Technology has advanced our world in countless ways. Every day we bank, shop, conduct business, and exchange photos and messages with family and friends online. While digital devices and services offer great convenience, they also pose risks to our data and privacy as our offline and online lives converge. In 2021, data breaches reached an all-time high of 1,862, according to the Identity Theft Resource Center (ITRC), a 68% increase over 2020.

Maybe it’s the changing of the seasons, the start of a new school year, or just something in the air, but September’s cybersecurity landscape was marked with high-energy hacks that seem to have served as twisted amusements for their perpetrators. This month’s round-up is full of criminals who weren’t content just to collect a ransom or sell some private data. These hackers wanted to scorch the earth and hurt their victims with an extra layer of malice and humiliation.

Each business today requires user data to provide a better customer experience. The widespread use of data has triggered cyberattacks so much that they have become a part of software too. As per stats, there were 121 ransomware attacks in the first half of 2021. And these attacks are primarily in the form of fake software. This is where code signing and Enterprise Code Signing Certificate come into the picture.

RedLine is an infostealer malware discovered in 2020. Often sold in underground forums, it is capable of stealing data such as credit card numbers, passwords, VPN and FTP credentials, gaming accounts, and even data from crypto wallets. In May 2022, Netskope Threat Labs analyzed a RedLine stealer campaign that was using YouTube videos to spread, luring victims into downloading a fake bot to automatically buy Binance NFT Mystery Boxes.

Another week, another supply chain incident. It’s been only nine days since the Mend research team detected the dYdX incident, and today we have detected another supply chain malicious campaign. On October 02, 2022 at 12:12 UTC, a new npm account was registered, and a package called nuiversalify was immediately uploaded. The same threat actor then proceeded to publish more typo/spellcheck squattings of popular packages until 14:03:29 UTC, with small but irregular time gaps between uploads.

It may sound counterintuitive, but the Dark Web presents an invaluable opportunity for businesses to flip the script on hackers. The Dark Web remains a relatively hidden digital space that comprises upwards of 5 percent of the entire internet. This is where cybercriminals go to peddle sensitive and valuable data after breaching vulnerable business networks.

Trustwave security teams are aware of two zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) impacting Microsoft Exchange Server 2013, 2016, and 2019 and organizations with Outlook Web Access facing the Internet. If exploited, the vulnerabilities can allow an attacker to elevate privilege and remote code execution capability. We immediately investigated the vulnerabilities and potential exploits and continue to monitor the situation.

The Broadway Tower in Worcestershire, England is a famous structure. It’s inspiring, beautiful, and at 62 feet high, like other similar buildings, it’s a folly. While it looks grand inside and out, it serves no purpose than to be a decoration. It’s all too easy to buy a set of policies and procedures, change the company name and some other details, then present it as an application development and security program.

After years of falling behind, the construction industry has realised the importance of its data. Construction-related businesses invested a remarkable 188% more in cybersecurity in 2018–19. Data leaks and cyberattacks have jolted sectors worldwide, affecting everyone. 55% of UK businesses experienced a cyberattack in 2019 alone, and the average damage resulting from breaches is £176,000.