Every industry is fair game for hackers. One mistake with any account information like reusing or sharing passwords and your organization can be shaken down for millions. So remember to practice good cybersecurity: do not reuse passwords, always confirm whom you are sharing sensitive information with, and be careful when clicking on suspicious links.
Share this post with your friends as a reminder to why “password” should not be their password. Subscribe HERE to receive HackNotice content directly to your inbox!
Photo by Erik Mclean on Unsplash
The attack took place on Monday, November 16, and the ransomware impacted the company’s public-facing web hosting systems, resulting in some customer sites having their data encrypted. Managed.com said the incident only impacted a limited number of customer sites, which the company said it immediately took offline. But hours after the attack, Managed.com said it also took down its entire web hosting infrastructure, which the company is now working to restore.
Cryptocurrency exchange, Liquid confirmed today that a security breach happened on 13 November and as a result, a malicious actor was able to obtain sensitive information from the company’s database. The data may include the name, email and encrypted passwords of the users. In an official announcement, Mike Kayamori, CEO of Liquid, addressed the customers and informed them about the nature of the attack. Kayamori outlined that there is an increased risk of identity theft and users may experience spam emails and phishing attempts. While mentioning the details about the recent breach, Kayamori said: “A domain name hosting provider that manages one of our core domain names incorrectly transferred control of the account and domain to a malicious actor. This gave the actor the ability to change DNS records and in turn, take control of a number of internal email accounts. In due course, the malicious actor was able to partially compromise our infrastructure, and gain access to document storage.”
Think sensitive information about you or your business has landed into the hands of hackers? If you suspect your information has been part of a data leak, use HackNotice Instant Check
for free and see if your data is being shared by hackers. Simply click HERE
and enter the information you want checked.
A new report detailing how a database containing over 380 million records, including login credentials, is actively used to hack into Spotify accounts may shed some light on these account breaches. A common attack used to hack into accounts is called a credential stuffing attack, which is when threat actors make use of large collections of username/password combinations that were leaked in previous security breaches to gain access to user accounts on other online platforms.
Discovered by Natalie Silvanovich of Google’s Project Zero bug hunting team, the vulnerability, which is now patched, could have been exploited on Messenger for Android if an attacker simultaneously called a target and sent them a specially crafted, invisible message to trigger the attack. From there, the hacker would start hearing audio from the victim’s end of the call, even if they didn’t answer, for however long it rang. The bug bears some similarities to one Apple scrambled to patch last year in FaceTime group calls.
Akropolis has offered the hacker who stole $2 million in Dai cryptocurrency a “bug bounty” reward in return for the missing funds. In an open letter published on Medium, the cryptocurrency “community economy” platform proposed a $200,000 “reward” for the threat actor’s cooperation.
That’s this week’s roundup, showing that every industry benefits when good cybersecurity habits are followed. So wash your hands and keep your passwords secure. Thanks for reading, stay safe and we’ll see you next week!
Exclusive offer for Weekly Roundup readers. Get 30% off your first 3 months of HackNotice Premium with coupon code: fall30. Enter that code in the Premium Upgrade page before it expires quick!