AboutDFIR.com – The Definitive Compendium Project
Digital Forensics & Incident Response

Blog Post

InfoSec News Nuggets 2/7/2024

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data 

Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as ResumeLooters since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew’s activities are geared towards job search platforms and the theft of resumes, with as many as 65 websites compromised between November 2023 and December 2023. The stolen files are estimated to contain 2,188,444 user data records, of which 510,259 have been taken from job search websites. Over two million unique email addresses are present within the dataset.  


A new commitment to digital wellbeing for kids and teens 

The internet has helped millions of kids learn, connect and prepare for their futures in ways that were impossible even a decade ago. As more young people come online and new innovations like AI are introduced, people are asking important questions about how they can help kids — from preschool to high school — create and maintain safe and healthy relationships with technology. Since 2019, searches for “teen mental health” have more than doubled — reaching an all time high last year. In 2023, people all over the world were also looking for information on “parental controls,” “screen time” and “AI for kids” more than ever before. Questions about technology are top of mind for families, and for Safer Internet Day we’re sharing new commitments, tools and ongoing product improvements to help kids and families create safe, healthy and balanced relationships with technology. 


Verizon insider data breach hits over 63,000 employees 

Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information. Verizon is an American telecommunications and mass media company providing cable TV, telecommunications, and internet services to over 150 million subscribers across the U.S. The company has more than 117,000 workers and has an annual revenue of 136.8 billion (2022). A data breach notification shared with the Office of the Maine Attorney General reveals that a Verizon employee gained unauthorized access to a file containing sensitive employee information on September 21, 2023. 


Report: Mac security threats on the rise, here’s what to watch out for 

Malwarebytes has released its latest report digging into the state of malware to start 2024. The findings include which countries see the most ransomware attacks, the evolution of malware over the last year, how Mac threats are growing, which Mac threats to watch out for, and more. Malwarebytes released its 29-page 2024 State of Malware report today. In its opening, the company says: As we enter 2024, ransomware remains the most significant cyberthreat facing businesses. Awash with money, the ransomware ecosystem surged in 2023 and continued to evolve its tactics. The number of known attacks increased 68%, average ransom demands climbed precipitously, and the largest ransom demand of the year was a staggering $80 million—requested by the LockBit gang following an attack on Royal Mail. 


Ransomware Retrospective 2024: Unit 42 Leak Site Analysis 

The ransomware landscape experienced significant transformations and challenges in 2023. The year saw a 49% increase in victims reported by ransomware leak sites, with a total of 3,998 posts from various ransomware groups. What drove this surge of activity? 2023 saw high-profile vulnerabilities like SQL injection for MOVEit and GoAnywhere MFT services. Zero-day exploits for these vulnerabilities drove spikes in ransomware infections by groups like CL0P, LockBit and ALPHV (BlackCat) before defenders could update the vulnerable software. 

Related Posts