News Items

A Harvard University subdomain vulnerability exposed the website to Remote Code Execution (RCE) attacks, potentially enabling threat actors to steal and modify stored data. The Cybernews research team discovered the WebLogic Server vulnerability with a severity score of 9.8 out of 10, affecting the Harvard University courses website. WebLogic Server is a Java-based application server developed by the American multinational computer technology company Oracle. The vulnerability, tracked as CVE-2020-2551, enables an adversary to execute code remotely on a vulnerable server without authentication. Researchers note that exploiting this vulnerability allows an attacker to gain complete control over the vulnerable server and access or modify sensitive data or disrupt business operations. This article continues to discuss the potential exploitation and impact of the Harvard University subdomain vulnerability.

Cybernews reports "Harvard University Web Flaw Exposed It to Remote Attacks"

A voice-based phishing (vishing) malware is targeting Android phones and stealing sensitive financial information from victims, as part of a trend generating millions of dollars in profits using vishing attack techniques. These attacks, unlike the common and simple vishing scams, take over handsets, implant prerecorded voice messages, and reroute calls to scammer call centers. Researchers' analysis of the vishing campaign details how the malware operates and links it to a collection of malicious Android apps. When victims are tricked into installing the malware, malicious actors can launch a series of vishing attacks. The malware currently targets victims in South Korea, but researchers believe it could be easily adapted to operate in any country and sold as a service on the dark web. ThreatFabric researchers noted in a recent report that they discovered the malicious Letscall app during their routine threat-hunting activities. According to the researchers, the malware is particularly effective for stealing personal information and conducting financial scams. Once infected, threat actors can take over the device's calling function, thus enabling them to make spoofed calls claiming to be from a financial institution or to redirect calls to their own call center when the victim attempts to call their bank. This article continues to discuss findings regarding the vishing campaign targeting Android phones.

SC Magazine reports "Clever Letscall Vishing Malware Targets Android Phones"

HCA Healthcare recently announced that the personal information of roughly 11 million patients was stolen in a data breach. The incident was discovered on July 5 after a threat actor posted on an underground forum information allegedly stolen from HCA Healthcare. The threat actor posted a list containing names, addresses, birth dates, gender information, phone numbers, email addresses, service dates, and appointment dates, according to HCA Healthcare. The company is currently investigating the incident and cannot confirm the number of individuals whose information was impacted. HCA Healthcare believes that the list contains approximately 27 million rows of data that may include information for approximately 11 million HCA Healthcare patients. The company noted that the information was extracted from "an external storage location exclusively used to automate the formatting of email messages." According to the healthcare services provider, clinical information, payment information, or other sensitive information (such as passwords, Social Security numbers, and driver's license numbers) was not stolen in the attack. HCA Healthcare has informed law enforcement of the incident and plans to contact the impacted individuals but believes the incident will not have a material impact. One of the largest healthcare services providers in the US, HCA Healthcare operates 180 hospitals and more than 2,300 ambulatory sites of care across 20 states and the United Kingdom.

SecurityWeek reports: "Personal Information of 11 Million Patients Stolen in Data Breach at HCA Healthcare"

Researchers at Resecurity have identified the emergence of mobile Android-based tools called "mobile anti-detects." Criminals involved in online banking theft use these tools to impersonate compromised account holders and circumvent anti-fraud controls. The tools are priced between $700 and $1,000 and are designed for Android-based devices. They contain software that enables device firmware updates and customizable features, including fingerprint impersonation, GPS spoofing, and network anonymization. In addition, they include a version of HuskyDG's Magisk Delta, a popular tool for rooting and customizing Android devices by installing modules containing the "magiskhide" module. This article continues to discuss the emergence of adversarial mobile Android-based anti-detect tooling for mobile OS-based fraud.

Security Affairs reports "Cybercriminals Evolve Anti-detect Tooling for Mobile OS-Based Fraud"

Security operations teams observe firsthand how quickly attackers reinvent their attack strategies, automate attacks on multiple endpoints, and do whatever it takes to evade cyber defenses. Attackers have shown themselves to be persistent. For example, they consider holidays opportunities to breach a company's cybersecurity defenses. Consequently, SecOps teams are on call 24 hours a day, seven days a week, including weekends and holidays, combating burnout, alert fatigue, and a lack of life balance. One of the most difficult aspects of leading a SecOps team is gaining scale from legacy systems that generate different types of alerts, alarms, and real-time data streams. The most troublesome and exploited gaps created by this lack of integration is not knowing whether a given identity has permission to use a particular endpoint and, if so, for how long. Systems unifying endpoints and identities help define the future of zero trust, and the Artificial Intelligence (AI)-driven chatbot ChatGPT demonstrates promise for addressing identity-endpoint gaps and other vulnerable threat surfaces. This article continues to discuss the potential use of ChatGPT to close the SecOps gap.

VentureBeat reports "10 Ways SecOps Can Strengthen Cybersecurity With ChatGPT"

The European Commission has adopted its adequacy decision for the EU-US Data Privacy Framework. The decision is that under the new framework, the US will provide adequate protection comparable to that of the European Union for personal data transferred from the EU to US companies. Based on the new adequacy decision, personal data can transfer securely from the EU to US framework participants without the need for additional data protection safeguards. The EU-US Data Privacy Framework introduces new binding safeguards to address all the concerns raised by the European Court of Justice, such as limiting US intelligence services' access to EU data to what is necessary and proportionate, and establishing a Data Protection Review Court (DPRC) to which EU individuals will have access. This article continues to discuss the European Commission adopting its adequacy decision for the EU-US Data Privacy Framework.

Help Net Security reports "European Commission Adopts Adequacy Decision for Safe EU-US Data Flows"

Using mathematical principles to understand the behavior of code, a team of Virginia Tech researchers discovered that the source code in popular reverse engineering tools such as Ghidra may not be as secure as its creators intended. Through their mathematical proofs, software programmers can ensure their code does not experience unintended behaviors that hackers find appealing. Security professionals typically assess a program by testing its machine code. This machine code, which consists of a series of zeros and ones, is what a computer executes. However, the code can be difficult for humans to understand, particularly in the absence of the original source code used to develop the machine code. Using reverse engineering tools, these long and difficult-to-decipher numerical lines of information can be translated into source code much closer to spoken language, thus enabling security professionals to see what is actually happening in the binary code. Unfortunately, these tools may overlook important machine code behaviors, especially those that were not intended by the original programmers who wrote the source code, allowing hackers to find vulnerabilities. This article continues to discuss the team's discovery of vulnerabilities in the code of popular reverse engineering tools.

Virginia Tech reports "Virginia Tech Researchers Find Vulnerabilities in Code of Popular Reverse Engineering Tools"

Carnegie Mellon University's (CMU) picoCTF has introduced students of all ages to the field of cybersecurity through its annual Capture-the-Flag competition and year-round educational platform for more than a decade. Recent outreach efforts by picoCTF included bringing together high school teachers from across the US for the first-ever National Security Agency (NSA) GenCyber Teachers' Program. During the five-day in-person camp, attendees were introduced to new tools, resources, and best practices in cybersecurity education. Teachers left the experience with lesson plans that are ready to be implemented in the upcoming school year. David Brumley, professor in CMU's Electrical and Computer Engineering Department and co-founder of picoCTF, emphasized that training teachers is the only way to expand cybersecurity education. This article continues to discuss picoCTF and how it helps to close the cybersecurity talent gap.

CyLab reports "picoCTF Empowers Teachers to Bring Cybersecurity Education Into Their Classrooms"

Organized criminal groups exploited a vulnerability in Revolut's payment systems and stole more than $20 million, according to the Financial Times, which cited sources knowledgeable about the situation. Over 30 million customers worldwide are served by Revolut, a privately held financial technology firm. It is licensed and managed by the Bank of Lithuania and has its headquarters in London. In September 2022, the business experienced a data breach that affected 50,150 customers globally. The attackers stole the names, addresses, email addresses, phone numbers, a portion of the payment card data, and account information of these customers. A few days later, some Revolut users complained online that they began receiving SMS phishing messages designed to take financial and personal information. According to unidentified sources cited by the Financial Times, the newly disclosed cash grab occurred in early 2022. This article continues to discuss the exploitation of a vulnerability in Revolut's payment systems by criminal groups.

Help Net Security reports "Flaw in Revolut Payment Systems Exploited to Steal $20 Million"

The threat actors responsible for the RomCom Remote Access Trojan (RAT) are suspected of launching phishing attacks against the NATO summit in Vilnius and a known organization supporting Ukraine abroad. The BlackBerry Threat Research and Intelligence team discovered two malicious documents submitted on July 4, 2023, from a Hungarian IP address. RomCom, also known as Tropical Scorpius, UNC2596, and Void Rabisu, was recently observed launching cyberattacks against Ukrainian politicians working closely with Western nations and a US healthcare organization aiding refugees fleeing the war-torn nation. The group has used spear-phishing emails to direct victims to cloned websites harboring trojanized versions of popular software as part of geopolitically motivated attack chains. Militaries, food supply chains, and Information Technology (IT) companies have been targeted. This article continues to discuss the threat actors behind the RomCom RAT targeting NATO and Ukraine support groups.

THN reports "RomCom RAT Targeting NATO and Ukraine Support Groups"

Gaming gear company Razer has recently reacted to rumors of a massive data breach with a short statement on Twitter, letting users know that they started investigating the matter. Razer is a popular American-Singaporean tech firm focusing on gaming hardware, selling high-quality peripherals, powerful laptops, and apparel. Information about a potential data breach at the company emerged on Saturday when someone posted on a hacker forum that they had stolen the source code, database, encryption keys, and backend access logins for Razer[.]com, the company's main website. The user offered to sell that data for $100,000 worth of Monero (XMR) cryptocurrency and urged interested individuals to contact him directly to close the deal. The publisher of the post has not set any limitations or exclusivity, meaning anyone willing to pay the requested amount would get the entire data set. The hacker posted screenshots as proof of the breach. The screenshots show file lists and trees, email addresses, source code allegedly for anti-cheat and reward systems, API details, Razer Gold balances, and more. Cybersecurity analysts at FalconFeedsio spotted the announcement on the hacker forum and shared it with the public.

BleepingComputer reports: "Razer Investigates Data Breach Claims, Resets User Sessions"

According to new research by Object First, 40% of consumers harbor skepticism regarding organizations' data protection capabilities, and 75% would shift to alternate companies following a ransomware attack. The company noted that consumers are requesting increased data protection from vendors, with 55% favoring companies with comprehensive data protection measures such as reliable backup and recovery, password protection, and identity and access management strategies. During the survey, the company found that 81% of consumers report feeling "very scared or worried" about their data being held by organizations lacking robust resilience against ransomware. After an attack, 1 in 3 consumers demand evidence of resilient backup and recovery strategies, and 30% lose all confidence in the company's data protection plan. 75% of consumers are ready to shift to a competitor should a company suffer a ransomware attack. Moreover, a second ransomware attack causes 61% of consumers to reassess their negative perception of data protection and recovery practices. The company noted that ransomware attacks impact generations differently. While 37% of Gen Z prefers an apology from companies experiencing a ransomware attack, ranking 12% higher than monetary compensation, Baby Boomers are less forgiving. 74% of them agree their trust in the vendor is irreparably damaged after suffering more than one ransomware attack, compared to only 34% of Gen Z.

Help Net Security reports: "75% of Consumers Prepared to Ditch Brands Hit by Ransomware"

Confidential information, including unreleased TV shows, scripts, and materials, belonging to the popular children's television channel Nickelodeon have recently been reportedly compromised in a significant data leak. According to social media reports, an individual allegedly dumped approximately 500GB of animation files. The authenticity of the leaked content is yet to be confirmed by Nickelodeon. A spokesperson at Nickelodeon stated that the material in question appears to be related to production files and possibly dates back several decades. They further clarified that there is no indication of long-form content, employee data, or user data involved in the leak. The leak came to public attention when a Twitter user, operating under the handle GhostyTongue, began disclosing sensitive information related to the alleged breach on June 29. According to vx-underground, the compromise originated from an authentication issue within Nickelodeon's "consumer products and experience" portal, potentially allowing unauthorized individuals to access sensitive data from the animation department. Nickelodeon is currently investigating the incident.

Infosecurity reports: "Twitter User Exposes Nickelodeon Data Leak"

Several malicious npm packages on the open-source repository have been used in supply chain attacks and phishing campaigns, according to researchers at ReversingLabs. The researchers noted that the packages pose a dual threat, affecting application end users while also supporting email-based phishing attacks, mainly targeting Microsoft 365 users. The researchers discovered more than a dozen malicious npm packages posted between May 11 and June 13. These packages imitated legitimate modules, such as jquery, which has millions of weekly downloads. The researchers stated that although the malicious packages were downloaded roughly 1000 times, they were swiftly removed from npm after detection. ReversingLabs has named this campaign "Operation Brainleeches" due to the malicious infrastructure used to facilitate the theft of victim data. In the first part of the campaign, the researchers identified six packages used exclusively in phishing attacks. These packages were linked to phishing campaigns that harvested user data through deceptive Microsoft[.]com login forms delivered via malicious email attachments. The second tranche comprised seven packages targeting email phishing campaigns and software supply chain attacks. The researchers noted that these packages aimed to implant credential harvesting scripts into applications that unwittingly incorporated the malicious npm packages. During the analysis, the researchers revealed that the malicious npm packages played a role in active phishing attacks, likely conducted by low-skilled actors. While the full extent of the supply chain attack is unclear, using obfuscated code and invocating popular package names like jquery raise concerns about potential compromises.

Infosecurity reports: "New Campaigns Use Malicious npm Packages to Support Phishing Kits"

Security researchers at security firm Pradeo have discovered two file management applications hosted on Google Play, with more than 1.5 million combined downloads, that are sending user data to servers in China. Published to Google Play by the same developer, the two applications, "File Recovery and Data Recovery" and "File Manager," were seen launching without user interaction and silently exfiltrating a trove of sensitive user information. According to the researchers, the two spyware apps would send out users' contact lists, media content, real-time location, network provider, country code, network code, operating system information, and device brand and model. Specifically, the researchers noted that each application performs more than a hundred transmissions of the collected data, an amount that is so large it is rarely observed. The collected information is sent to multiple servers in China, which have been identified as malicious. The researchers stated that in Google Play, both applications claim to collect no user data but also state that if any data is collected, users could not request the data to be deleted. The two applications have no reviews, suggesting their download counts might have been artificially inflated. The researchers believe that the hacker used an install farm or mobile device emulators to fake those numbers, hence making its applications better ranked in stores' category lists and increasing their apparent legitimacy. A look at the history of these applications shows that both were published in Google Play roughly a month ago and that both received updates at the end of June. Within a week of receiving the updates, their download counts went up by roughly 500,000 each. The researchers noted that the applications were also found to request advanced permissions that allow them to restart devices and then launch automatically, without user interaction, and to hide their icons, to make it difficult for users to remove them. Both applications appear to have been removed from Google Play.

SecurityWeek reports: "Two Apps Hosted on Google Play Caught Sending User Data to Chinese Servers"

Cisco recently discovered a critical security flaw in the Cisco Application Centric Infrastructure (ACI) Multi-Site CloudSec encryption feature, potentially allowing hackers to read or alter inter-site encrypted traffic. The vulnerability (CVE-2023-20185) affects Cisco Nexus 9000 Series Fabric Switches running releases 14.0 and later, specifically when they are part of a multi-site topology and have the CloudSec encryption feature enabled. Cisco noted that it attributed the vulnerability to an implementation issue with the ciphers used by the CloudSec encryption feature on the affected switches. Cisco stated that while CloudSec encryption is designed to protect data transmitted between sites, by exploiting the vulnerability, an unauthenticated attacker with a position between ACI sites could intercept and compromise the encrypted traffic. Currently, Cisco has not released any software updates to address this vulnerability, and no workarounds are available. Cisco stated that customers who are currently using the Cisco ACI Multi-Site CloudSec encryption feature for the Cisco Nexus 9332C and Nexus 9364C Switches and the Cisco Nexus N9K-X9736C-FX Line Card are advised to disable it and to contact their support organization to evaluate alternative options.

Infosecurity reports: "Cisco Enterprise Switch Flaw Exposes Encrypted Traffic"

A data breach at independent bottling company Pepsi Bottling Ventures recently impacted more than 28,000 individuals. Discovered on January 10, the data breach occurred between December 23, 2022, and January 19, 2023, and resulted in the personal, financial, and health information of the company's employees being accessed by an unauthorized party. On February 10, Pepsi Bottling Ventures started informing the impacted individuals that the attackers gained access to certain systems containing their personal information but did not reveal how many individuals were affected. Pepsi Bottling Ventures recently informed the Maine Attorney General's Office that the attackers had access to the personal information of more than 28,000 individuals. According to the company, the compromised data includes names, addresses, email addresses, financial account information, ID numbers, driver's license numbers, Social Security numbers, digital signatures, medical history details, and health insurance information. The company says the stolen information belongs to current and former employees and contractors.

SecurityWeek reports: "28,000 Impacted by Data Breach at Pepsi Bottling Ventures"

Security researchers at VulnCheck have found that hundreds of energy organizations could be exposed to attacks due to an actively exploited vulnerability affecting a solar power monitoring product made by Contec. Contec specializes in custom embedded computing, industrial automation, and IoT communication technology. The company's SolarView solar power monitoring and visualization product is used at more than 30,000 power stations, according to its website. The vulnerability is tracked as CVE-2022-29303 and is described as a code injection issue affecting SolarView version 6.0. The vulnerability can be exploited remotely by unauthenticated attackers. The researchers noted that the security hole was only patched with the release of version 8.0, and versions dating back to at least 4.0 are impacted. A Shodan search shows more than 600 internet-exposed SolarView systems, including over 400 running vulnerable versions.

SecurityWeek reports: "Exploited Solar Power Product Vulnerability Could Expose Energy Organizations to Attacks"

Microsoft has recently hit back at claims from Anonymous Sudan that it managed to breach the company and obtain account access for tens of millions of customers. Anonymous Sudan, which has been linked in the past to pro-Kremlin groups like Killnet, posted the details of its alleged raid on Telegram. In one of the posts, it said: "We announce that we have successfully hacked Microsoft and have access to a large database containing more than 30 million Microsoft accounts, emails, and passwords. We will begin selling this database, so if you're interested, contact us at our bot to negotiate." Anonymous Sudan said it would be selling the haul for $50,000. It attached what it claimed to be a "small sample" of compromised details as proof of its word. Microsoft, in a brief statement, stated that at this time, their analysis of the data shows that this is not a legitimate claim and an aggregation of data. Microsoft noted that they have seen no evidence that their customer data has been accessed or compromised. Anonymous Sudan has caused trouble for Microsoft in the past. The tech giant admitted in mid-June that the group, which it tracks as "Storm-1359," had been responsible for Layer 7 DDoS attacks against it earlier that month. In February, Anonymous Sudan claimed responsibility for a number of DDoS attacks against Swedish companies, which it said were retaliation for an incident of Quran burning near Turkey's embassy in Stockholm. However, experts at the time assessed the cyberattacks may have been a Russian false-flag campaign designed to continue whipping up hatred towards Sweden in Muslim countries like Turkey, which has a veto over the country's accession to NATO.

Infosecurity reports: "Microsoft Denies Major 30 Million Customer-Breach"

Mozilla recently announced the release of Firefox 115 to the stable channel with patches for a dozen vulnerabilities, including two high-severity use-after-free bugs. The first high-severity issue is tracked as CVE-2023-37201 and is described as a use-after-free flaw in WebRTC certificate generation. WebRTC is an open source project and enables real-time communication in web browsers and mobile applications via application programming interfaces (APIs). Mozilla noted that an attacker could have triggered a use-after-free condition when creating a WebRTC connection over HTTPS. The second high-severity vulnerability, CVE-2023-37202, is described as a potential use-after-free issue from compartment mismatch in the open source JavaScript and WebAssembly engine SpiderMonkey. Mozilla stated that cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. Mozilla noted that the latest Firefox update also addresses high-severity memory safety bugs that might have led to the execution of arbitrary code. The flaws are collectively tracked as CVE-2023-37211 and CVE-2023-37212. Firefox 115 also includes patches for eight medium-severity vulnerabilities leading to malicious sites placing trackers without permissions, arbitrary code execution, spoofing attacks, URL spoofing, download of files containing malicious code, use-after-free conditions, and tricking users into submitting sensitive data to malicious sites. Recently, Mozilla also announced that Firefox ESR 102.13 and Thunderbird 102.13 were released with patches for five vulnerabilities, including the high-severity use-after-free and memory safety bugs that were addressed in Firefox 115.

SecurityWeek reports: "Firefox 115 Patches High-Severity Use-After-Free Vulnerabilities"

In the Commonwealth Cyber Initiative (CCI) 2023 CyberArts Program, researchers from across Virginia will explore cybersecurity issues through an artistic lens. These issues include Artificial Intelligence (AI), privacy, fraud, misinformation, and more. In June, CCI funded six projects conducted by five Virginia universities and colleges, including Blue Ridge Community College, James Madison University, Old Dominion University, Virginia Commonwealth University, and Virginia Tech, in the second installment of its CyberArts Program. According to Luiz DaSilva, the CCI executive director, the CCI CyberArts Program makes cybersecurity more approachable by incorporating performances, interactive artworks, and visual arts. For one of the funded 2023 CyberArts projects, "Cyber Insecurity: Exploring Vulnerabilities of Artificial Intelligence Through Visual Art," researchers will create an exhibit comprised of interactive installations, photography, sculpture, and digital art to raise awareness of the cybersecurity vulnerabilities of Al systems and spark conversation about AI's ethical implications. This article continues to discuss the CCI CyberArts Program.

Virginia Tech reports "Commonwealth Cyber Initiative Funds New Round of CyberArts Projects"

New research indicates that remote employees take more security-related measures than their in-office counterparts. As organizations worry about the potential dangers of remote work, new research from the Farmer School of Business at Miami University suggests that the actual risks lie within the office, and it will inform future discussions. Researchers from the Farmer School of Business found that remote employees demonstrate a higher level of cybersecurity awareness and take more security-related precautions than their in-office counterparts. According to the author Joseph K. Nwankpa, when they surveyed remote workers, they expected the results to disclose cybersecurity complacency. However, the survey revealed remote cyber vigilance. This unexpected result can be attributed to the so-called "Peltzman Effect" and the complacency framework, which the study uses to explore how remote work may cause a moral hazard with respect to employee cybersecurity awareness and security-based precautions. Office workers often become complacent, trusting their employers to handle cyber threats on their behalf, whereas remote employees tend to experience a greater sense of responsibility for their own cybersecurity. This article continues to discuss key findings from the study on the roles of cyber awareness and cybersecurity policies among remote workers.

Fast Company reports "In-Office Work Is the Real Threat to Cybersecurity"

According to Imperva, poor data controls and the introduction of new generative Artificial Intelligence (AI) tools based on Large Language Models (LLMs) will cause an increase in insider data breaches in the coming year. As the effectiveness of chatbots driven by LLMs has grown, many organizations have implemented bans or limitations on the data that can be shared with them. However, because most organizations (82 percent) lack an insider risk management strategy, they remain unaware of instances of employees using generative AI to help them with tasks such as writing code or filling out requests for proposals (RFPs). Terry Ray, SVP, Data Security GTM and Field CTO at Imperva, argues that prohibiting employees from using generative AI is futile. Ray added that, as with other technologies, people will always find a way to bypass such restrictions, so prohibitions create an infinite game of whack-a-mole for security teams, without actually securing the enterprise. Malicious intent is not required to cause a data breach, Ray emphasized. Instead of relying on employees not to use unauthorized tools, Imperva suggests that businesses should focus on securing their data and ensuring they can answer important questions such as who is accessing it, what is being accessed, how, and from where. This article continues to discuss the expectation that AI will lead to a significant rise in insider data breaches and the steps organizations should take to protect themselves.

Continuity Central reports "A New Wave of Insider Threats Will Be Driven by 'Shadow AI'"

According to security researchers at ThreatX, IT teams are struggling to monitor and enforce BYOD (Bring Your Own Device) policies during summer months when more employees are often traveling or working remotely. The researchers surveyed 2,000 employees' across the US and UK to assess whether employees' behaviors during the summer are inadvertently increasing API and application risk. The researchers found that 55% of employees admit to relying solely on their mobile devices while working from vacation and holiday destinations in the summer. Further, 25% claim that they aren't concerned about ensuring network connections are secure when accessing company data, and only 12% use a VPN when traveling and working remotely. The researchers noted that the results show that employees increasingly rely on personal devices to access corporate data during the summer, which could open the door to cyber criminals seeking to penetrate corporate networks. The researchers stated that with 38% of respondents neglecting to notify their employers when working from new locations while traveling, it becomes harder for IT teams to monitor BYOD policies and application usage. The researchers stated that the summer months lead to increased cybersecurity risks as employees' behaviors shift and as cyber hygiene becomes laxer.

Help Net Security reports: "Employees Worry Less About Cybersecurity Best Practices in The Summer"