are focused on the day to day activities and often grant too much access in lieu of restricting access. They also don’t incorporate alerting or automation to make sure they are notified when too many unauthorized attempts are happening.
This report highlights the need for organizations to focus on IAM. Without proper IAM, an organization is leaving themselves vulnerable to data leakage, reputation damage and financial loss.
https://apnews.com/press-release/business-wire/technology-north-america-cloud-computing-palo-alto-computer-and-data-security-db7ad7ca9613428b991ce74190ffc4de
Xinyi Zheng says
Financial Crime Surges in 2020 Following Shift to Digital Banking and Commerce
This is according to one Financial Crime Report Q1 – 2021, which compared the volume of financial fraud and crime in Q4 and Q1 2020, with the latter quarter mainly unaffected by the pandemic.
The study found there was a 650% surge in account takeover (ATO) in Q4 compared to Q1, with malicious actors taking advantage of the growth in online accounts during the crisis. The authors noted that the expansion of online banking and real-time payment functions have made it easier for fraudsters to transfer funds or buy goods with stolen credentials once an account has been accessed.
There was also a 250% increase in attempted fraud on online banking detected between the two periods, fuelled by a 200% growth in mobile banking. This shift to digital banking led to a reduction in telephone and branch fraud rates.
In regard to card fraud, the researchers revealed there was a 48% fall in card present attacks as physical shopping declined during the pandemic, with this type of transaction dropping by 20%. Card not present transactions went up by 35% between Q1 and Q4 2020, and unsurprisingly, fraud attacks targeting this increased, making up 70% of all fraud.
https://www.infosecurity-magazine.com/news/financial-crime-digital-banking/
Anthony Wong says
Video sharing platform, TikTok, agreed to pay a $92 million settlement on class-action lawsuit that invades user privacy. The lawsuit alleges TikTok was using a complex AI system to capture facial features in user submitted videos. Based on the facial features captured, algorithms are established to try to identify the user’s age, gender, and ethnicity. Furthermore, the lawsuit claims there was other personally identifiable information being captured and shared with other third-parties such as Facebook and Google without user consent. The biggest controversy is the collection of data of minors and some were as young as six years old.
https://www.zdnet.com/article/tiktok-agrees-to-pay-92-million-to-settle-teen-privacy-class-action-lawsuit/
https://www.npr.org/2021/02/25/971460327/tiktok-to-pay-92-million-to-settle-class-action-suit-over-theft-of-personal-data
Wenyao Ma says
GitHub Informs Users of ‘Potentially Serious’ Authentication Bug
GitHub on Monday informed users that it had discovered what it described as an “extremely rare, but potentially serious” security bug related to how some authenticated sessions were handled.
GitHub said the vulnerability was caused by a race condition that in extremely rare circumstances resulted in a user’s session being routed to the browser of a different authenticated user, providing this second user with a valid and authenticated session cookie for the first user’s account.
GitHub’s Chief Security Officer said this issue is not the result of compromised account passwords, SSH keys, or personal access tokens (PAT), and there is no evidence that this is the result of any other GitHub system compromised. Instead, this problem is caused by the rare and isolated incorrect handling of authenticated sessions. In addition, it is impossible for a malicious user to deliberately trigger or target this issue.
The Microsoft-owned software development platform said the issue was discovered on March 2 and an initial patch was rolled out on March 5. A second patch was released on March 8 and on the evening of the same day the company decided to invalidate all authenticated sessions to completely eliminate the possibility of exploitation.
https://www.securityweek.com/github-informs-users-potentially-serious-authentication-bug
Anthony Messina says
Microsoft Exchange zero-day attacks: 30,000 servers hit already, says report
Four previously unknown or ‘zero-day’ vulnerabilities in Microsoft Exchange Server are now being used in widespread attacks against thousands of organizations with potentially tens of thousands of organizations affected, according to security researchers. Microsoft, which issued emergency patches for last week, attributed the attacks to a newly discovered hacking team it calls Hafnium, most likely a China-backed group. Microsoft said they were “limited targeted attacks” but warned they could be more widely exploited in the near future. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an order to agencies to apply the patches for on-premise Exchange systems or to simply disconnect vulnerable servers after seeing “active exploitation” of the vulnerabilities. In other words, patch now or cut off a vital communications tool. Microsoft urged Exchange customers, which range from large enterprise to small businesses, to apply the patches immediately because “nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems.” CISA over the weekend warned that it was “aware of widespread domestic and international exploitation” of Microsoft Exchange Server vulnerabilities and urged the scanning of Exchange Server logs with Microsoft’s IOC detection tool to help determine compromise.
Chris Krebs, the former director of CISA, reckons government agencies and small businesses will be more affected by these attacks than large enterprise. He believes the Exchange bugs will disproportionately affect small businesses and organizations in the education sector as well as state and local governments. The Hafnium attackers deployed “web shells” on compromised Exchange servers for the purpose of stealing data and installing more malware. Web shells are small scripts that provide a basic interface for remote access to a compromised system. The webshell gives the hackers administrative access to the computers/servers. The Hafnium hackers have accelerated attacks on vulnerable Exchange servers since Microsoft released the patches. The bugs are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065.
https://www.zdnet.com/article/microsoft-exchange-zero-day-attacks-30000-servers-hit-already-says-report/
Mei X Wang says
#IWD2021: Pandemic Fails to Shatter Glass Ceiling for Women in Cyber
Although the pandemic has brought forth many more cybersecurity job opportunities, few women are able to reach senior positions. Many companies are more willing to take new hires in 2020 and respondents have expressed they feel secure in this new job market. However, looking beyond job security, in top-level management, only about 1-% of board positions and 16% of management roles are held by women. In polls from younger women, they expressed they find the industry important and interesting but only 26% were likely to consider a career in the industry.
Research from the CIISec found that 57% of women in cybersecurity believe it’ll take more than a decade to find equality in the workplace and 20% responded they don’t think it’ll ever happen. By bringing in awareness about the huge gender gaps, hopefully in the future, there will be more initiative to help to diversify the job pool and creating opportunities for women in this industry.
https://www.infosecurity-magazine.com/news/pandemic-fails-shatter-glass/
Priyanka Ranu says
SITA Supply Chain Breach Hits Multiple Airlines
SITA, an aviation IT company has been breached in supply chain attack affecting multiple airlines and millions of passengers. SITA provides IT and telecom services to around 400 members in the industry, serving 90% of the global airlines business. Attackers compromised passenger data stored on its SITA passenger system servers in the US. The servers operate passenger processing systems for airline clients. SITA had contacted the affected PSS customers and all related organizations. The information compromised was the membership numbers, tier status, and membership name. Some of the airlines that were affected include Malaysian airlines, Singapore airlines, Finnair, etc.
https://www.infosecurity-magazine.com/news/sita-supply-chain-breach-hits/
Cami Chen says
A software provider, Precise Biometrics, currently develops software to improve companies’ access control like the implementation of biometrics. Although their many methods to implement the access control, the experts point out that the traditional access solutions contain several problems, such as tags, keys, and passcodes. In order to avoid this issue, facial recognition provides a high-secure authentication to reduce some issues from the traditional access controls. Precise Biometrics develops an approach that combines the traditional and digital methods to satisfy the requirements, and it and Qualcomm collaborate to develop fingerprint software for ultrasonic 3D sensors. In doing this new technology, the company will move from open-source to cloud-based, and its clients can add new features as needed. Also, this company offers a stand-alone solution, which a web relay controlling the entrance point and a solution that integrates with an existing access management system. This can help many companies reduce the cost to update their access control systems.
https://www.biometricupdate.com/202103/precise-biometrics-updates-access-control-strategy-to-boost-partnerships
Haozhe Lin says
“Microsoft hack: Biden launches emergency taskforce to address cyber-attack”
The Biden administration is launching an emergency taskforce to address an aggressive cyber-attack that has affected hundreds of thousands of Microsoft customers around the world – the second major hacking campaign to hit the US since the election.The attack, first reported by security researcher Brian Krebs on 5 March, allowed hackers to access the email accounts of at least 30,000 organizations in the US. These back channels for remote access can affect credit unions, town governments and small business, and have left US officials scrambling to reach victims, with the FBI on Sunday urging them to contact the law enforcement agency.
https://www.theguardian.com/us-news/2021/mar/08/microsoft-cyber-attack-biden-emergency-task-force
Krish Damany says
More breaches to Microsoft accounts have been occurring thanks to a fake Google reCAPTCHA site. The false Google reCAPTCHA site performs a test to make sure the user is a human, and once they’ve passed the test, the user is then directed to a phishing page that looks identical to the Microsoft landing page for logging in. This attack specifically targets senior positions in businesses such as Managing Director or Vice President. I believe this article, and many other articles that I’ve previously submitted, show the importance of having a multi-factor authentication method on accounts to prevent total loss of an account. While the phishing page gets your username and password, MFA methods need more such as an external authenticator, either physical key or software installed on a mobile device.
https://threatpost.com/google-recaptcha-phishing-office-365/164566/
Kyuande Johnson says
Microsoft hack: Biden launches emergency taskforce to address cyber-attack
The Biden administration is launching an emergency taskforce to address an aggressive cyber-attack that has affected hundreds of thousands of Microsoft customers around the world The attack infiltrated Microsoft Exchange accounts using tools that give the attackers “total, remote control over the affected systems”, The attack may have claimed over 60,000 victims, including the European Banking Authority. The Chinese hacking group, which Microsoft calls Hafnium, appears to have been breaking into private and government computer networks through the company’s popular Exchange email software for a number of months, initially targeting only a small number of victims Microsoft has issued patches for the attack on Tuesday, but fixing the issue will be more complicated as these patches do not undo the damage already caused
https://www.cnbc.com/2021/03/09/microsoft-exchange-hack-explained.html
Heather Ergler says
https://apnews.com/press-release/business-wire/technology-north-america-cloud-computing-palo-alto-computer-and-data-security-db7ad7ca9613428b991ce74190ffc4de
The article I chose this week is about enforcement of access controls in the cloud and how many companies attempt to repeat their access controls in the cloud using the same policy methods as they do for on premise infrastructure. Similarly, identity and access management tools are simply retrofit to accommodate cloud environments and as organizations move to a multi-cloud environment the tools and policy sets cannot easily determine who has access to what data in their cloud environments resulting in a exposure of 32% of access policy violations.
Vanessa Marin says
I’m stuck on biometrics! It’s such an evolving topic in the IT industry. With lofty goals of it being the way of an authenticated future, IT professionals are forgetting that like anything else, it can be hacked! Which brings me to the article for this week! It’s a little old but it’s the thing we fear most. Poor security configurations leading to the exposure of biometrics online. In 2019, a service that reviews VPNs uncovered vulnerable ports (surprise surprise) which lead to a database that contained over 27.8 million records and 23 GBs of data that included admin panels, dashboards, fingerprint data, facial recognition data, face photos of users, unencrypted usernames and passwords, logs of facility access, security levels and clearance, and personal details of staff. And one wild guess as to what entities these biometrics were being used in? Banks, UK police and defense firms. the articles goes on to comment on how common these “mistakes” are but that the true test is how you react when they are found. I feel so safe right now.
https://www.theguardian.com/technology/2019/aug/14/major-breach-found-in-biometrics-system-used-by-banks-uk-police-and-defence-firms
Zhen Li says
Apple Issues Patch for Remote Hacking Bug Affecting Billions of its Devices
Apple has released out-of-band patches for iOS, macOS, watchOS, and Safari web browser to address a security flaw that could allow attackers to run arbitrary code on devices via malicious web content.
Tracked as CVE-2021-1844, the vulnerability was discovered and reported to the company by Clément Lecigne of Google’s Threat Analysis Group and Alison Huffman of Microsoft Browser Vulnerability Research.
According to the update notes posted by Apple, the flaw stems from a memory corruption issue that could lead to arbitrary code execution when processing specially crafted web content. The company said the problem was addressed with “improved validation.”
The latest development comes on the heels of a patch for three zero-day vulnerabilities (CVE-2021-1782, CVE-2021-1870, and CVE-2021-1871) that was released in January. The weaknesses, which allow an attacker to elevate privileges and achieve remote code execution, were later exploited by the team behind the “unc0ver” jailbreak tool to unlock almost every single iPhone model running 14.3.
Users of Apple devices or those running a vulnerable version of Chrome are advised to install the updates as soon as possible to mitigate the risk associated with the flaws.
https://thehackernews.com/2021/03/apple-issues-patch-for-remote-hacking.html?&web_view=true
Kelly Conger says
Microsoft announced four zero-day vulnerabilities in its Exchange servers this week. In a blog post Microsoft attributes the attack to a nation state hacker group called HAFNIUM. The vulnerabilities affect the on-premises version of Microsoft Exchange Server. Microsoft Exchange Online is not affected by these vulnerabilities. We ony a few on prem exchange servers to migrate to office 365 online, so we have have dodged a bullet. The companies and organizations still using on prem Exchange seem to have a bunch of patching to do as well as some forensic work to rule out any foul play.
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Kelly Conger says
Wow, I really wish you could edit your post.
We ony = We only have a few….
so we have have dodged = so we may have dodged…
Junhan Hao says
Kaspersky said that most threat intelligence analysts are not allowed to share artifacts with their counterparts in professional networks, thus hindering the global fight against cyber attacks. The report shows that it shows that two-thirds (66%) of threat intelligence analysts participate in a professional community in order to gain access to the latest and actionable information to help them protect the organization.
This includes subscribing to the vulnerability database (61%), participating in professional forums and blogs (45%) and receiving threat intelligence from paid (42%) and free (33%) feeds.
However, employers generally oppose these same analysts who share their own intelligence with external communities. More than half (52%) claimed that they did not allow such activities.
Junhan Hao says
https://www.infosecurity-magazine.com/news/most-threat-analysts-banned/