The hacker community is broad and no member is the same. Their styles, motivations and tactics differ so much that it’s almost impossible to tell who hacked what – unless they want you to know. When they become widely recognized, it almost goes entirely against the point of being a faceless hacker but some have gained notoriety and embraced it. Some may break into systems simply to entertain themselves and make a name in the community – some of these systems more than likely contain your online data. So remember to practice good cybersecurity: do not reuse passwords, always confirm whom you are sharing sensitive information with, and track where your digital identity may be exposed on HackNotice Personal for free HERE.

Share this post with your friends as a reminder to why their birth year should not be their password

Photo by Brina Blum on Unsplash

Hackers stole GitHub and GitLab OAuth tokens from Git analytics firm Waydev

Waydev, an analytics platform used by software companies, has disclosed a security breach earlier this month… The company says that hackers broke into its platform and stole GitHub and GitLab OAuth tokens from its internal database.

Hackers are resourceful and look for any way to break into a company in their sights – that includes entering via a third party your company does business with.

Photo by Mael BALLAND on Unsplash

Cybercriminal Maksim Yakubets is the hacker linked to Garmin outage

The leader of the cybercrime gang linked to Garmin’s massive service outage is a big-spending playboy hacker with an affinity for sports cars and alleged ties to the Russian government… Maksim Yakubets is the alleged ringleader of Evil Corp., the hacker group that reportedly claimed the smartwatch maker as its latest victim last week. The Moscow-based bloc is behind the WastedLocker ransomware that took out Garmin’s fitness-tracking platform for about four days before it was partially restored by Monday morning, according to news reports.

With ties to the Kremlin and a $5million bounty on him placed by the US State Department, putting a face to the large scale hack is the stuff of a Hollywood movie plot.

Photo by Aadesh Thapa on Unsplash

‘Free Julian Assange’: Trio of Idaho state websites taken over by hackers

Three Idaho government websites were hacked on Sunday evening to display a message calling for the release of imprisoned WikiLeaks founder Julian Assange. The Idaho State Parks and Recreation, STEM Action Center and personal protective equipment supply site homepages each displayed the same content: a black background with the text “Hacked by Ghost Squad Hackers” displayed in blue text. “Free Julian Assange! Journalism is not a crime!” reads a message displayed underneath a GIF of V, the Guy Fawkes mask-wearing vigilante from the 2005 film “V for Vendetta.”

Taking over state websites is one way to make a statement, showing the different uses hackers can make of account takeovers when they break into networks.

Photo by Pankaj Patel on Unsplash

Email is still a hacker’s wonderland, they could take or leave Slack

Email, similar to communication platforms, is a gateway to business data — especially now as companies globally are relying on digital communication. “Data moves in and out of controlled and uncontrolled areas of the network,” said Sherman. Employees are responsible for the majority of compromised incidents in enterprises, highlighting a need for change in how security is implemented. “When your device security solution indicates a high risk behavior, you know, access to certain enterprise resources should be reduced or temporarily blocked,” said Sherman.

With every new communication application, one has stood the test of time and shows no sign of going away: email.

Photo by Stephen Phillips – Hostreviews

Got An Email From A Hacker With Your Password? Do These 3 Things

The perpetrator will suggest that they are a successful hacker who has not only gained access to your computer but installed malware to record your activity, including taking control of your webcam. What’s more, to validate their hacking credentials, they will present you with a username and password that you will likely recognize as being one that you use. 

At any instant you can be hacked, and it can be shocking. But your first gut reaction may not be the right one.

Photo by Mick Haupt on Unsplash

Instacart blames reused passwords for account hacks, but customers are still without basic two-factor security

Online shopping service Instacart says reused passwords are to blame for a recent spate of account breaches, which saw personal data belonging to hundreds of thousands of Instacart customers stolen and put up for sale on the dark web. The company published a statement late on Thursday saying its investigation showed that Instacart “was not compromised or breached,” but pointed to credential stuffing, where hackers take lists of usernames and passwords stolen from other breached sites and brute-force their way into other accounts. “In this instance, it appears that third-party bad actors were able to use usernames and passwords that were compromised in previous data breaches of other websites and apps to login to some Instacart accounts,” the statement reads.

Apps like Instacart have been very useful during the pandemic.  Unfortunately they have been routinely targeted by hackers in their explosion of growth. We aren’t saying stop using these apps, just be aware of the security risks.

Photo by Markus Spiske on Unsplash

Blackbaud Pays Ransom Demand but How Much Damage is Done?

One of the last things that any nonprofit wants to do is tell donors that their personal information has been compromised, but that is the position many nonprofits around the country have found themselves in after Blackbaud – widely used by larger nonprofits in fundraising – was hacked.

There are two views on paying a hackers’ ransom: it invites the hackers to continue demanding more payments or it’s simply a cost of doing business. Either way, funds are being diverted from where they need to be.

 

Featured Photo by Markus Spiske on Unsplash


That’s this week’s roundup, showing that every industry benefits when good cybersecurity habits are followed. So wash your hands and keep your passwords secure. Thanks for reading, stay safe and we’ll see you next week!

Exclusive offer for Weekly Roundup readers. Get 30% off your first 3 months of HackNotice Premium with coupon code: summer30. Enter that code in the Premium Upgrade page before it expires quick!