Attackers Leave Stolen Credentials Searchable on Google

[TechWeb]( Follow Dark Reading: [RSS]( January 22, 2021 LATEST SECURITY NEWS & COMMENTARY [Attackers Leave Stolen Credentials Searchable on Google]( Operators behind a global phishing campaign inadvertently left thousands of stolen credentials accessible via Google Search. [DreamBus, FreakOut Botnets Pose New Threat to Linux Systems]( Researchers from Zscaler and Check Point describe botnets as designed for DDoS attacks, cryptocurrency mining, and other malicious purposes. [Breach Data Shows Attackers Switched Gears in 2020]( Attackers focused more on ransomware, while the consolidation of data into large databases led to fewer reported breaches but more records leaked. [7 Steps to Secure a WordPress Site]( Many companies operate under the assumption that their WordPress sites are secure -- and that couldn't be anything further from the truth. [Cloud Jacking: The Bold New World of Enterprise Cybersecurity]( Increased reliance on cloud computing puts more weight on robust authentication systems to protect data against hijackers. [Rethinking IoT Security: It's Not About the Devices]( Keeping IoT safe in the future will require securing the networks themselves. Focusing on the devices is a never-ending battle that will only become more burdensome. [MORE NEWS & COMMENTARY]( HOT TOPICS [Microsoft Releases New Info on SolarWinds Attack Chain]( Threat actors went to elaborate lengths to maintain operational security around second-stage payload activation, company says. [Vulnerabilities in Popular DNS Software Allow Poisoning]( Seven flaws in DNSMasq have limited impact, but in combination they could be chained to create a multistaged attack. [4 Intriguing Email Attacks Detected by AI in 2020]( Here's to the sneakiest of the sneaky. These clever phishing messages -- that standard validation measures often missed -- deserve proper dishonor. (Sponsored) [MORE]( EDITORS' CHOICE [SolarWinds Attack Underscores 'New Dimension' in Cyber-Espionage Tactics]( Meanwhile, Malwarebytes is the latest victim, Symantec discovers a fourth piece of malware used in the massive attack campaign, and FireEye Mandiant releases a free tool to help spot signs of the attack. [A Security Practitioner's Guide to Encrypted DNS]( Best practices for a shifting visibility landscape. LATEST FROM THE EDGE [Hacker Pig Latin: A Base64 Primer for Security Analysts]( The Base64 encoding scheme is often used to hide the plaintext elements in the early stages of an attack that can't be concealed under the veil of encryption. Here's how to see through its tricks. Tech Resources - [Improving Your Enterprise's Protection With Cyber Resilience]( - [Centralized Security Policy Management Across Hybrid Cloud Environments Should be an Obvious Strategy]( - [The Trouble with Phishing]( - [The Essential Guide to Securing Remote Access]( - [Top Threats to Cloud Computing: The Egregious 11]( - [SANS Report: Measuring and Improving Cyber Defense Using the MITRE ATT&CK Framework]( - [The 2020 Duo Security Trusted Access Report]( [ACCESS TECH LIBRARY NOW]( - [The Failures of Static DLP and How to Protect Against Tomorrow's Email Breaches]( In the last 12 months, 93% of organizations experienced security incidents where email use has put sensitive data at risk. Join this webinar to learn the impact of the COVID-19 pandemic on email security and remote working, the limitations of static DLP ... - [How Elite Analyst Teams are Transforming Security with Cyber Reconnaissance]( In this webinar, we will look at case studies from consumer banks and big retail to illustrate how these organizations are leveraging their analyst teams in more strategic ways to vastly improve their security postures. Learn how these organizations are ... [MORE WEBINARS]( FEATURED REPORTS - [Assessing Cybersecurity Risk in Today’s Enterprises]( - [2020 State of Cybersecurity Operations and Incident Response]( [MORE REPORTS]( CURRENT ISSUE [2020: The Year in Security]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [NextGen Cyber Talent Announces its First Pilot Cohort and Governing Board]( [TAG Cyber Collaborates with Kean University Center for Cybersecurity to Award Grants to Students]( [Over Half of UK Businesses Cite Security Concerns as Biggest Barrier to Public Cloud Adoption]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)