Welcome reader to your CybersecurityHQ report.

Headlines

An unprotected database from Real Estate Wealth Network, a New York-based online real estate education platform, was found accessible on the internet, as reported by vpnMentor. The database, discovered by cybersecurity researcher Jeremiah Fowler, was vast, containing 1.16 terabytes and over 1.5 billion records. The enormous trove of information included property history, bankruptcy, tax liens, and more.

Among those affected by the data breach were several celebrities and politicians — Kylie Jenner, Blake Shelton, Britney Spears, Floyd Mayweather, Dave Chappelle, Elon Musk & Associates LLC, Dolly Parton, Mark Wahlberg, and Nancy Pelosi were mentioned. The exposed information included sensitive details such as street addresses, purchase prices, mortgage data, tax ID numbers, and taxes owed or paid.

Canada's BlackBerry surprised the market with a promising quarterly profit, fueled by strong demand for cybersecurity services in the face of escalating online threats. Despite a general downturn in IT spending, cybersecurity investments have remained robust as organizations, including governments, intensify their defenses against cyber attacks. This resilience in cybersecurity spending comes as major entities, like MGM Resorts International and Caesars Entertainment, grapple with significant data breaches.

BlackBerry, abandoning its earlier plans for a public offering of its Internet of Things (IoT) division, is now working towards dividing its IoT and Cybersecurity segments into independent units. CEO John Giamatteo announced efforts to streamline operations and reduce cash flow usage in the fourth quarter. The company is also restructuring to enable each unit to operate independently and maintain profitability. For the fourth quarter, BlackBerry projects revenues between $150 million to $159 million. Performance improved over the third quarter, with a slight profit and $175 million in revenue, surpassing analysts' expectations.

A new JavaScript malware campaign, targeting more than 40 financial institutions worldwide, has compromised over 50,000 online banking sessions across North America, South America, Europe, and Japan. Detected by IBM Security Trusteer in March 2023, this malware aims to steal banking credentials through web injections. The attack involves altering bank websites’ login pages to collect users' credentials and one-time passwords (OTPs). The malware, delivered possibly via phishing or malvertising, uses scripts from a threat actor-controlled server, targeting a common page structure shared by several banks.

The script's behavior is dynamic, adapting based on the command-and-control server’s feedback and the current page's structure. It can modify web pages, insert fraudulent elements, and even display a fake error message, misleading users that the banking services are unavailable for 12 hours, giving attackers a window to seize account control. The origins of the malware are unclear, but indicators point to a possible link with DanaBot, a known malware family.

Interesting Read

In the rapidly evolving digital landscape, the U.S. government is orchestrating a discreet yet profound transformation in cybersecurity, impacting every sector of the economy. Eric Noonan's latest article for Fortune delves into the sweeping changes brought about by new cybersecurity regulations. From the SEC's recent rules mandating prompt disclosure of cyber incidents to comprehensive compliance across all 16 critical infrastructure sectors, the landscape is shifting. This seismic change extends to nearly every business in the economy.

International allies are joining forces to strengthen the global digital economy. This movement, kickstarted by a White House executive order, is rapidly evolving into a robust market for cybersecurity compliance, reshaping legal and economic frameworks. As these mandatory minimum cybersecurity standards become a new normal, the article highlights the far-reaching consequences for businesses, from legal imperatives to the bottom line, marking a new era of digital resilience and economic stability.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team