Largest ever collection of 8.4 billion Passwords leaked Online



Original Source Here

Credit: Getty Images

CYBERSECURITY BULLETIN

Largest ever collection of 8.4 billion Passwords leaked Online

‘RockYou2021’ is a massive 100GB TXT file contained 8,459,060,239 unique entries, which was leaked on a hacker forum

Regardless of today’s revelation, it always makes sense to frequently change your passwords apart from using additional security layers like 2-factor authentication (2FA). In a startling revelation, the tech news site CyberNews has reported that a user of a popular hacker forum leaked a massive 100GB TXT file containing 8,459,060,239 unique password entries. The file named ‘RockYou2021’ apparently combined the data from previous leaks & breaches.

According to CyberNews, the collection exceeds its 12-year-old namesake by more than 262 times, this leak is comparable to the Compilation Of Many Breaches (COMB). The sheer size of the latest database is enough to cover the global online population of 4.7 billion people — two times over. Therefore it makes sense to immediately check if the passwords were leaked.

If you feel comfortable enough, you can use CyberNews personal data leak checker or their leaked password checker. The news outlet claims it has now uploaded nearly 7.9 billion entries from the RockYou2021. They also have a useful strong password generator to go with these resources. Apart from this, change your password often, keep complex passwords, enable 2FA & keep your guard up against incoming spam emails, unsolicited texts, and phishing messages.

An example of leaked passwords included in the RockYou2021 compilation — Credit: CyberNews

And while we are on the topic of passwords, Cybersecurity researchers at Agari have now determined that 50% of all compromised accounts are accessed within 12 hours. Experts at Agari planted fake credentials onto websites and forums popular for dumping stolen usernames and passwords. Seeded over the course of six months, the records were designed to look like compromised logins for well-known cloud software applications. Agari researchers also discovered how cybercriminals access and use compromised accounts.

Moving beyond the headline story, let’s review some of the other cybersecurity incidents & issues that have been reported recently.

1.8 million App Store Scams

Apple’s privacy push towards the apps on its proprietary App Store couldn’t have come at a better time. The smartphone giant’s push towards app distribution on iPhones is perhaps an attempt to clean up its store of scams. According to an analysis by the Washington Post, Of the highest 1,000 grossing apps on the App Store, nearly two percent are scams.

An example of the phishing email — Image Credit: Fortinet

Market research firm Appfigures estimates that consumers have been swindled out of an estimated $48 million during the time they have been on the App Store. Ironically, Apple keeps a cut of 30% of all the revenue generated through its App Store. Two-thirds of the 18 apps ‘The Post’ flagged to Apple were removed from the App Store. No wonder then, Apple has been under increasing scrutiny by Regulators & Competitors.

Agent Tesla Malware for Windows PCs

Researchers at Fortinet are reporting that a phishing campaign is delivering a new variant of one of the oldest forms of remote access trojan (RAT) malware in an effort to steal usernames, passwords, and other sensitive information. It also aims to steal cryptocurrency from the victim. First discovered in 2014, the RAT ‘Agent Tesla’ uses a keylogger to steal sensitive information from compromised Windows machines. The latest version of the RAT spreads the malware via phishing emails. Designed to look like a business email (pictured above), the document contains a macro, which if run, downloads Agent Tesla onto the machine.

BackDoorDiplomacy Victims by Country & Vertical — Image Credit: ESET

‘BackdoorDiplomacy’ Hacking Group

This hacking group revealed by ESET researchers has been targeting Ministries of Foreign Affairs and telecommunication companies in Africa and the Middle East since at least 2017. The advanced persistent threat (APT) group dubbed as ‘BackdoorDiplomacy,’ works by exploiting vulnerable internet-exposed devices such as web servers and management interfaces for networking equipment. According to the report, the platform targets both Linux and Windows systems. Once installed, the hackers scan the device for the purposes of lateral movement; install a custom backdoor, and deploy a range of tools to conduct surveillance and data theft.

And finally, before we wrap up, here’s a mention about a new ransomware group — named ‘Prometheus’, it first emerged in February of this year. The emerging group of cybercriminals resorts to double extortion tactics, where they not only encrypt networks in return for a ransom, but also threaten to leak the stolen data if the demand for cryptocurrency is not met. As reported by Cybersecurity researchers at Palo Alto Networks, the ransomware group claims to have hit over 30 victims around the world so far, including organizations in North America, Europe & Asia.

AI/ML

Trending AI/ML Article Identified & Digested via Granola by Ramsey Elbasheer; a Machine-Driven RSS Bot

%d bloggers like this: