Welcome reader to your CybersecurityHQ report

Headlines

The most extensive password compilation ever, called RockYou2024, was leaked on a popular hacker forum on July 4. The .txt file contains 9,948,575,739 unique plaintext passwords. Research into the passwords reveals that they are a mix of previously breached passwords with newly breached ones. It’s an expanded and updated version of the RockYou2021 compilation, which was the largest of its kind until now.

The sheer number of active passwords in the file could lead to credential-stuffing attacks. And it’s leading many cybersecurity advocates to sound the alarm around password protection—including regular password resets and multi-factor authentication.

New research by a team at Stanford University reveals that 350 million people added insecure browser extensions in just the past 2 years. That figure includes outright malware posing as browser extensions and ones so out-of-date that they pose an inherent security risk.

The study focused exclusively on the Chrome Web Store, where the 10,400 extensions they found containing malware sat ready for download an average of 380 days each. 346 million users have installed at least one extension that the team considers a security risk. 280 million users have downloaded extensions that are deemed malware.

A recent study by TRM Labs suggests that the amount of cryptocurrency stolen in hacks more than doubled in the first half of 2024 compared to a year earlier. They calculate that hackers stole over $1.38 billion of crypto from January 1 to June 24, 2024. In the same period in 2023, hackers had stolen about $657 million worth of crypto.

That was primarily driven by rising crypto prices. Those high crypto prices, well above where they bottomed out in late 2022, make hacks more attractive to threat actors. And when they do hack crypto accounts, those higher prices mean much more lucrative hauls. In fact, the median hack in 2024 was worth one and a half times its equivalent in 2023.

Interesting Read

An FTC business blog earlier this year delivered some depressing news—romance scams stole over $1.14 billion from Americans in 2023. Romance scams involve tricking victims into handing over important account details. That trust is built by feigning a romantic connection.

Because of the high levels of embarrassment and shame that victims often experience in romance scams, that staggering $1.14 billion figure is probably low, as victims will frequently not report their losses.

Employment Tip: Find Your Niche

General knowledge is a great foundation, but niche expertise opens you up to roles that are deeply rewarding and well paying. Luckily, it’s a field with no end to niches—from digital forensics to cryptography to cloud security.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team