Another week in the cyber world has passed, and there have been hundreds of phishing attacks and data breaches. The following news headlines testify to the growing need to adopt anti-phishing protection for home and office systems
Hackers Use Credential Stuffing To Compromise Spotify Accounts
In recent research by vpnMentor, a database with more than 380 million Spotify users‘ records has been discovered. It is believed that the adversaries have used credential stuffing to decrypt weak or recycled passwords.
Research further revealed that the leaked database belonged to a third-party who stored Spotify login credentials. The exposed details include the PII and login credentials of Spotify users. All those who think they might have been victims of this breach must immediately change their passwords to something substantial and unique. Healthy password habits are one of the most effective measures to prevent phishing attacks.
Data Breach At Peatix
Popular event organizing platform Peatix recently underwent a data breach which has exposed the personal information of over 4.2 million Peatix users. The adversaries used Instagram and Telegram ads and hacking forums to leak this multitude of user data stored on the systems of Peatix.
The compromised data included the names, usernames, email addresses, and hashed passwords of users; no financial information was compromised in the attack. Peatix is in the process of informing all affected users about the breach. They have also conducted investigations and traced the vulnerability leading to the attack. The security flaw is now fixed, and Peatix has adopted anti-phishing solutions to prevent such an attack in the future.
Ransomware Hits Banijay Group
The French Entertainment Company Banijay Group, which produces television shows such as Fear Factor, Keeping up with the Kardashians, Mr. Bean, The Island with Bear Grylls, and LEGO Masters, recently underwent a ransomware attack. The adversaries compromised their employees’ financial and personal details and demanded a huge ransom for the decryption key.
The attackers targeted the Endemol Shine Group (the latest acquisition of the Banijay Group) and accessed other networks using Endemol’s database. On its part, Banijay Group has informed the UK and Netherlands law enforcement and adopted necessary measures for protection from phishing attacks. However, it is uncertain whether they will pay the ransom or resist the threats from the adversaries.
Baidu Search Box Makes A Comeback
Security researchers at Palo Alto Networks discovered a data collection code in the Baidu Push SDK, responsible for showing notifications in Baidu Search Box and Baidu Maps. Resultantly, the two Android apps were removed from Google Play Store last month. In its defense, Baidu said that though information such as users’ MAC address, phone model, IMSI number, or carrier information is collected, it is never without a user’s permission. The two Baidu apps were removed from the Play Store because of some unspecified violations and not because of its data collection code.
Baidu has been working on its security flaws and taking measures for protection against phishing. The Baidu Search Box app has already made its comeback to Play Store, and they hope to do the same for Baidu Maps. The issue may seem to have been fixed, but malicious actors often misuse data collected by SDKs. Sensitive information is collected by several apps today, but its impact on users poses a big question!
Cyberattack Hits Ritzau News Agency
Ritzau news agency has been providing the Danish media companies and organizations with text, photos, information, and news since 1866. It is the most significant news agency in Denmark and was unfortunately hit by a cyberattack on 24th November. The attack which brought down the systems at Ritzau is said to be a ‘professional attack’ by its CEO Lars Vesterloekke.
Ritzau has shut down all their servers, email, and telephones to ensure phishing attack prevention and damage control. The attackers remain unidentified, and the servers of Ritzau are not operating again either. News is now being sent through an emergency email system.
Belden Loses Confidential Details to Data Breach
Popular specialty networking solutions provider Belden underwent a serious cyberattack recently, which has compromised sensitive data related to its present and former employees and business partners.
The organization had detected suspicious activity on some of its servers and deployed third-party forensic experts to investigate the issue. The research revealed that the adversaries had accessed and compromised some of Belden’s file servers. The good news is that Belden’s manufacturing plants and quality control or shipping units remain unaffected by the security incident.
The compromised data includes the names, DOBs, addresses, social security or national insurance numbers, email ID, bank details of North American employees, etc. Besides, business partner details such as bank information and taxpayer ID numbers were exposed. Belden was following the phishing prevention best practices and locked the adversaries out of its network. It is informing all affected employees and business partners about the incident and offering free credit monitoring and support services wherever possible.
Illinois Valley Community College Sends Data Breach Notifications
Exemplifying the saying, “Precaution is better than cure,” the Illinois Valley Community College (IVCC) is sending out over 160,000 notifications to present and former students, faculty members, and applicants regarding a data breach that hit its servers back in April. Although the college isn’t sure which parts of their systems were affected by the attack or the nature of the data compromised, they are taking ‘an abundance of caution.’
As part of its phishing protection strategy, IVCC has hired the risk prevention firm Kroll to provide free credit and identity monitoring, identity theft restoration, and fraud consultation services to victims. So far, 750 people have signed up for the free security service (details elaborated in the notification letter). The IVCC believes that it is better prepared now to handle security issues with its proactive cybersecurity strategies.
Beware Of Zoom Thanksgiving Invites
With the holiday season, cyber defenses remain off-guard, which enables the adversaries to launch sophisticated cyberattacks. The latest in line is Zoom invites asking people to join a ‘Thanksgiving Meeting.’ Once a user clicks on the meeting link, they are redirected to a spoofed Microsoft login page that makes the user give out their email address and password. More than 3,600 unique user credentials (IP addresses, email addresses, and passwords, geographic location) have already been compromised this Thanksgiving.
The numbers will keep increasing if people don’t think twice before giving away their email credentials to a Zoom Meeting. Reaching the Microsoft landing page while joining the meeting with the link should bring back all the phishing prevention tips we’ve come across time and again because Zoom invite links are supposed to open the app and not lead you to another webpage!