"The Most Popular IT Admin Password Is Totally Depressing"

"The Most Popular IT Admin Password Is Totally Depressing"

The analysis of over 1.8 million pages identified as admin portals found that 40,000 of them used "admin" as its password, making it the most common credential used by Information Technology (IT) administrators. Between January and September of 2023, a team of researchers with Outpost24 analyzed passwords and discovered an increased dependence on default passwords. This article continues to discuss the top passwords discovered by the analysis. 

Submitted by Gregory Rigby on

"BlackCat Ransomware Uses New 'Munchkin' Linux VM in Stealthy Attacks"

"BlackCat Ransomware Uses New 'Munchkin' Linux VM in Stealthy Attacks"

The BlackCat/ALPHV ransomware operation is now applying a new tool named Munchkin, which uses Virtual Machines (VMs) to stealthily launch encryptors on network devices. Munchkin allows BlackCat to execute on remote systems or encrypt Server Message Block (SMB) or Common Internet File (CIFS) network shares. Adding Munchkin to BlackCat's extensive and sophisticated arsenal makes the Ransomware-as-a-Service (RaaS) more appealing to cybercriminals seeking to work with the ransomware.

Submitted by Gregory Rigby on

"QR Codes Used in 22% of Phishing Attacks"

"QR Codes Used in 22% of Phishing Attacks"

A new study called the "Hoxhunt Challenge" has unveiled alarming trends in employee susceptibility to phishing attacks, emphasizing the critical role of engagement in reducing human risk.  The study was conducted in 38 organizations across nine industries and 125 countries and revealed that 22% of phishing attacks in the first weeks of October 2023 used QR codes to deliver malicious payloads.  The challenge categorized employee responses into three groups: success, miss, and click/scan.

Submitted by Adam Ekwall on

"DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals"

"DarkGate Malware Campaigns Linked to Vietnam-Based Cybercriminals"

Security researchers at WithSecure believe that Vietnam-based cybercriminals are behind attacks using DarkGate malware, which have targeted organizations in the UK, US, and India since 2018.  The researchers have tracked these attacks to an active cluster of cybercriminals using the Ducktail infostealer, which has been used in recent campaigns targeting Meta business accounts.  The researchers noted that the DarkGate and Ducktail campaigns have been linked based on observed non-technical indicators.  These include lure files, themes, targeting, and delivery methods.

Submitted by Adam Ekwall on

"Project Will Protect Researchers' Open-Source Software Worldwide"

"Project Will Protect Researchers' Open-Source Software Worldwide"

Researchers at Indiana University are working on a project to protect the open-source software used by institutions worldwide to collaborate and share study findings. According to Sagar Samtani, an assistant professor of operations and decision technologies and a Weimer Faculty Fellow at the Indiana University Kelley School of Business, who is co-principal investigator on the project, federally funded scientific cyberinfrastructure has sped up innovative scientific discoveries.

Submitted by Gregory Rigby on

"Microsoft Found Users Can Trick GPT-4 Into Releasing Biased Results and Leaking Private Information"

"Microsoft Found Users Can Trick GPT-4 Into Releasing Biased Results and Leaking Private Information"

According to research backed by Microsoft, OpenAI's GPT-4 Large Language Model (LLM) might be more trustworthy than GPT-3.5, but also more vulnerable to jailbreaking and bias. The paper by a team of researchers from the University of Illinois Urbana-Champaign, Stanford University, University of California, Berkeley, the Center for AI Safety, and Microsoft Research gave GPT-4 a higher score for trustworthiness than its predecessor.

Submitted by Gregory Rigby on

"Organizations Admit Employee Use of AI Is a Risk They Aren't Prepared For"

"Organizations Admit Employee Use of AI Is a Risk They Aren't Prepared For"

According to a Riskonnect survey of 300 professionals on the top internal threats to businesses in 2023, most risk and compliance professionals believe that employee use of generative Artificial Intelligence (AI) poses a threat to business, and less than 10 percent of companies are prepared to mitigate internal threats associated with the emerging technology. However, the top four risks identified by survey respondents did not include AI. These included talent shortages and layoffs, the risk of a recession, ransomware and security breaches, and state-sponsored cyberattacks.

Submitted by Gregory Rigby on

"Most Organizations Globally Have Implemented Zero Trust"

"Most Organizations Globally Have Implemented Zero Trust"

According to Okta's 2023 State of Zero Trust report, the percentage of organizations implementing a zero trust initiative has nearly tripled in the past three years, from 24 percent in 2021 to 61 percent in 2023. Companies with between 5,000 and 9,999 employees are likelier than those with 500 to 999 employees to have implemented zero trust. The report is based on a survey of 860 information security decision-makers from the US, Canada, Denmark, Finland, France, Germany, Ireland, Norway, Japan, Australia, and other countries.

Submitted by Gregory Rigby on

"HR Topics Used the Most as Attack Method in Phishing Attacks"

"HR Topics Used the Most as Attack Method in Phishing Attacks"

According to findings from KnowBe4's research, Human Resources (HR)-related topics are the most commonly used by hackers to facilitate phishing attacks. The strategy is not new, but it consistently results in successful attacks. Email phishing is still widely used by cybercriminals as it is still significantly effective. In the third quarter of this year, slightly more than half of phishing emails contained an HR-related subject line regarding dress code changes, training arrangements, and vacation updates.

Submitted by Gregory Rigby on

"NSA Shares Recommendations to Advance Device Security Within a Zero Trust Framework"

"NSA Shares Recommendations to Advance Device Security Within a Zero Trust Framework"

The National Security Agency (NSA) has published a Cybersecurity Information Sheet (CSI) to help federal agencies, partners, and organizations assess devices within their systems and respond more effectively to threats. Transitioning to a zero trust security framework improves defenders' ability to protect sensitive data, systems, applications, and services from nation-state actors and malicious actors.

Submitted by Gregory Rigby on
Subscribe to