📰 Defend Against Common Cyberthreats | Tuesday Times | May 14, 2024

josem.serrano

What is Tuesday Times?

Tuesday Times is a weekly Tuesday series where we highlight a handful of recent cybersecurity-related news stories. We'll provide brief summaries of these news stories and link the articles directly, should you want to read more!

Feel free to comment on any of the articles highlighted, or share your own in the comments below!

Defend Against Common Cyberthreats | Tuesday Times | May 14, 2024

How can businesses defend themselves against common cyberthreats?

• With so many AI tools on the market, it's unsurprising that hackers are leveraging this technology to create more sophisticated cyberattacks. TechRepublic explains and provides advice on avoiding and dealing with the most common cyber threats.
• From phishing emails to ransomware attacks, the most recurring tip involves educating employees on all potential cyber threats and how to spot them.
• Some other tips mentioned in the article include staying off sketchy websites, being extra cautious with email attachments, creating incident response plans, updating passwords, and auditing third-party services. Check out the full article to learn about other cyber threats like zero-day exploits, ransomware attacks, IoT attacks, and AI deepfakes.

How do passwords become compromised?

• Staying aligned with this week's theme of cybersecurity best practices, we have an article by Proton explaining what it means to have a compromised password, how to avoid having one, and what to do when it inevitably happens to you.
• While most people may assume that "compromised" means the password has already been revealed, it can also mean the password is weak enough to be guessed through different tactics like brute force or dictionary attacks.
• The three most common ways passwords get compromised are data breaches, phishing attacks, and poor password habits. To reduce your risk of exposure, it's best practice to change your passwords every three months.

Dell API abused to steal 49 million customer records in data breach

• This week's Tuesday Times wouldn't be complete without at least one mention of a data breach. This time one of the most well-known computer companies, Dell, was the target of an API-based breach.
• The threat actor signed up a fake company as a Dell Partner and once accepted, used the partner portal APIs to scrape the sensitive data.
• To add insult to injury, the threat actor emailed Dell and CC'd Bleeping Computer — a cybersecurity news site — to notify them of the bug that allowed them to gain access to 49 million customer records.
• As API-based data breaches continue to rise, the key takeaway here is to limit the number of requests clients can make via your APIs to reduce the likelihood of this happening to your business.