CyberSecure Specialist

23 Dec

BetMGM Confirms Breach as Hackers Offer to Sell Data of 1.5 Million Customers

Information, News

MGM Resorts-owned online sports betting company BetMGM confirmed suffering a data breach the same day hackers offered to sell a database containing the information of 1.5 million BetMGM customers. In a statement posted on its website on December 21, BetMGM said “patron records were obtained in an unauthorized manner”. The company said the compromised information includes name, email address, postal address, phone number, date of birth, hashed Social Security number, account identifier, and information related…

Read More
23 Dec

China’s ByteDance Admits Using TikTok Data to Track Journalists

Information, News

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source of leaks to the media, the company admitted Friday. TikTok has gone to great lengths to convince customers and governments of major markets like the United States that users’ data privacy is protected and that it poses no threat to national security. But parent company ByteDance told AFP on Friday that…

Read More
22 Dec

Zerobot Botnet Emerges as a Growing Threat with New Exploits and Capabilities

Attacks, Malware

The main methods that Zerobot uses to infect a system, via brute-force or vulnerability exploitation, can easily be prevented by following a few recommended steps. The first recommendation would be to make sure all devices on a network are up-to-date on their patches, particularly any Internet-facing devices. The threat actors rely on devices remaining unpatched to infect systems and grow their botnet, so by making sure all devices are up-to-date and not vulnerable, an organization…

Read More
22 Dec

FIN7 Cybercrime Syndicate Emerges as Major Player in Ransomware Landscape

Attacks, Malware

To protect against ransomware attacks, organizations should: • Regularly back up data, air gap, and password protect backup copies offline.• Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.• Implement network segmentation.• Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location• Install updates/patch operating systems, software, and firmware as soon…

Read More
22 Dec

The Guardian Media Group Hit by Ransomware Attack

Attacks, Malware

Companies looking to defend against ransomware should consider adopting a defense-in-depth strategy. Network segmentation, backups, regular patching, and vulnerability assessments are just a few of the measures that should be taken when attempting to lessen the likelihood of an attack. Promoting healthy cyber habits within a company is also crucial. https://www.infosecurity-magazine.com/news/ransomware-attack-guardian

Read More
22 Dec

‘Tis the season for gaming: Keeping children safe (and parents sane)

Information

It’s all fun and games over the holidays, but is your young gamer safe from the darker side of the action? As Christmas draws nearer, parents are handling a barrage of requests from their kids for the latest gaming titles and consoles. Despite gathering macro-economic headwinds, US consumers are set to increase their total retail spending by around 7% year-on-year this holiday season, and by 3.5% on electronics. But while several weeks of uninterrupted gaming…

Read More
22 Dec

“Suspicious login” scammers up their game – take care at Christmas

Information

by Paul Ducklin Black Friday is behind us, that football thing they have every four years is done and dusted (congratulations – spoiler alert! – to Argentina), it’s the summer/winter solstice (delete as inapplicable)… …and no one wants to get locked out of their social media accounts, especially when it’s the time for sending and receiving seasonal greetings. So, even though we’ve written about this sort of phishing scam before, we thought we’d present a…

Read More
22 Dec

Zerobot IoT Botnet Adds More Exploits, DDoS Capabilities

Information, Malware, News

The recently detailed Internet of Things (IoT) botnet Zerobot has been updated with an expanded list of exploits and distributed denial-of-service (DDoS) capabilities. Initially detailed two weeks ago, Zerobot is a self-replicating and self-propagating piece of malware written in the Golang (Go) programming language, which can target twelve device architectures. Fortinet, which first warned of the threat’s capabilities, analyzed two variants of the malware, one of which contained exploits targeting 21 known vulnerabilities, including the…

Read More
22 Dec

How carding can affect your business

Attacks, Data Breaches

This article explains what carding is, how hackers can gain access to payment details and the effects carding cyber attacks can have on businesses. In the first six months of 2022, there were 230,937 credit card fraud reports filed in the US alone, highlighting the growth of carding as a threat vector This article will explore carding, how it operates and the devastating effects it can have on ecommerce businesses. Contents:  What is carding and…

Read More
22 Dec

How Marvel’s Avengers inspire Pinsent Masons CISO to adapt cybersecurity hiring

Data Breaches, Malware, Social Engineering

Cybersecurity’s ongoing battle with a “skills shortage” has seen the sector lose its way regarding talent hiring and retention, says Christian Toon, CISO at London-based law firm Pinsent Masons. In an industry crying out for diversity and innovation, this year’s number one UK CSO 30 Awards winner says he takes inspiration from the Marvel Comics universe to challenge traditional HR approaches and more effectively recruit and keep security talent. “We have what some describe as…

Read More