Weekly #cybersecurity digest to your inbox

Netflix warned to step up after dormant credentials were hijacked by hackers

NETFLIX cordcutter-cutters are demanding answers after it emerged that some former users' accounts were being reactivated by criminals. An investigation by Auntie Beeb's You and Yours programme found that if someone finds a dormant Netflix account and is able to get into it, the provided bank details from the subscription are still listed, meaning that all the hacker has to do is start watching, whilst the original customer pays. Plus, of course, if the criminal then changes the password, then that's it, the account is locked out for the legitimate account holder. In order to give leavers an easy way of rejoining the service, accounts that are deactivated have all their details, including bank account info, stored for ten months from the date of leaving, unless the customer specifically asks Netflix to delete them sooner. For its part, Netflix has made a number of appropriate purring noises and advises anyone who notices unusual or unauthorised use of their account, or erroneous charges, to contact customer service immediately.

Go to article at

15.5.2020

Password Attacks

Cloud-based collaboration tools are a major driver of data exfiltration

Cloud-based collaboration technologies and workforce turnover have become major drivers of data exfiltration as insider threat programs fail to keep pace with today’s digital workplace, a Code42 survey reveals. Nearly 5,000 knowledge workers at companies with more than 1,000 employees in the U.S., U.K. and Germany were surveyed. “When it comes to data loss, leak and theft, for too many companies, the inside is their blindside,” said Joe Payne, Code42’s president and CEO. “Insider threat … More → The post Cloud-based collaboration tools are a major driver of data exfiltration appeared first on Help Net Security.

Go to article at

15.5.2020

Insider Attacks

Faking fingerprints — doable, but hard

Researchers found a way to create fake fingerprints to fool many devices, although it took a lot of effort.

Go to article at

15.5.2020

Outdated Access Rights

MITRE ATT&CK: Endpoint denial of service

Introduction Denial-of-Service (DoS) attacks have been around since the 1970s, and they can be downright paralyzing to an organization. Not only does it shut down the ability to use a targeted... Go on to the site to read the full article The post MITRE ATT&CK: Endpoint denial of service appeared first on Security Boulevard.

Go to article at

15.5.2020

Denial-of-Service Attacks

Travelex Being Held To Ransom By Hackers

Go to article at

15.5.2020

Ransomware

Microsoft Edge is now 2nd most popular desktop browser, beats Firefox

The Microsoft Edge browser is now being used by more people than Mozilla Firefox making it the 2nd most popular desktop browser. [...]

Go to article at

15.5.2020

CyberNow

Ransomware Attacks Are Causing Cyber Insurance Rates to Go Through the Roof; Premiums up as Much as 25 Percent

Ransomware attacks are causing a spike in cyber insurance rates as insurers need to cover ransom amount and recovery costs if hackers fail to make good on unlocking the compromised systems.

Go to article at

15.5.2020

Ransomware

1 in 6 Massachusetts Communities Hit by ‘Ransomware’ Attacks

Ryan Kath and Jim Haddadin report: Inside the Bay State, a handful of attacks against cities and towns have garnered...

Go to article at

15.5.2020

Ransomware

Spear phishing 101: what you need to know

We look at the threat of spear phishing, why it's such a problem, and what organizations can do to lessen the chance of a successful attack. Categories: Social engineering Tags: 101businessmalspamorganisationorganizationorganizationsphishphishingscamsmishingSocial Engineeringspamspear phishspear phishingwhaling (Read more...) The post Spear phishing 101: what you need to know appeared first on Malwarebytes Labs.

Go to article at

15.5.2020

Phishing