Millions of Freecycle users need to change their passwords following a huge data breach
Swap-unwanted-stuff-for-free site Freecycle has acknowledged a security breach that took place at the end of last month. Hackers were able to access a wealth of data including usernames, User IDs, email addresses and passwords.
The organization says that it has notified the "appropriate US authorities" of the incident, as well as the Information Commissioner's Offier (ICO) in the UK. Few details of what happened have been revealed, but Freecycle is advising all members to change their account passwords as a security measure.
DDoS attackers shift their targets
The latest global threat analysis report from Radware shows that DDoS attacks are being reshaped in terms of tactics, vector, size, complexity, and hacktivism.
The number of malicious web application transactions skyrocketed by 500 percent compared to the first half of 2022, while the total number of DDoS events decreased by 33 percent. This points to a change in DDoS attack patterns as attacks shift from the network layer to the application layer.
Hacking hybrid: Closing security gaps in a distributed workforce
When, where, and how we work has evolved. And in the past few years, the rise of flexible working patterns has helped improve employee wellbeing and created new opportunities to innovate. According to the Office of National Statistics, 44 percent of people in the UK work in a hybrid model -- making it almost as common as commuting to the office.
At the same time, these new freedoms have ushered in new priorities for security teams. Securing the enterprise is now more complex because the perimeter has become blurred. To address this, focus must be put on securing endpoints, such as PCs and printers -- the "ground zero" for most attacks. New cybersecurity strategies are needed to prevent, detect, and contain cyber-threats, but also enhance remote PC management to mitigate the risks associated with lost or stolen devices.
Ethical hackers: Should businesses tread with caution?
With cybercrime continuing to pose a major threat around the globe, businesses everywhere are increasing their spending on both information security solutions and regular security testing to find vulnerabilities before criminals can exploit them. However, with the latest research showing over 40 percent of cyberattacks last year were in fact zero-day exploits that took advantage of vulnerabilities missed by traditional pen testing, it’s clear that more still needs to be done.
For this reason, a growing number of organizations are turning to so-called 'ethical hackers' or grey hats, who use their skills to find the vulnerabilities that traditional penetration testing organizations can’t. However, while the services on offer can be incredibly effective, the idea of hacking still tends to carry (mostly) negative connotations, which often leaves businesses unsure about finding an ethical hacking service they can trust. For those that wish to explore the idea of ethical hacking further, below are a number of best practice guidelines for doing so:
Almost half of people think cyberattackers shouldn't be prosecuted -- provided they hand back some of their proceeds
New research from cybersecurity company Naoris Protocol finds 48 percent of people surveyed think criminals who break into computer networks with malicious intent should be paid a percentage of the funds they steal and face no prosecution if they return the majority of their spoils.
The survey of over 500 people working in the cybersecurity and web arenas found just 38 percent saying they disagreed with not prosecuting malicious hackers, while 13 percent were unsure.
How long does it take hackers to collect data?
Can you imagine how scary it would be to show up to work one day, ready to dominate, and then BAM! All your confidential files have been stolen, and your computer is now a breeding ground for cyber viruses.
How about if you just launched a new product, which you’ve been advertising for months, and suddenly your website is down, and customers are being redirected to a competitor’s site? Or worse -- you can’t access your online banking account anymore.
Revolut customer data exposed in cyberattack
Fintech firm Revolut has been hit by a cyberattack that resulted in personal data of tens of thousands of users being exposed.
Described as a "highly targeted" attack -- although it is not clear who was targeted or why -- the security incident took place on the night of September 11. The attack gave an unauthorized third-party access to a range of data including postal and email addresses, account information, and phone numbers.
Samsung warns of a security breach that gave hackers access to US customer data
Samsung has revealed limited details of a security incident that took place earlier in the year, exposing the personal data of customers in the US.
The technology giant says that the data breach took place back in July when "an unauthorized third party acquired information from some of Samsung's US systems". No details about who may have been responsible have been released, and Samsung has issued a warning for customers to exercise caution.
LastPass suffers a security breach: hackers steal source code from password management company
LastPass, the firm behind the eponymous password management software, has revealed that it fell victim to a security breach two weeks ago. Although the company is quick to point out that passwords stored by users have not been exposed, the incident remains hugely significant.
The hackers were able to breach the security of a developer account and took advantage of this to steal "source code and some proprietary LastPass technical information". While LastPass is at pains to stress that it has seen "no evidence that this incident involved any access to customer data or encrypted password vaults" it is an incident that will nonetheless dent user confidence.
The race against hackers to secure EV cyber-grid
The electric vehicle (EV) revolution is here. After decades of hype, EVs are finally starting to get their day in the sun. In the last ten years, plug-in hybrid electric vehicles have grown from 16,000 to over 2 million vehicles, and auto executives expect over 50 percent of US vehicles to be all-electric by 2030.
It is not hard to see why experts make such an optimistic prediction. In addition to the growing fleet of EVs, the Bipartisan Infrastructure Deal signed earlier this year will include $7.5 billion to help plan and build an extensive network of EV charging stations across the country, a task critical to ensuring full adoption of the technology. It took decades for the current network of gas stations to stretch from one end of the U.S. to the other, and a similar process is now underway for EV charging stations. An infrastructure project of this size requires thorough planning and significant investment, after all.
Lapsus$ hackers leak Samsung source code and massive data dump from security breach
Samsung appears to have fallen victim to a serious security breach if the leaks from data extortion group Lapsus$ are anything to go by.
Amounting to a colossal 190GB of data, the group says it has in its possession Samsung source code and other confidential company data. It is just days since the Lapsus$ claimed responsibility for a hack that resulted in data being stolen and leaked from data stolen from GPU chipmaker NVIDIA.
Microsoft is right to brand Windows 11 hackers with a scarlet watermark
When Microsoft released Windows 11, there was pretty much universal acclaim for the operating system. Even yours truly (primarily a Linux user) found the new version to be quite good. Despite all the positivity, however, many consumers were dismayed to learn their computers were not compatible with Windows 11. Microsoft had programmed the installer to check for certain hardware, including TPM chips, and stop the installation if requirements were not met.
Of course, some skeptics claimed that these strict system requirements were merely a scheme to increase PC sales. You know what? Maybe sales did factor into Microsoft's motivations. So what? The thing is, Microsoft controls Windows 11, and the company can rightfully make the system requirements to be whatever it wants (and for any reason). Sorry, folks, but that is a fact. Don't like it? Switch to Linux.
To err is human, and that's what hackers are counting on
It's understandable if you've made thwarting ransomware your top cybersecurity priority for 2022. The number of successful ransomware attacks, which encrypt computers until victims pay the attackers to unlock their data, surged last year. Ransomware payments reported by banks and other financial institutions (PDF) totaled $590 million for the first six months of 2021, surpassing the $416 million for all of 2020.
When it comes to protecting your data center and endpoints (e.g., employees' laptops and mobile devices), ransomware should be top of mind. But when securing your cloud environments, don't worry about ransomware -- worry about the misconfigurations that lead to devastating data breaches.
Get 'Tribe of Hackers Security Leaders' ($15 value) FREE for a limited time
The Tribe of Hackers series continues, sharing what CISSPs, CISOs, and other security leaders need to know to build solid cybersecurity teams and keep organizations secure. Dozens of experts and influential security specialists reveal their best strategies for building, leading, and managing information security within organizations.
Tribe of Hackers Security Leaders: Tribal Knowledge from the Best in Cybersecurity Leadership follows the same bestselling format as the original Tribe of Hackers, but with a detailed focus on how information security leaders impact organizational security.
Hackers can use Apple Pay to make large contactless Visa payments with locked iPhones
Researchers from the Computer Science departments of Birmingham and Surrey Universities have discovered a way for hackers to make large, unauthorized payments from locked iPhones by exploiting the functionality of Apple Pay.
The academic researchers found that the attack works on Visa cards in Express Transit mode in an iPhone's wallet. They were able to make a contactless payment of £1,000 (around $1,350) without unlocking the iPhone being used. Despite having been reported to Apple a year ago, the issue remains unfixed.
© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.