Constella Intelligence research reveals that one in four cybersecurity leaders use the same passwords for both work and personal use; more than half experience account takeover first-hand
May 21, 2021
Constella Intelligence (“Constella”), Digital Risk Protection leader, released the results of “Cyber Risk in Today’s Hyperconnected World,” a survey that unlocks the behaviors and tendencies that characterize how vigilant organizations’ leaders are when it comes to reducing cyber vulnerability, allowing the industry to better understand how social media is leveraged as an attack vector and how leaders are responding to this challenge.
The municipality of The Hague in The Netherlands allows itself to be hacked every year during Hâck The Hague. A hacking competition organized by the municipality, together with cybersecurity company Cybersprint. On Monday, September 27, 2021, 200 ethical hackers from the Netherlands and abroad will once again try to detect vulnerabilities in the digital infrastructure of the municipality and its suppliers. With this competition, The Hague wants to increase its resilience and stimulate its suppliers to continuously be in top digital condition, so that peace and security can be guaranteed.
The Standoff 2021 is taking place this week May 18-21, in conjunction with PHDays (Positive Hack Days) – one of the top cybersecurity conferences in Europe that features the world's cutting edge in digital security every year. The Standoff is an online offensive/defensive competition in which defenders (blue teams) compete against attackers (red teams) to control the infrastructure of a simulated digital city.
Data breach and privacy incidents occur daily at organizations of all sizes. It happens all too frequently. And while it is obvious that breaches continue impacting hundreds of thousands of lives, legal and compliance teams are not always brought in to manage each breach. With increased focus from regulators and law enforcement agencies to ensure organizations fulfill their obligations for post-breach notifications, legal teams can help quickly coordinate internal processes, and take swift action to begin the process of remediating damage and initiate immediate legal steps to protect the enterprise, and comply fully with all regulatory obligations. Here, we talk to AJ Samuel, co-Founder and Chief Product Officer at Exterro, about the many benefits of retaining legal counsel, who can better protect the integrity and confidentiality of the incident response.
An individual is selling the data of 500 million LinkedIn profiles on a popular cybercriminal forum, according to news reports. The leaked files contain information about the LinkedIn users whose data has been allegedly scraped by the threat actor, including their full names, email addresses, phone numbers, workplace information, and more, according to CyberNews.
Group-IB, a threat hunting and adversary-centric cyber intelligence company, discovered that user data of the Swarmshop card shop have been leaked online on March 17, 2021. The database was posted on a different underground forum and contained 12,344 records of the card shop admins, sellers and buyers including their nicknames, hashed passwords, contact details, history of activity, and current balance.
The Pentagon’s Cyber Crime Center and bug bounty vendor HackerOne have launched the Defense Industrial Base Vulnerability Disclosure Program (DIB-VDP), an effort to share vulnerability data and boost digital hygiene within the defense industrial base. According to HackerOne, any information submitted to the DIB-VDP under this program will be used for defensive purposes – to mitigate or remediate vulnerabilities in DoD contractor information systems, networks, or applications.
Today, it seems like every few weeks, a new content provider launches an exclusive way to access entertainment. In the last year alone, we saw the introduction of Disney+, Peacock, HBO Max, and others. This is good news for consumers who want exclusive access to content, good news for broadcasters who can charge a premium for access, and especially good news for hackers. Yep, hackers. Streaming services are an enticing target for cybercriminals who use malicious bots to grab your customer’s account information and then sell or even use it themselves to access other services.
Bloomberg has reported that a group of hackers have breached a database containing security camera feeds collected by Verkada Inc., a Silicon Valley startup. The database includes live feeds of 150,000 surveillance cameras inside hospitals, organizations, police departments, prisons and schools.
Researchers from the Counter Threat Unit (CTU) at Secureworks have discovered a possible link to China while examining how SolarWinds servers were used to deploy malware. According to Secureworks' new report, the authentication bypass vulnerability in SolarWinds Orion API, tracked as CVE-2020-10148, that can lead to remote execution of API commands, has been actively exploited by Spiral. When vulnerable servers are detected and exploited, a script capable of writing the SUPERNOVA web shell to disk is deployed using a PowerShell command.