Data Privacy Weekly: Your Industry News Series
01. Google Chrome’s Enhanced Password Manager Safeguards Your Credentials
Google Chrome’s built-in Password Manager is receiving new security features to protect user credentials. These enhancements include a dedicated desktop shortcut for easy access, biometric authentication on desktop platforms, the ability to save custom notes with logins, importing passwords from other managers, and an expanded Password Checkup tool on the Chrome iOS app.
Despite the potential risks associated with storing passwords in a browser, these updates aim to enhance the security of Google Password Manager and provide added protection for users’ accounts.
02. Microsoft Azure Portal: Traffic Spike or DDoS Attack?
Microsoft Azure experienced connectivity issues on its Azure Portal, which the company initially attributed to a “traffic spike.” However, a cybercrime group, Anonymous Sudan, claimed responsibility for the outage, suggesting it was a distributed denial of service (DDoS) attack. The incident affected multiple Microsoft services, including Entra Admin center and Intune.
Microsoft employed load balancing and auto-recovery operations to mitigate the issue and continued monitoring platform health. Prior to this, OneDrive was also targeted by a DDoS attack with the same threat actor claiming responsibility.
03. Major Data Breach at Zacks Investment Research Exposes 8.8 Million Customers
Zacks Investment Research has reportedly suffered an undisclosed data breach affecting 8.8 million customers, with the compromised database now circulating on a hacking forum. This breach follows a previously disclosed incident where unauthorized individuals accessed the personal information of approximately 820,000 customers. The additional breach, discovered by the data breach notification service Have I Been Pwned, contains email addresses, usernames, passwords, addresses, phone numbers, and other data but does not include financial information.
Zacks plans to notify affected users but has not provided a timeline. The leaked database increases the risk of phishing and credential-stuffing attacks, necessitating users to change their Zacks passwords and any reused passwords on other sites.
04. LockBit Ransomware Gang Extorts $91 Million from U.S. Organizations
U.S. and international cybersecurity authorities issued a joint advisory revealing that the LockBit ransomware gang has extorted approximately $91 million from U.S. organizations through 1,700 attacks since 2020. This Ransomware-as-a-Service (RaaS) operation was the leading global threat in 2022, with the highest number of victims on their data leak site.
LockBit targeted various sectors, including finance, education, healthcare, and government, and the advisory provides a list of tools and tactics used by LockBit affiliates. Mitigation measures are also recommended to defend against LockBit activity. The FBI urges organizations to review the advisory and report any cybercrime incidents.
05. U.S. Government Agencies Targeted in Global Cyberattack on File-Transfer Service
Multiple U.S. government agencies, including the Department of Energy, were targeted in a global cyberattack on the file-transfer service MOVEit. The attack, attributed to a Russian-speaking criminal group, has not led to data leaks or extortion demands so far. The software operator, Progress, has released security patches, and law enforcement agencies are involved.
Recent cyberattacks, including the SolarWinds incident, have been linked to Russian government-backed groups or individual actors. In a separate development, Microsoft revealed a state-sponsored Chinese hacking group spying on critical infrastructure organizations. Collaborative efforts are underway to identify the extent of the breaches.
