RockYou2024: 10 billion Passwords Leaked in the Largest Compilation of All Time
Article Link: https://cybernews.com/security/rockyou2024-largest-password-compilation-leak
- The largest password compilation to date, called RockYou2024, surfaced July 4th, 2024, containing nearly 10 billion unique passwords. The significance of this leak is that it includes passwords from various old and new data breaches making it a goldmine for hackers.
- With so many passwords exposed, there’s a higher chance of credential stuffing attacks, where hackers use these passwords to break into the accounts.
- This isn’t the first time such a leak has happened. The previous sizable leak, RockYou2021, had 8.4 billion passwords. RockYou2024 has added 1.5 billion more passwords since then.
Google Targets Passkey Support to High-Risk Execs, Civil Society
Article Link: https://www.darkreading.com/endpoint-security/google-targets-passkey-support-high-risk-execs-civil-society
- Google has added passkey support to its Advanced Protection Program (APP), which is designed to protect high-risk individuals like executives, government employees, and civil society members. This allows them to use passkeys instead of traditional passwords for stronger security.
- Passkeys are a virtual form of security keys that use a private key stored on a device. Users can authenticate with a thumbprint, face scan, or PIN, making it easier and more secure than passwords
- This update helps those who can’t use hardware security keys, such as journalists in war zones or campaign staffers on tight budgets. It removes obstacles to accessing strong security.
- Google is partnering with Internews to provide security support to journalists and human rights workers in 10 countries, including Brazil, Mexico, and Poland.
Privacy & Concerns with AI Meeting Tools
Article Link: https://www.darkreading.com/vulnerabilities-threats/privacy-security-concerns-with-ai-meeting-tools
- Artificial Intelligence (AI) meeting assistants like Otter.ai and Microsoft 365 Copilot can boost productivity but pose significant privacy and security risks, potentially stifling candid conversations and innovation.
- Consent to record meeting attendees is crucial. Laws vary, with some states requiring all-party consent for recordings. One-party consent is a Federal standard and is followed by many states. Noncompliance can lead to legal consequences, including civil damages and penalties.
- Companies must establish comprehensive policies for AI assistant use, including consent requirements, data protection protocols, and continuous updates to address evolving technology and educate employees.
Europol Nukes Nearly 600 IP Addresses in Cobalt Strike Crackdown
Article Link: https://www.theregister.com/2024/07/04/europol_cobalt_strike_crackdown
- Europol led a week-long operation in late June to disrupt nearly 600 IP addresses supporting illegal copies of Cobalt Strike, a tool often misused by cybercriminals
- The operation involved law enforcement from multiple countries, including the UK, US, Australia, and Germany, and private sector partners like BAE Systems and Trellix.
- Over 690 IP addresses were flagged, with 593 taken down. This effort aimed to hinder cybercriminals’ use of Cobalt Strike, which is often used in ransomware and malware attacks.
- Despite the success, significant challenges remain, especially with cracked (stolen) versions of Cobalt Strike in countries like China, which hosts a large share of these illicit resources. The operation highlights the need for ongoing collaboration to combat cybercrime.
Smash-and-Grab Extortion
Article Link: https://thehackernews.com/2024/07/smash-and-grab-extortion.html
- The 2024 Attack Intelligence Report from Rapid7 is packed with information from over 1,500 curated vulnerability and exploit data points. It includes in-depth analysis of more than 180 major attack plans. This research is based on over 210 vulnerabilities disclosed since the end of 2019, including more than 60 exploited vulnerabilities from 2023 and early 2024.
- The report also emphasizes the growing complexity of Internet of Things (IoT) firmware, which is increasingly assembled from open-source components riddled with vulnerabilities. In 2023, more mass compromised events arose from zero-day vulnerabilities, with 53% of new widespread threat vulnerabilities exploited before fixes were available.
- Exploitation of network edge devices has nearly doubled since early 2023, with 36% of widely exploited vulnerabilities occurring in these technologies. Traditional patching methods are proving insufficient, highlighting the need for stronger solutions. Experts are calling for better isolation techniques to effectively mitigate these threats.
- Rapid7 tracked over 5,600 ransomware incidents in 2023 and early 2024, with a significant decrease (by more than half), from 95 new unique families in 2022 to 43 in 2023.
- Link to Rapid7’s Report: https://www.rapid7.com/blog/post/2024/05/21/rapid7-releases-the-2024-attack-intelligence-report/
Are SOC 2 Reports Sufficient for Vendor Risk Management?
Article Link: https://www.darkreading.com/cybersecurity-operations/are-soc-2-reports-sufficient-for-vendor-risk-management
- Businesses rely on third-party vendors, which are a source of risk for organizations. When vendors have been attacked, it has impacted their partner organizations.
- Many vendors use SOC 2 reports to show their commitment to security. These reports, developed by the AICPA, assess a service organization’s controls related to security, availability, processing integrity, confidentiality, and privacy.
- To effectively manage vendor risk, organizations should include SOC 2 reports along with other strategies like due diligence, security assessments, contractual agreements, and ongoing monitoring, to navigate vendor relationships with better assurance and resilience.
Advance Auto parts: 2.3m People’s Data Accessed When Crims Broke into Our Snowflake Account
Article Link: https://www.theregister.com/2024/07/11/advance_auto_parts_confirms_23
- Advance Auto Parts revealed that 2.3 million individuals’ data was accessed by cyber criminals, including sensitive information like social security numbers and driver’s license details.
- The breach occurred through the company’s Snowflake instance between April 14 and May 24, 2024. The attacker, known as Sp1d3r, accessed and stored data as part of the company’s job application process.
- The incident accentuates the value of auditing remote access capabilities and implementing measures like multifactor authentication (MFA) to prevent unauthorized access.
- The breach involved data from job applications, emphasizing the need for proper data classification and retention policies to protect sensitive information and minimize exposure.
New Blast-RADIUS Attack Bypasses Widely Used RADIUS Authentication
Article Link: https://www.bleepingcomputer.com/news/security/new-blast-radius-attack-bypasses-widely-used-radius-authentication
- Blast-RADIUS is a new security vulnerability in RADIUS protocol. This flaw enables attackers to bypass security and gain access to network devices through man-in-the-middle MD5 collision attacks to trick the system into thinking they are authorized, allowing them to gain admin privileges without needing user credentials.
- Many organizations within the telecommunications industry leverage RADIUS. As such, the Blast-RADIUS vulnerability is a significant risk and could potentially impact many networks and endpoints.
- Vendors and network operators are responsible for mitigating the attack since end-user credentials are not compromised.
Software Supply Chain Still Dangerous Despite a Slew of Efforts
Article Link: https://www.csoonline.com/article/2515198/software-supply-chain-still-dangerous-despite-new-protections.html
- Despite numerous efforts and recent incidents highlighting risks, securing the software supply chain remains difficult. The White House’s comprehensive cybersecurity executive order aims to improve this, introducing new tools, standards, and guidelines from various agencies.
- The executive order also mandated the publication of minimum elements for a Software Bill of Materials (SBOM), an “ingredients list” for software components. However, experts suggest that the development of SBOMs is still in its early stages and should be a lower priority compared to other critical tasks such as creating and updating software asset inventories.
- Challenges include the vastness of the software supply chain, lack of clear definitions, and difficulties in managing open-source software. Cybersecurity professionals emphasize the need for better collaboration and shared definitions.
- Link to President Biden’s Executive Order: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity
