PayPal Accounts Breached Due to Password Recycling
On January 19, 2023, Paypal sent out data breach notifications and informed nearly 35,000 of their users that their accounts were compromised in December 2022.
Paypal explained that the accounts were targeted by hackers through credential stuffing – an attack where leaked usernames and passwords from various websites are used to try and access a target account.
Leaked credentials are often due to recycled usernames and passwords. Paypal claimed that the data breach was not caused by a failure in its systems.
Personal information that the hackers were able to breach included full names of account owners, social security numbers, birth dates, and postal addresses. Paypal says that the attackers were not able to perform unauthorized transactions and resetting of passwords were done to the affected accounts.
For those who want to avoid the burden of having to remember and type lengthy passwords for various accounts, password managers are a great solution because their sync and password-generating abilities allow ease of access to various accounts. SSL.com Client Authentication Certificates can also provide an extra layer of security that passwords alone cannot give by restricting access to sensitive sites and applications. They shield your online accounts from malicious actors by ensuring that only you as the verified individual can access them. Click here for more information on SSL.com Client Authentication Certificates.
Iranian and Russian Hackers Discovered to be Targeting Politicians and Journalists
British politicians and journalists are reported to have been targeted with phishing attacks by two hacking groups: Iran-based TA453 and Russia-based Seaborgium. In 2022, Seaborgium was discovered to be attacking three nuclear research labs in the US. TA453 was previously monitored and found to be potentially targeting American politicians.
The United Kingdom’s Cyber Security Centre (NCSC) warned potential targets not to fall for malicious links that are used to steal information in their online accounts.
The hackers have been found to create fake social media profiles of the targets’ contacts and then go on to share bogus conference or event invitations, a lot of times in the form of Zoom meeting links that contain malicious code. The fake links allow the hackers to steal the email account credentials of the victims. Upon entry, they have been detected sniffing into mailing-list data and contact lists which they then use for further phishing campaigns.
The hackers have also set up websites disguised as authoritative organizations to further fool their targets. Interestingly, they go for personal email accounts rather than official work accounts. Aside from being likely to have lesser multifactor authentication, personal accounts can also cause the victim to be less cautious when communicating.
Protect your personal and organizational email communications with SSL.com’s S/MIME certificates: SSL.com’s S/MIME certificates give you peace of mind by encrypting emails with a tamper-proof digital signature. If the sender and receiver of an email both have S/MIME certificates, only the two of them can view the contents of the message. By encouraging your email contacts to use an S/MIME certificate, you can be assured that emails really come from them and not from a hacker. Click here for more information on SSL.com S/MIME Certificates.
Healthcare Industry Most Common Victim of Third-party Breaches, Black Kite Finds
The 2023 Third Party Data Breach Report by Black Kite revealed that the healthcare industry received the highest amount of third-party breaches in 2022. The share in percentage amounts to 34%, an increase by 1% compared to 2021.
Black Kite explains the reason for the healthcare industry’s continually vulnerable position:
“Lack of budget, remotely shared personal data between patients and hospital systems, and outdated software all point to avenues for hackers to infiltrate and gain access to health-related sensitive data. That’s why, again this year, the most affected sector has been healthcare.”
The report comes at the heels of several high-profile cybersecurity attacks against healthcare companies in 2022, including the data leak of 2 million New England patients being serviced by Shields Health Care Group; the ransomware attack against CommonSpirit hospital which compromised the private information of more than 600,000 people; and the attack against multinational healthcare services company Tenet Healthcare which caused several of their hospitals to go offline forcing their staff to use paper and charts.
Hospitals do not usually prioritize cybersecurity in their IT budgets. In the 2021 HIMSS Healthcare Cybersecurity Survey, hospitals were found to only allocate 6% or less of their IT expenditures for cybersecurity.
Remember: you are only secure as your most-vulnerable software. You can have all the million-dollar equipment in the world, and something as basic as a phishing attack can give the bad guys the keys to your patients’ data, or lead to a ransomware attack that holds everything hostage for a pretty penny. Investing in cybersecurity goes a long way in ensuring that an organization is able to protect its critical assets and serve its clients.
Additionally, SSL.com Client Authentication Certificates can readily protect an organization’s critical systems by providing an extra layer of security that passwords alone cannot give. They secure sensitive data and digital assets from hackers by ensuring that only the verified individuals or organizations are granted access. Click here for more information on SSL.com Client Authentication Certificates.
US Government No Fly List Leaked on a Hacking Forum
In a wide-scale data breach, a U.S. No Fly List containing the complete names, likely aliases, and birth dates of more than 1.5 million suspected terrorists has been leaked on a hacking forum.
According to Swiss hacker maia arson crime, the person who leaked the sensitive information, she discovered the No Fly List unsecured on an AWS server owned by Ohio airline CommuteAir.
CommuteAir said the breached server was taken offline after it was contacted by the hacker. In November 2022, a different set of personally identifiable information (PII) held by the airline was also hacked. Information that was compromised included names, birth dates, and portions of Social Security numbers.
The No Fly List is usually not publicly accessible and strictly held by relevant government agencies including the Transportation Security Agency (TSA) and Department of Defense, and is coordinated with private airlines for reference. Given the sensitive nature of such lists, it calls into question how the US government can make sure that the data they share with private organizations can be stored securely.
In addition, our Client Authentication Certificates can readily protect an organization’s critical systems and servers by providing an extra layer of security that passwords alone cannot give. They shield sensitive data and digital assets from malicious actors by ensuring that only the verified individuals or organizations are granted access to them. Learn more about SSL.com Client Authentication Certificates through this page.
OV & IV Code Signing Key Storage Requirements are Changing
With input from most of its membership, the CA/Browser Forum is changing the OV & IV Code Signing Key Storage Requirements. The change date is June 1, 2023. OV & IV Code Signing Certificates will be issued on Yubico USB Tokens or available via the SSL.com eSigner cloud signing service.
Additional information on this change can be found on the CA/Browser Forum website. Learn more about the SSL.com eSigner cloud code signing solution: https://www.ssl.com/esigner/.