Since Digital Shadows published its first report last year, Initial Access Brokers: An Excess of Access, the company has continued to closely monitor the IAB criminal category. Where it tracked roughly 500 IAB listings in all of 2020, already in 2021 it has found some 200 new listings published by IABs in cybercriminal forums and other dark web sources in just Q1.
Cybercriminals continue to exploit unpatched Microsoft Exchange servers. Cybersecurity researchers at Sophos report an unknown attacked has been attempting to leverage the ProxyLogon exploit to unload malicious Monero cryptominer onto Exchange servers, with the payload being hosted on a compromised Exchange server.
Recently, TalentLMS partnered with Kenna Security to survey 1,200 employees on their cybersecurity habits, knowledge of best practices, and ability to recognize security threats. Here are some of the staggering results that offer some explanation as to why cybercrime has grown into such a lucrative business:
The National Cybersecurity Alliance and the Identity Defined Security Alliance (IDSA), present the first ‘Identity Management Day,’ an annual awareness event which will take place on the second Tuesday in April each year. The inaugural Identity Management Day will be held on April 13, 2021.
Recently, an SQL database containing data of 1.3 million Clubhouse users was posted on a hacker forum for anyone to access. The data included names, user IDs, social media profile names and other details about clubhouse users.
In recognition of National Supply Chain Integrity Month, the Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence (ODNI), the Department of Defense, and other government and industry partners to promote a call to action for a unified effort by organizations across the country to strengthen global supply chains.
An individual is selling the data of 500 million LinkedIn profiles on a popular cybercriminal forum, according to news reports. The leaked files contain information about the LinkedIn users whose data has been allegedly scraped by the threat actor, including their full names, email addresses, phone numbers, workplace information, and more, according to CyberNews.
Apricorn announced new findings from the Apricorn 2021 Global IT Security Survey, which found that, in some instances, respondents have placed unwarranted trust in their employees, household members and third-party vendors. More than 400 IT security practitioners across North America and Europe responded to questions about security practices and policies during remote working conditions over the past 12 months. The findings show that IT security professionals are concerned about the cyber risks brought about by remote work, with 75% putting COVID-centric policies in place, including use of two factor authentication (48%) and encryption of sensitive data (41%).
Many lessons were learned in enterprise IT and security teams in 2020, right down to the final weeks of the year with the SolarWinds attack. We closed out a miserable year with a devastating reminder about the danger of third party access and supply chain attacks.
RSS
