The all in one place for non-profit security aid.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has shared a factsheet providing details on free tools and guidance for securing digital assets after switching to the cloud from on-premises environments. […] Read More
BleepingComputer
Hackers Exchanging Hundreds Of Network Operators’ Credentials on Dark Web
[[{“value”:”
A recent cyberattack on Orange España highlights the vulnerability of telecom network personnel and the critical need for improved digital hygiene.
Hackers are actively targeting network engineers and IT infrastructure managers, seeking access to the organization’s sensitive data and infrastructure.
This alarming report by Resecurity reveals a disturbing trend: hundreds of network engineers’ credentials for organizations worldwide are being sold on the dark web.
Document
Run Free ThreatScan on Your Mailbox
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
These compromised credentials grant attackers access to sensitive systems and data, potentially leading to devastating cyberattacks.
In January 2024, attackers hijacked an Orange España employee’s computer, stealing credentials for their RIPE NCC account.
This granted them access to manipulate the telecom’s network settings, causing a widespread internet outage.
Resecurity’s investigation uncovered over 1,500 compromised credentials for regional internet registries, including RIPE, APNIC, AFRINIC, and LACNIC.
These credentials were likely stolen by info stealers, malware designed to silently collect sensitive information.
Worryingly, some credentials were offered for as little as $10, making them readily accessible to cybercriminals.
Stolen credentials can be used for more than just disrupting services. They can also grant access to:
Enterprise Identity and Access Management (IAM) systems: This could allow attackers to steal sensitive data or grant unauthorized access to other systems.
Virtualization systems: This could allow attackers to manipulate virtual machines and disrupt critical operations.
Cloud providers: This could expose sensitive data stored in the cloud or allow attackers to launch further attacks from within the cloud environment.
Backup and disaster recovery systems: This could prevent organizations from recovering from cyberattacks or natural disasters.
Implement multi-factor authentication (MFA) for all accounts: This adds an extra layer of security by requiring a second factor, like a code from the phone, to log in.
Educate employees about cyber security best practices: Teach employees to be wary of phishing emails, suspicious links, and malware.
Regularly monitor the dark web for compromised credentials: Services like Resecurity can help you identify and address compromised credentials before they are used in an attack.
Patch systems and software regularly: This helps to close security vulnerabilities that attackers can exploit.
The post Hackers Exchanging Hundreds Of Network Operators’ Credentials on Dark Web appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
The AI Fix #7: Can AIs speak dolphin and do robots lick toads?
In episode seven of The AI Fix, Alexa goes wild, Mark learns how to hang a towel on a Peloton for only $39.90 a month, Graham puts the news items in the wrong order, and a strawberry uses the internet.
Graham explains to Mark what bats argue about, our hosts ponder whether AI should always write in Comic Sans, and Mark tells Graham why AIs are like dolphins that smoke pufferfish.
All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley. Read More