The US Department of Justice (DOJ) has announced today that a multinational operation took down Slillpp, the largest online marketplace of stolen login credentials. Law enforcement agencies from the United States, Germany, the Netherlands, and Romania seized servers used to host Slilpp's marketplace infrastructure and its domain names. The marketplace's websites are now replaced with a seizure banner on the clear web and displaying an invalid onionsite address error on the dark web. Read more >>>
President Biden signed an Executive Order to improve the nation’s cybersecurity and protect federal government networks. This Executive Order makes a significant contribution toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur. Read more >>>
Google strives to push all its users to start using two-factor authentication (2FA), which can block attackers from taking control of their accounts using compromised credentials or guessing their passwords. This move is meant to increase Google user accounts' security by removing the "single biggest threat" making easy to hack: passwords that are hard to remember and, even worse, easy to steal via data breaches and phishing. Read more >>>
Attackers are promoting sites impersonating the Microsoft Store, Spotify, and an online document converter that distribute malware to steal credit cards and passwords saved in web browsers. The attack was discovered by cybersecurity firm ESET who issued a warning yesterday on Twitter to be on the lookout for the malicious campaign. Read more >>>
The United States government is formally accusing the Russian government of the SolarWinds supply-chain attack that gave hackers access to the network of multiple U.S. agencies and private tech sector companies. In a brief announcing sanctions on Russia for actions against the U.S. interests, the White House is naming the Cozy Bear group of advanced hackers as the author of the cyber espionage activity exploiting the SolarWinds Orion platform. Read more >>>
Today is Microsoft's April 2021 Patch Tuesday, and with it comes five zero-day vulnerabilities and more Critical Microsoft Exchange vulnerabilities. It has been a tough couple of months for Windows and Microsoft Exchange admins, and it looks like April won't be any easier, so please be nice to your IT staff today. With today's update, Microsoft has fixed 108 vulnerabilities, with 19 classified as Critical and 89 as Important. Read more >>>