This week’s Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Brett Conlon, CISO, American Century Investments
Missed the live show? Watch it on YouTube
Cyber Security Headlines – Week in Review is live every Friday at 12:30pm PT/3:30pm ET. Join us each week by registering for the open discussion at CISOSeries.com
123456 tops the list of most popular passwords again
NordPass, maker of a password manager and sister company of NordVPN, has announced its list of the 200 most common passwords and the results are disappointing. In this sixth year of publishing its list derived from a 2.5TB database of passwords, personal and professional, from around the world, including on the dark web, comes to a single conclusion: people are really bad at choosing hard-to-crack passwords. The list contains variations on the 123456 theme and the qwerty theme as well as single word passwords like “password” and “secret,” all of which can be cracked in less than a second. “The personal and corporate passwords analyzed by NordPass were stolen by malware or exposed in data breaches. In most cases, the email addresses were leaked along with the passwords, helping NordPass determine which ones were for personal use and which ones were for business use.” The company says there really hasn’t been any improvement over these six years. A link to the NordPass report is available in the show notes to this episode.
(NordPass)
Secure-by-design hits 6-month mark, progress being made
In an interview with Recorded Future News, Jack Cable, a senior technical adviser at CISA who has been championing the effort, says 248 companies signed the pledge, and most are taking it seriously. Secure-by-design includes a pledge from software companies to the Biden administration and their own customers that they would “adopt seven key digital security practices within a year.” Cable says he is seeing “significant impacts across the internet ecosystem,” and that the progress has exceeded expectations.” He has pointed out “Microsoft’s expansion of multi-factor authentication, Google’s improvements to secure code development and Fortinet’s new requirement that customers receive automatic security updates” as examples.
DNA firm holding highly sensitive data vanishes without warning
Atlas Biomed is a company based in London, England, and which offered to provide insights into people’s genetic makeup and predisposition to certain illnesses. It has recently ceased operations “without telling its customers what has happened to the highly sensitive data they shared with it.” All activity, including on social media has ceased and its London office stands empty. The company has links to Russia. It used to have 8 official positions, although according to the BBC, four of its officers have resigned, and the two apparently remaining officers are listed at the same address in Moscow – as is a Russian billionaire, who is described as a now resigned director.
(BBC News)
Huge thanks to our sponsor, ThreatLocker
To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com.
Surge in zero-day vulnerability exploits is new normal, says Five Eyes
This warning comes from the Five Eyes intelligence alliance (the U.S., U.K., Australia, Canada and New Zealand), stating that, contrary to previous years in which malicious cyber actors were exploiting older software vulnerabilities, the tide has turned to zero-days with Citrix’s networking product NetScalers being the most widely used. Their report also mentions a critical vulnerability affecting Cisco routers, another in Fortinet VPN equipment and one affecting the MOVEit file transfer tool that was widely exploited by the Clop ransomware gang.
(The Record and CISA)
Amazon leaker claims to be an ethical hacker
Last week, 2.8 million lines of Amazon employee data were posted on a dark web forum by someone with the moniker “Nam3L3ss.” They claimed to have obtained information on dozens of companies through the MOVEit file transfer exploit. Researchers at Hudson Rock verified this data, including organizations like Lenovo, Delta, HSNC, and Chares Schwab. This includes names, organization roles, contact information, and department assignments primarily used for social engineering. Nam3L3ss claimed they took this action as an ethical hacker, not obtaining the data with fake credentials and only scraping what was publically available. They said they published the data to raise awareness of the need to encrypt PII data at these organizations and not to hide behind blaming third parties for leaked data. They also told researchers that more data would be revealed in the coming days.
Strela Stealer malware reappears in Spain, Germany, Ukraine
A group known as Hive0145 has been infecting targets with Strela Stealer malware delivered through phishing emails disguised as legitimate invoice notifications. What is worthy of note in this situation is that according to researchers at IBM X-Force, whereas the group initially relied on fake invoices and receipts sent from fabricated accounts, they have recently begun “weaponizing stolen emails from real entities in the financial, technology, manufacturing, media, e-commerce and other sectors. It is believed by the researchers that Hive0145 is believed to be the tool’s sole operator.