What harm can a compromised credential possibly do to you? A popular internet domain registrar and web hosting company has exposed millions of its clients and their customers to potential phishing attacks owing to exposed credentials. Meanwhile, the world’s largest manufacturer of wind turbines and the second-largest air carrier of Iran disclosed breach incidents. What more? Patch your Exchange servers. Seriously. Let’s read on for the top ten cybersecurity headlines from the weekend.
- The world’s largest domain registrar, GoDaddy, with 19 million customers, has disclosed a data breach impacting web hosting account credentials
- IT infrastructure at Vestas Wind Systems was knocked offline by adversaries in a cyber incident. A possibility of a ransomware attack is being probed.
- Iran’s Mahan airline, which was blacklisted by the U.S. in 2011, suffered a cyberattack. The lesser-known Hooshyarane Vatan group claimed responsibility for the attack.
- The U.S. SEC warned investors against scammers approaching them about unauthorized transactions or other suspicious activity in their checking or cryptocurrency accounts.
- Security firm Prodaft infiltrated a sensitive server belonging to the Conti ransomware group to scrutinize its activities. It prompted the hackers to take their payment portal offline.
- Attackers are targeting unpatched Exchange servers for vulnerabilities such as ProxyLogon and ProxyShell to breach corporate email servers and drop Squirrelwaffle malware.
- JFrog discovered 11 malicious Python packages in the PyPI repository. These could extract Discord access tokens, passwords, and even carry out dependency confusion attacks.
- A new study from the Identity Theft Resource Center revealed that about 48% of people don’t trust or know about using a password manager and nearly 46% lack confidence in their password practices.
- Cybersecurity firm Shield-IoT raised $7.4 million in its Series A round led by NextLeap Ventures and Bloc Ventures, with participation from others.
- Expel, a firm that provides managed threat detection and response services, raised $140.3 million in its Series E funding co-led by Alphabet’s independent growth fund CapitalG and Paladin Capital Group.