Spring cleaning? Don’t forget about your digital footprint

Here are some quick and easy tips to help you clean up your cyber-clutter and keep your digital footprint tidy You’ve probably heard the phrase “digital footprint” before, but do you really know what it is? Your social media content, various online payment transactions, location history, emails sent, messages sent through instant messaging platforms, and passport usage – these are just some of the data that makes up your digital footprint. Depending on how you approach your privacy on the internet, and what your social media habits are, this data could be gathered and used to create a comprehensive portrait of you. Data that could be abused by threat actors for all [...]

One in six people use pet’s name as password

Other common and easily hackable password choices include the names of relatives and sports teams, a UK study reveals As many as 15% of Brits use their pets’ names as passwords to “protect” their online accounts, according to the United Kingdom’s National Cyber Security Center (NCSC). The agency cited figures from a survey that revealed how a worrying number of Brits leave themselves wide open to account takeover and other attacks. As many as 14% use family members’ names as part of their passwords. Another 13% use a date that is important to them, with 6% integrating the name of their favorite sports club or team into their passwords. Also, 6% admitted [...]

FBI removes web shells from compromised Exchange servers

Authorities step in to thwart attacks leveraging the recently-disclosed Microsoft Exchange Server vulnerabilities The United States’ Federal Bureau of Investigation (FBI) has carried out a court-approved operation to “copy and remove” malicious web shells from hundreds of systems across the US that were compromised through the mass exploitation of zero-day flaws in Microsoft Exchange Server earlier this year. The Department of Justice (DoJ) said that many IT admins have since cleansed their systems of the malicious web shells, which were used for backdoor access to the servers. However, other systems “persisted unmitigated”, which is where the operation came in. “This operation removed one early hacking group’s remaining web shells which could have been [...]

WhatsApp flaw lets anyone lock you out of your account

An attacker can lock you out of the app using just your phone number and without requiring any action on your part If you use WhatsApp, you may want to be wary of an attack where cybercriminals could suspend your account using only your phone number. The underlying loophole abuses a lapse in security of two independent WhatsApp processes, according to Forbes, which quoted research by Luis Márquez Carpintero and Ernesto Canales Pereña. For context, when you first go through the process of setting up your WhatsApp account on a device, you’re asked for your phone number to which a verification code is sent. Once you enter the code, you’re prompted for your [...]

Clubhouse in the spotlight after user records posted online

Reports of another trove of scraped user data add to the recent woes of popular social media platforms It seems that threat actors are increasingly setting their sights on extracting vast amounts of data from social media platforms. The cascade of incidents started off with a data leak impacting more than half a billion Facebook users and was followed by another incident where personal information belonging to a similar number of LinkedIn users also ended up for sale on a hacking forum. Barely a few days have passed and Clubhouse, the popular audio-only social media platform, has experienced a sort of incident of its own. According to Cybernews, which broke the latest [...]

Data from 500 million LinkedIn accounts put up for sale

The treasure trove of data reportedly includes users’ LinkedIn IDs, full names, email addresses, phone numbers and workplace information Mere days after news broke of a data leak that impacted more than half a billion Facebook users, another massive batch of people’s personal information is being offered for sale on a hacking forum. This time around, the treasure trove of data originates from LinkedIn, although the social networking site says that the records don’t come from a data leak or a breach of its systems. According to Cybernews, which broke the story, an unidentified threat actor is purporting to have scraped information from 500 million LinkedIn accounts, which is no less than two-thirds [...]