Dateline: Russia's hybrid war against Ukraine.
Ukraine at D+600: Nusiance-level hacktivism and cyberespionage. (CyberWire) Ukraine's slow progress in the south continues as Russia stalls in Avdiivka (and rebrands an offensive as an active defense). Hacktivist auxiliaries hit Belgian targets, and cyberespionage and sabotage campaigns are discovered in Ukraine.
Russia-Ukraine war at a glance: what we know on day 601 of the invasion (the Guardian) Russia testing defences around Kupiansk-Lyman as its Avdiivka offensive wanes, says Ukraine; Moscow admits reliance on China for drones
Russia-Ukraine war: List of key events, day 601 (Al Jazeera) As the war enters its 601st day, these are the main developments.
600 days into the war, Russia's assault on a key eastern Ukraine city appears to be weakening (AP News) Ukrainian officials say a dayslong attempt by Russian forces to storm a strategically important city in eastern Ukraine appears to be running out of steam.
Ukraine says it strikes Russia's military equipment near Luhansk (Reuters) Ukraine's forces made successful overnight strikes on Russian airfields and equipment near the cities of Luhansk and Berdiansk in territory controlled by Russian forces, Ukraine's military said on Tuesday.
Russia Goes on the Offensive in Ukraine—and Suffers Heavy Losses (Wall Street Journal) Moscow’s assault on Avdiivka shows how hard it is for either side to move the front line.
Russia's assault on a key eastern Ukraine city reported to be weakening. The war marks 600 days (Toronto Sun) An attempt by Russian forces to storm a strategically important city in Ukraine appears to be running out of steam, Kyiv officials said.
Regional Governor Tells Citizens Russia Was Unprepared For A War 'We Don't Need' (RadioFreeEurope/RadioLiberty) A Russian governor has said the country was not prepared for the war with Ukraine and that the invasion was not in Russia's interests, contradicting Kremlin propaganda.
Russia releases four Ukrainian children after mediation by Qatar (Washington Post) Russia has agreed to free four Ukrainian children — ranging in age from 2 to 17 — and allow them to return them to their families in Ukraine after Qatar intervened as a mediator, according to a government official briefed on the matter.
Putin begins visit in China underscoring ties amid Ukraine war and Israeli-Palestinian conflict (AP News) Russian President Vladimir Putin has arrived in Beijing on a visit that underscores China’s support for Moscow during its war in Ukraine as well as Russian backing for China’s bid to expand its economic and diplomatic influence abroad through its decade-old “Belt and Road” initiative.
All 31 Abrams Tanks in Ukraine, US Military Confirms to VOA (VOA) Military officials say it could take time before the Abrams are sent to the battlefield, as Ukrainian troops make sure they have needed support elements in place.
CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks (The Hacker News) Ukraine's CERT-UA discovered threat actors targeting 11 telecom providers between May and September 2023. The attacks caused service interruptions.
Особливості деструктивних кібератак у відношенні українських провайдерів (CERT-UA#7627) (CERT-UA) Урядова команда реагування на комп’ютерні надзвичайні події України, яка функціонує в складі Державної служби спеціального зв’язку та захисту інформації України.
CVE-2023-38831 Exploited by Pro-Russia Hacking Groups in RU-UA Conflict Zone for Credential Harvesting Operations (Cluster25) Cluster25 analyzed an attack by APT28/FancyBear exploiting the WinRAR vulnerability CVE-2023-38831
Pro-Russian Hackers Exploiting Recent WinRAR Vulnerability in New Campaign (The Hacker News) WinRAR users, be alert! Pro-Russian hackers exploited a recent vulnerability in the software. Ensure your version is updated!
Cyberattack targets Belgian public service websites for second time in a week (Brussels Times) Several Belgian public service websites affected by a suspected DDOS cyberattack on Sunday were made accessible again at dawn on Monday.
Ukraine cops bust illegal Russian money ring (Cybernews) Ukrainian police have intercepted and broken up a criminal gang that was illegally bringing Russian money into the country online and converting it into cryptocurrency.
The Hidden Perils of Cyber Espionage: PEAPOD and Void Rabisu (CryptoMode) PEAPOD is adept at executing many malicious commands. Those range from file manipulation to self-annihilation from the compromised host.
Attacks, Threats, and Vulnerabilities
Threat Actors Exploit Atlassian Confluence CVE-2023-22515 for Initial Access to Networks | CISA (Cybersecurity and Infrastructure Security Agency CISA) The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Multi-State Information Sharing and Analysis Center (MS-ISAC) are releasing this joint Cybersecurity Advisory (CSA) in response to the active exploitation of CVE-2023-22515.
Hacker Groups Contributing Cyber Attacks to Israel-Hamas Conflict (CPO Magazine) The Israel-Hamas conflict already has a digital front, but thus far the bulk of the cyber attacks are coming from Russia-aligned groups that are shifting focus to allies of Israel likely to play host to protests.
Malicious “RedAlert - Rocket Alerts” Application Targets Israeli Phone Calls, SMS, and User Information (The Cloudflare Blog) On October 13, 2023, Cloudflare’s Cloudforce One Threat Operations Team became aware of a malicious Google Android application impersonating the real-time rocket alert app, Red Alert, which provides real-time rocket alerts for Israeli citizens
Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict (Infosecurity Magazine) Hacktivists claim DDoS attacks against Israeli websites as cybersecurity experts urge caution in believing these cyber-criminals’ claims
The Israeli-Hamas Conflict Shows Cyber Warfare Is Now the New Normal (Website Planet) During the start of the Russian invasion of Ukraine the hacktivist group Anonymous declared a cyber war against Russia. At the time, I conducted
No, Rafael’s ‘Iron Beam’ laser didn’t blow up missiles over Israel (C4ISRNet) Manipulated footage pulled from the Arma 3 video game has previously been attributed to front lines in Afghanistan, Syria and Ukraine.
Aljazeera Fake News Investigation: Burned babies and an AI-generated dog. (Adversa AI | Trusted AI Security) Long story short. Yesterday morning, we received a link to the article with the analysis of an AI-detection tool that marked an official photo of burned by hamas israeli babies as a fake image.
Scammers take advantage of Israel-Gaza conflict with fake crypto charity scams (Cyberdaily) Opportunistic scammers are already taking advantage of human suffering during the ongoing crisis in the Gaza strip.
Spam trends of the week: Spammers piggyback on the Israel-Gaza war to plunder donations (Hot for Security) Scammers are always looking for new opportunities to line their digital pockets.
Disclosing the BLOODALCHEMY backdoor (Elastic Security Labs) BLOODALCHEMY is a new, actively developed, backdoor that leverages a benign binary as an injection vehicle, and is a part of the REF5961 intrusion set.
BLOODALCHEMY provides backdoor to ASEAN secrets (Register) Sophisticated malware devs believed to be behind latest addition to toolset of China-aligned attackers
NATION-STATE PROPAGANDA COAT-TAILING FUKUSHIMA TREATED WATER RELEASE (CYFIRMA) EXECUTIVE SUMMARY Anonymous and other hacktivist groups are engaging in online protests using tags such as #OpFukushima, #OpJapan, or #OpTEPCO...
Active exploitation of Cisco IOS XE Software Web Management User Interface vulnerability (Cisco Talos Blog) Cisco has identified active exploitation of a previously unknown vulnerability in the Web User Interface (Web UI) feature of Cisco IOS XE software (CVE-2023-20198) when exposed to the internet or untrusted networks.
Actively exploited Cisco 0-day with maximum 10 severity gives full network control (Ars Technica) An unknown threat actor is exploiting the vulnerability to create admin accounts.
Cisco warns of actively exploited zero-day in IOS XE software (Computing) Cisco has disclosed a critical zero-day vulnerability in its IOS XE software that is being actively exploited in the wild.
Widespread Cisco IOS XE Implants in the Wild (VulnCheck) VulnCheck scanned the internet for implanted Cisco IOS XE systems and found thousands of results.
A rumored vulnerability in Signal appears to have been a false alarm. Here’s what to know. (Washington Post) Rumors of a previously undisclosed vulnerability in the encrypted messaging app Signal briefly set the cybersecurity world abuzz this week, only for Signal itself to reply, saying it was a “false alarm.”
Signal Pours Cold Water on Zero-Day Exploit Rumors (SecurityWeek) Privacy-focused messaging firm Signal is pouring cold water on widespread rumors of a zero-day exploit in its popular encrypted chat app.
Kansas Courts relying on paper after 'security incident' (Register) Fax, post, and human messengers can still be used for filing vital evidence
Kansas courts closed, electronic systems down after alleged ransomware attack (Record) Courts in the city of Topeka are closed to the public on Monday, while the Kansas Supreme Court is exclusively using paper records to operate.
Data breach at Shadow potentially more severe than initially thought (SC Media) TechCrunch reports that French cloud gaming service Shadow may have downplayed the data breach it confirmed to have stemmed from an "advanced social engineering attack," which CEO Eric Sele said resulted in the compromise of customers' full names, birthdates, billing and email addresses, and credit card expiry dates.
Are You Sure Your Browser is Up to Date? The Current Landscape of Fake Browser Updates (Proofpoint) Proofpoint is tracking multiple different threat clusters that use similar themes related to fake browser updates.
Cybercriminals register .AI domains of trusted brands for malicious activity (CSO Online) Third parties are registering brands under the .AI domain to launch phishing attacks or other types of brand abuse.
Top Adversary Tactics and Techniques (Netskope) This edition of the Netskope Cloud and Threat Report focuses on the tactics and techniques that were most commonly used against Netskope customers in 2023.
Resilience Midyear 2023 Claims Report: Cybercriminals Uplevel Tactics to Deal with Lower Extortion Payment Rate (GlobeNewswire News Room) Big game hunting, attacks on vendors, and data exfiltration rising as threat actors pursue bigger targets...
Ransomware Comes Back in Vogue for Cybercriminals (Wall Street Journal) Insurers say ransom-related claims rose sharply in the first half of 2023.
Deepfake Porn Is Out of Control (WIRED) New research shows the number of deepfake videos is skyrocketing—and the world's biggest search engines are funneling clicks to dozens of sites dedicated to the nonconsensual fakes.
Infobip identifies five frauds impacting the messaging ecosystem (Infobip) New report outlines the five common security challenges impacting mobile users and the steps enterprises and MNOs can take to combat them
1 Million Users Exposed in Educational Robot Company Data Breach (SafetyDetectives) A hacker allegedly stole and exposed the data of users from Sphero’s database, affecting an estimated 1 million educators and students.
SafetyDetectives’ cybers
Vulnerability Summary for the Week of October 9, 2023 | CISA (Cybersecurity and Infrastructure Security Agency CISA) The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. NVD is sponsored by CISA. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores. Please visit NVD for updated vulnerability entries, which include CVSS scores once they are available.
Security Patches, Mitigations, and Software Updates
Cisco Releases Security Advisory for IOS XE Software Web UI (CISA) Cisco released a security advisory to address a vulnerability (CVE-2023-20198) affecting IOS XE Software Web UI. A cyber threat actor can exploit this vulnerability to take control of an affected device.
Trends
Scammers net $658M from social media users in 2023 (Atlas VPN) According to data presented by the Atlas VPN team, social media scams earned fraudsters $658M just in H1 2023, more than any other contact method.
Businesses are Ready to Ditch Passwords, Says New Report from FIDO Alliance and LastPass (Business Wire) 89% of IT leaders expect passwords will represent less than a quart
FIDO Alliance study reveals growing demand for password alternatives as AI-fuelled phishing attacks rise (PR Newswire) Increased desire for biometrics and awareness of passkeys increases imperative on service providers to enable stronger, more user-friendly sign-ins Summary of...
FIDO Alliance study reveals growing demand for password alternatives as AI-fuelled phishing attacks rise (PR Newswire) Increased desire for biometrics and awareness of passkeys increases imperative on service providers to enable stronger, more user-friendly sign-ins Summary of...
2023 Online Authentication Barometer (FIDO Allliance) What’s the latest in consumer habits, trends and adoption of authentication technologies across the globe?
Manufacturing Facilities And Cyber Attacks (Business Facilities Magazine) Recent breaches of MGM and Caesars are proof that no company or industry is safe from sophisticated, aggressive and frequent cyber attacks.
CybeReady Calls Attention to AI Cyber Threats During Cybersecurity Awareness Month (WATE 6 On Your Side) CybeReady, a global leader in security awareness training, today highlighted the growing threat of AI cyberattacks as Cybersecurity Awareness Month returns this month. To educate organizations about these threats, the company has developed new AI Cyber Threat CISO Toolkits and other materials to help organizations educate their employees about ...
31% of businesses fail to recover backup data when hit by ransomware (At-Bay) Of the 92% of At-Bay policyholders who invest in data backup solutions, less than two thirds successfully restore their data when they experience a ransomware attack, and more than one in four businesses see their backups fail.
Expel Quarterly Threat Report - Q1 2023 (Expel) Our report surfaces the most significant data we’re seeing in our threat detection and response efforts and offers resilience recommendations to protect your organization.
New Veritas Research Reveals Nearly Half of Organizations Underestimate Their Level of Risk (Veritas) Top risks include data security, economic uncertainty and emerging technologies such as AI
Ransomware Report September 2023 (Black Kite) Share the report data Download data kit
AU10TIX Global Identity Fraud Report Pinpoints Economic Recovery and Inflation as Drivers of 44% Surge in North American Organized ID Fraud (AU10TIX) Debut Report Spotlights Hidden Geographical and Industry Trends Drawn from Millions of Transactions Across 249 Countries
Q3 2023 Phishing and Malware Report (Vade) Vade’s Q3 2023 Phishing and Malware Report reveals the latest cyberthreat stats and trends.
Marketplace
VC Firm Greycroft Cuts Five Investors After Missing Fundraising Target (The Information) Greycroft, a New York venture capital firm that has backed Bumble, Venmo and Axios, is laying off five investors, the firm confirmed, after it failed to reach fundraising targets earlier this year. It’s also backing away from healthcare and fintech investing. The firm disclosed in April that it ...
Fortress Information Security Selected to Partner with CISA's Joint Cyber Defense Collaborative (PR Newswire) Today, Fortress Information Security (Fortress) is announcing it is now part of the Joint Cyber Defense Collaborative (JCDC), America's...
BlackDice Expands Its Game-Changing Cybersecurity Solutions to North America (GlobeNewswire News Room) BlackDice Holdings Corp. ("BlackDice," or the “Company”), a pioneering force in AI-powered cybersecurity for the Telecom industry is expanding its footprint to North America as it accelerates its growth trajectory.
Lantronix Announces the Passing of Chairman of the Board Paul Folino (GlobeNewswire News Room) Lantronix Inc. (NASDAQ: LTRX), a global provider of secure turnkey solutions for the Industrial...
Coalfire Welcomes Ashley Hart as Chief Marketing Officer (PR Newswire) Coalfire, an industry-leading cybersecurity services and solutions company, today announced the appointment of Ashley Hart as chief marketing...
Products, Services, and Solutions
Prevalent Introduces Alfred™, the World’s First AI-Powered Virtual Third-Party Risk Advisor (Prevalent) Third-party risk management leader delivers AI-enabled risk guidance with unmatched speed, security and scale
ManageEngine Rounds off Its Endpoint Protection Platform with the Addition of Next Generation Antivirus Capability (Business Wire) Capability Added to Endpoint Central, its UEM Solution, to Tackle the Dynamic Threat Landscape
BlackBerry Announces Generative AI Powered Cybersecurity Assistant (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced its new Generative AI powered assistant for Security Operations Center (SOC) teams. The...
BlackBerry Announces Innovations in Secure Communications for Governments (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today announced new advanced features for BlackBerry SecuSUITE® for Government, the company's secure...
TEI Study Finds BlackBerry Cybersecurity Service Delivered 293% ROI (PR Newswire) BlackBerry Limited (NYSE: BB; TSX: BB) today released the results of a Forrester Consulting Total Economic Impact™ (TEI) study that calculated...
Edgio Introduces Enterprise Protect and Perform Bundles to Secure and Accelerate Applications with Predictable Cost (Business Wire) New consistent pricing combines Edgio’s latest web performance capabilities with a full-spectrum web security suite and Security Operations Center support eliminating unpredictable usage-based costs
Announcing Linkerd Enterprise, the First Enterprise-Focused Distribution of the Popular Linkerd Service Mesh Project (PR Newswire) Linkerd Enterprise brings cloud spend reduction, Zero Trust security, FIPS-140-2 compliance, and modern network security in a unique...
Automox Upholds Customer Data Security with Extended SOC 3 Report Alongside Annual SOC 2 Type II Compliance (GlobeNewswire News Room) The Automox platform delivers confidence in IT as it securely automates over a million endpoints across thousands of customers....
Stamus Networks Launches Free Threat Intelligence Feeds for Newly-Registered Domains (Stamus Networks) Stamus Networks announces the availability of free threat intelligence feeds for newly-registered domains (NRD).
Data Theorem Mobile Protect Solution Earns Highest Standard of Online Safety and Privacy with COPPA Certification from kidSAFE (Data Theorem) COPPA Certification Assures Mobile Protect Customers Developing Children’s Mobile Apps Build Safe Apps that Protect Children’s Private Data and are Certified Compliant
Verint Launches New Specialized Bot to Help Protect Sensitive Customer Data and Reduce Compliance Risk (Verint) MELVILLE, N.Y. , October 17, 2023 — Verint® (NASDAQ: VRNT), The Customer Engagement Company®, today announced the launch of the Verint Personal Identifiable Information (PII) Redaction Bot giving organizations a way to automate compliance, reduce risk, and protect their customers’ sensitive personal data such as credit card and social security numbers, dates of birth, etc. “With […]
Save Energy, Accelerate Cyber Resiliency with PowerMax Innovation (Dell) PowerMax delivers enhanced data reduction, a real-time power consumption dashboard and industry-leading AI-driven cybersecurity.
Cequence Becomes the First API Security Vendor on the HPE GreenLake Marketplace (Cequence Security) Cequence Unified API Protection on HPE GreenLake significantly improves visibility and protection while reducing costs and minimizing fraud, business disruption, data losses and non-compliance SUNNYVALE, Calif. — October 17, 2023 – Cequence Security, the leading provider of Unified API Protection (UAP), today announced the Cequence Unified API Protection (UAP) solution is now available on the […]
Pathlock Cloud Unveils Latest Application Access Governance Release: Empowering Businesses to Slash Compliance Costs (PR Newswire) Pathlock, the leading provider of application governance, risk and compliance (GRC), today announced a new release of its Application Access...
Perimeter 81 Joins Pax8 Marketplace to Offer MSPs Network Security Solution (GlobeNewswire News Room) Provides Partners with Advanced Security for Remote Work Environments...
Vercara launches UltraDNS TLD to Provide High Availability, Redundancy to TLDs (Business Wire) New UltraDNS TLD service helps customers meet availability and compliance needs
GitGuardian Blog - Automated Secrets Detection (GitGuardian Blog - Automated Secrets Detection) A blog for developers, Application Security and other cybersecurity professionals to learn about secrets in source code, API security, IaC and DevSecOps.
NetWitness launches 12.3 update, delivering visibility across the entire enterprise (Business Wire) Latest update connects companies to SASE architecture, cloud workloads, and on-premises data center usage
BackBox Introduces Network Vulnerability Manager (BackBox Software) BackBox announces its Network Vulnerability Manager (NVM), the first platform to offer deep integration of network automation with vulnerability management.
Technologies, Techniques, and Standards
CISA, U.S. and International Partners Announce Updated Secure by Design Principles Joint Guide (Cybersecurity and Infrastructure Security Agency) Joint product with additional partners includes expanded principles and guidance for technology providers to increase the safety of their products used around the world.
How Backups Can Reduce Ransomware Claim Costs by 41% | At-Bay (At-Bay) Our research found that backups can help reduce the severity of claims — both in terms of the cost of a claim and any downtime the business suffers. They can reduce total ransomware claim costs, mitigate recovery time, and potentially impact cyber insurance premiums.
Defensive Measures Against Ransomware (GCA | Global Cyber Alliance | Working to Eradicate Cyber Risk) Cyber hygiene measures covered in the GCA Cybersecurity Toolkit for Small Business address “up to 86% of the [ransomware] techniques that enable initial network access or that compromise the confidentiality, integrity, or availability of data," according to Tidal Cyber and the Global Cyber Alliance.
Research and Development
New cyber algorithm shuts down malicious robotic attack (University of South Australia) Australian researchers have designed an algorithm that can intercept a man-in-the-middle cyberattack on an unmanned military robot and shut it down in seconds.
Academics Devise Cyber Intrusion Detection System for Unmanned Robots (SecurityWeek) Australian AI researchers teach an unmanned military robot’s operating system to identify MitM cyberattacks.
Academia
Boise State University partners with Sophos (GlobeNewswire News Room) Partnership Provides Access to Sophos’ Industry-Leading Endpoint Security, Creating New Opportunities for Students and Organizations Across the State...
Legislation, Policy, and Regulation
US, Israeli Cyber Agencies ‘In Very Close Contact’ After Hamas Attacks (The Defense Post) The US Cybersecurity and Infrastructure Security Agency has teamed with the Israeli National Cyber Directorate in response to Hamas attacks.
US Treasury inks cybersecurity agreement with United Arab Emirates (Record) The memorandum of understanding signed by the United States Treasury Department and the United Arab Emirates' Cyber Security Council includes increased information sharing about digital threats to the financial sector.
Internet Censorship 2021: A Global Map of Internet Restrictions (Comparitech) Nearly 60 percent of the world’s population (4.66 billion people) uses the internet. It’s our source of instant information, entertainment, news, and social interactions. But where in the world can citizens enjoy equal and open internet access – if anywhere? In this exploratory study, our researchers have conducted a country-by-country comparison to see which countries […]
US Plans to Push Other Countries Not to Pay Hacker Ransoms (Bloomberg) Despite government efforts, ransom attacks have continued. Payments to hackers are driving more attacks, US official says.
What are federal agencies doing to fill out the cyber workforce? (Nextgov.com) New numbers released Monday show that employers posted over 572,000 cybersecurity jobs in a 12-month period starting in September 2022.
California’s Delete Act – Key Takeaways for Data Brokers (cyber/data/privacy insights) On Tuesday, October 10, 2023, California Gov. Gavin Newsom signed into law Senate Bill 362, also known as the Delete Act, which amends certain aspects of California’s existing Data Broker Registration law. By January 1, 2026, the Delete Act will enable California consumers – as defined under the Cal
New Commander of the National Cyber Force appointed (GOV.UK) Air Vice-Marshal Tim Neal-Hopes OBE has been appointed as the second Commander of the National Cyber Force (NCF).
Litigation, Investigation, and Law Enforcement
Tether freezes $873K USDT linked to terrorist activity in Ukraine, Israel (OODA Loop) Stablecoin issuer Tether has moved to freeze 32 addresses linked to terrorist activity in Israel and Ukraine in collaboration with local law enforcement agencies. $873,118 worth of Tether linked to illicit activity in Israel and
Tether freezes 32 crypto addresses linked to terrorism in Israel and Ukraine (CryptoSaurus) Tether, the world's largest stablecoin, has reaffirmed its commitment to combating cryptocurrency-funded terrorism and warfare by collaborating with law
From High Life Hackers to National Menace: The Rise and Fall of Digital Bandits 'ACG' (404 Media) Hackers 'ACG' popped champagne and bought sports cars. Then the group and its associates ushered in a bold new era of crime where anything is possible.
A surveillance tower in Mexico becomes an unsettling landmark for privacy advocates (Record) When completed, the Torre Centinela in Ciudad Juárez, Mexico, will be a 20-story surveillance colossus serving state governments on both sides of the border. Activists and privacy advocates are warning that the project's potential powers are only growing.
Bankman-Fried may not testify in FTX trial if he is denied ADHD drugs, his lawyers warn (The Telegraph) Crypto founder is yet to give evidence and is said to be struggling to concentrate during hearings
FTX’s Political Donations Came From Stolen Customer Funds, Testifies Company Insider Nishad Singh (Wall Street Journal) The former FTX engineering director said he committed crimes alongside Sam Bankman-Fried.
Massive 23andMe data breach prompts legal action (SC Media) Numerous class action lawsuits have been filed against major U.S. biotechnology and genetic testing firm 23andMe following a massive data breach stemming from credential stuffing attacks that compromised information from almost 1 million Ashkenazi Jews, BleepingComputer reports.