Billions of stolen passwords, cybersecurity regulations even trickier, Apple removes popular apps
Subscribe to Cyber Security Headlines podcast
Spotify, Apple Podcasts, RSS link, add as an Alexa Skill, or search "Cyber Security Headlines" on your favorite podcast app.
In today’s cybersecurity news…
Record-breaking 10 billion stolen passwords exposed
It appears to be the largest collection of stolen and leaked credentials ever seen on the crime marketplace BreachForums. Security researchers from Cybernews report that a hacker named “ObamaCare” has allegedly posted a database of almost 10 billion unique passwords, gathered from multiple breaches and hacks over the years. However, there are some doubts about the value of the data, according to Forbes sources much of the data is being described as “garbage” and unlikely to be useful to any adversary. Cybernews researchers responded to these claims, emphasizing their goal is to make the public aware of potential risks, rather than verifying the entire dataset or facilitating its use by threat actors.
Supreme court ruling makes cybersecurity regulations even trickier
Late last month the Supreme Court struck down a legal principle known as the Chevron Doctrine, this decision means courts no longer need to defer to federal agencies’ expertise on regulatory matters, including those related to cybersecurity. Why is this a big deal? Cybersecurity regulations issued by agencies like the SEC, FDA, and DHS could face increased legal challenges and potential invalidation by courts. According to Security Week this could lead more companies to appeal agency decisions, and well-funded companies to treat US regulations in the same way they treat EU regulations: masses of paperwork, dozens of lawyers, and appeal after appeal.?
Apple removes popular apps at Russia’s request
Apple has removed 25 VPN apps from the Russian App Store at the request of Roskomnadzor, Russia’s telecommunications watchdog, targeting apps like NordVPN and Proton VPN that access content deemed illegal in Russia. The watchdog group confirmed the removals, emphasizing the apps’ role in bypassing content restrictions. Apple informed the affected VPN vendors that their apps were removed due to non-compliance with Russian laws but remain available in other regions..?
Top threats facing NATO ahead of major milestone?
Ahead of NATO’s 75th anniversary, analysts at Mandiant have outlined the greatest threats facing the organization and its allied countries. According to Mandiant Intelligence chief analyst John Hultquist, the primary adversaries remain Russia and China. The main threat actors identified include Russia’s APT29, COLDRIVER, and APT44, focusing on espionage, disinformation, and disruptive cyberattacks. China’s espionage efforts have become more stealthy, targeting government, military, and economic entities within NATO using sophisticated techniques like zero-day exploits and operational relay box (ORB) networks. Disinformation and hacktivism are increasing, with groups exploiting geopolitical tensions to undermine NATO’s stability and security.
领英推荐
Huge thanks to our sponsor, Entro Security
Philippines health insurance company fails to notify 42 million?
Philippine lawmakers are scrutinizing the Philippine Health Insurance Corporation (PhilHealth) for failing to notify over 42 million people about a data breach during a ransomware attack last fall. A representative from the health insurance company confirmed the organization has not complied with legal requirements to inform victims about the stolen data. Despite initial claims that no personal information was leaked, the government later confirmed that the data of 8.5 million senior citizens was stolen, with a portal created in April showing the breach affected over 42 million individuals.
Another German university victim of “serious attack”
Frankfurt University was forced to shut down all its IT systems on Monday after a “serious hacker attack” over the weekend. The attack targeted the applied sciences department and is the latest in a series of attacks affecting German universities, particularly those specializing in applied sciences. Despite proactive security measures, the criminals gained access to parts of the university’s IT infrastructure, causing significant disruptions. These disruptions have affected daily university operations, including shutting down building elevators, enrollment capabilities, and external communication via email or calls.
31 million potentially exploited in Neiman Marcus attack?
Have I Been Pwned founder Troy Hunt reports that 31 million customer email addresses were compromised in a recent breach, while Neiman Marcus has filed a report with a much lower number. The luxury department store reports an attack on the company in May impacted over 64,000 people, exposing names, contact information, partial credit card, and Social Security numbers. However, Hunt’s analysis claims that more than 31 million email addresses were actually affected; he plans to notify those individuals who are subscribers through his website. A spokesperson for Neiman Marcus declined to comment on the new findings and referred to the data security notification on the company’s website when asked by BleepingComputer.
35,000 Ethereum users targeted in phishing attack
A threat actor gained access to the Ethereum Foundation’s mailing list platform, sending over 35,000 phishing emails from a legitimate email address, [email protected]. The Ethereum Foundation, a non-profit organization supporting Ethereum blockchain, reports? that the phishing emails promoted a scam linked to Lido and directed recipients to a malicious site designed to drain cryptocurrency wallets. While nearly 4,000 email addresses were exported and used in the phishing campaign, the foundation’s initial report suggests no funds were lost.
Passionate about Data Alchemy | AI Enthusiasm | Technical Problem Solving | Office Automation | Lifelong Learning | Driven by curiosity.
7 个月agreed even consider add on vpn access everytime connect to internet