Cyber Security Headlines: Microsoft security job cuts, Neopet data leak, Russia malware trickery

Microsoft cuts security jobs amidst weakening economy

Microsoft announced it plans to eliminate open jobs, affecting its Azure cloud business and security software unit, as the economy continues to weaken. The company said it’s honoring job offers that have already been made for open roles. The move follows similar hiring slowdowns announced by Google and Apple. Next Tuesday, Microsoft will announce the Azure unit’s percentage growth rate, a closely watched indicator in Microsoft’s quarterly earnings.


Is your cute little Neopet leaking your personal data?

Virtual pet website, Neopets, has suffered a data breach leading to the theft of 460 MB of source code and a database containing personal information of over 69 million members. On Tuesday, a hacker known as ‘TarTarX’ began selling the stolen source code and data for four bitcoins, worth approximately $94,000. According to the hacker, the data includes member usernames, names, email addresses, zip code, date of birth, gender, country and other site and game-related info. The Neopets team confirmed the breach on Discord and are working to resolve it.

(Bleeping Computer)

Russia disguises malware as Ukrainian app for hacking Russia

Russian hackers tried to trick Ukrainian and international volunteers into using a malicious Android app disguised as a tool for launching Distributed Denial of Service (DDoS) attacks against Russian websites. The app was created by the hacking group known as Turla, which cybersecurity experts have linked to the Kremlin. Turla posed as pro-Ukranian hactivists and named their malware CyberAzov, in reference to a far-right group that has become part of Ukraine’s national guard. Google said the fake app wasn’t hosted on the Play Store, and that the number of installs so far is miniscule.


Another rough day for cryptocurrency

And it was another bad day for crypto, after Tesla announced it sold 75% of its Bitcoin, worth approximately $936 million, according to its Q2 earnings report. Tesla indicated it recorded a $27 million impairment loss as a result of the sell-off. Bitcoin and Etherium plummeted 2.5% and 3% respectively, just one hour after the report was released. Meanwhile, Singapore’s Monetary Authority announced it plans to bolster cryptocurrency regulations in order to protect consumers and to contain money laundering and terrorist funding. And finally, MINECRAFT producer,  Mojang Studios, indicated it will no longer support NFTs and blockchain, noting the crypto tech, “create models of scarcity and exclusion that conflict with our Guidelines and the spirit of Minecraft.”

(Decrypt and The Register and MINECRAFT)

Thanks to today’s episode sponsor, 6clicks

The 6clicks GRC solution comes with a fully integrated content library full of hundreds of standards, assessment templates, libraries, playbooks, and more. With the content library included in every 6clicks license, organizations can get started on their GRC implementation faster than ever before. For more information visit

Malvertising campaign leverages Google ads on Youtube

On Tuesday, cybersecurity firm Malwarebytes disclosed a major malware campaign abusing Google Search YouTube ads. A very realistic advertisement redirects visitors to fake Windows Defender security alerts. There is nothing suspicious looking about the malicious ad as it contains the correct URL. When users call the number listed on the alert they connect to a fake support agent who instructs the victim to install Team Viewer, so they can take control of the machine and “fix” the issue. There is some good news, for those using VPNs the scam sites will redirect them to a legitimate YouTube site. The malvertising campaign is still running on Google Search at this time.

(Bleeping Computer)

92% of enterprises experienced an email security incident last year

According the 2022 Email Security Trends Report, ninety-two percent of security leaders reported suffering an email-related security incident, such as Phishing attacks and business email compromise (BEC), within the last year. The report found that while 93% of organizations have adopted cloud email, 79% believe that their cloud software’s native security provides insufficient protection from email threats. 25% of respondents indicated they suffered 11 or more email security incidents in the last year. Security leaders ranked their top three email security concerns as malicious attachments, email-delivered ransomware, and credential phishing. 

(Security Magazine)

Google Calendar provides new way to block invitation phishing

Google announced Wednesday that it started rolling out a new method to block Google Calendar invitation spam for all customers including legacy G Suite Basic and Business users. Spam calendar events are commonly used to redirect targets to phishing landing pages via malicious URLs. Google’s new feature allows users to select an option to only display events on their calendar if they come from a sender they’ve interacted with previously. With the option enabled, users will still receive email invites from unknown senders, but have to accept them before they will appear on their calendar.

(Bleeping Computer)

New apprenticeship initiative aims to develop cybersecurity workforce

In partnership with the White House and the U.S. Department of Commerce, the Department of Labor (DOL) announced a 120-day Cybersecurity Apprenticeship Sprint to help train and develop the cybersecurity workforce. The Sprint aims to address the cybersecurity field’s current job openings and longer-term job quality and retention issues. Additionally, the program will advance diversity, equity, inclusion, and accessibility (DEIA) across the Cybersecurity occupation.

(Security Magazine)

Sean Kelly is a cyber risk professional and leader who thrives on learning, collaborating and helping the business securely advance its mission. Sean is also a musician and outdoor enthusiast who loves spending time with his family and two cats.