Every industry is fair game for hackers. One mistake with any account information like reusing or sharing passwords and your organization can be shaken down for millions. So remember to practice good cybersecurity: do not reuse passwords, always confirm whom you are sharing sensitive information with, and be careful when clicking on suspicious links.
Share this post with your friends as a reminder to why “password” should not be their password.
The Russian government hackers who breached a top cybersecurity firm are behind a global espionage campaign that also compromised the Treasury and Commerce departments and other U.S. government agencies, according to people familiar with the matter. The group, known among private-sector security firms as APT29 or Cozy Bear, also hacked the State Department and the White House during the Obama administration. All of the organizations were breached through a network management system called Solar Winds, according to three people familiar with the matter, who spoke on condition of anonymity because of the issue’s sensitivity. Solar Winds could not immediately be reached for comment.
Known as mobile device forensic tools (MDFTs), this type of tech is able to siphon text messages, photos, and application data from student’s devices. Together, the districts encompass hundreds of schools, potentially exposing hundreds of thousands of students to invasive cell phone searches. The term “mobile device forensics” can mean many things, but the type of devices and software seemingly being purchased by schools were designed for one primary purpose: satisfying police, security, and intelligence agencies’ desire for quick and easy extraction of data from phones, tablets, and other handheld devices.
Think sensitive information about you or your business has landed into the hands of hackers? If you suspect your information has been part of a data leak, use HackNotice Instant Check for free and see if your data is being shared by hackers. Simply click HERE and enter the information you want checked.
Dental Care Alliance discovered on October 11 that it had been the victim of a hack that began on September 18, 2020. The company, which is headquartered in Sarasota, Florida, was able to contain the attack by October 13. Patient data that may have been accessed in the security incident included names, addresses, dental diagnosis and treatment information, patient account numbers, billing information, bank account numbers, the name of the patient’s dentist, and health insurance information.
For those unfamiliar, click farms are operations where low-paid workers, usually in developing countries without strict data regulations, are paid to click on links and interact with users online either to earn income through advertising or to inflate a person’s following on a social network. The vpnMentor research team, led by Noam Rotem and Ran Lucar, came across this new click farm after uncovering a command and control (C&C) server that contained data for tens of thousands of Instagram profiles including usernames and passwords, proxy IP addresses, email addresses connected to the accounts, SMS verification codes and phone numbers used in the operation.
In July 2020, Ledger suffered a data breach after a website vulnerability allowed threat actors to access customers’ contact details. At the time of the breach, Ledger stated that they emailed the affected 9,500 customers and provided a dedicated email that can be used for more information about the attack. Starting in October 2020, Ledger users began receiving fake emails about a new data breach from Ledger. The email stated that the user was affected by the breach and that they should install the latest version of Ledger Live to secure their assets with a new pin.
That’s this week’s roundup, showing that every industry benefits when good cybersecurity habits are followed. So wash your hands and keep your passwords secure. Thanks for reading, stay safe and we’ll see you next week!