Data breaches are not a new occurrence. But if you feel as though they have become much larger in scale over the past couple of years, those feelings are not misguided. According to research conducted by AtlasVPN, around 5.9 billion records were affected by a data breach in 2021, a new record high.

In this Thursday Threat Update, we take a look at a data breach disclosed by General Motors and a security patch recently released by Zoom.

General Motors discloses data breach

What we know: General Motors announced it was the victim of a data breach. The automotive manufacturer discovered malicious login activity between April 11 and April 29. Cybercriminals may have had access to the personal information of GM online and mobile application accounts. This includes users’ names, home and email addresses, phone numbers, and usernames. General Motors said in its data breach notification letter that cybercriminals successfully logged in through credentials gathered from other data breaches not tied to the company.

Recommendation: GM is requiring all users to reset their passwords. When doing so, create a password that is long, complex, and completely unique from all other passwords. Since the incident occurred because of compromised credentials from other data breaches, now is a good time to reset the passwords for all services. Be on the lookout for phishing scams as well. While they are commonly conducted via email, cybercriminals can also perform these scams through text messages and phone calls. These practices are known as “smishing” and “vishing,” respectively.

Zoom releases security patch for ‘zero click’ vulnerability

What we know: Zoom has released a security patch to address a vulnerability affecting Windows, macOS, iOS and Android users. A Google Project Zero security researcher discovered the vulnerability, which can give cybercriminals the ability to compromise a victim’s account through Zoom’s chat functionality without any user interaction. Should a cybercriminal exploit this flaw, they could force the targeted device to connect to malicious servers. This is known as as a man-in-the-middle attack, and could allow them to send spoofed or controlled malicious messages. 

Recommendations: Anyone who uses Zoom on a Windows, macOS, iOS or Android device should download the update as soon as possible. Doing so will ensure that version 5.10.0 is running. You should always update Zoom, or any other software and application, when you are prompted to patch any newly-discovered vulnerabilities. 

Knowledge is essential in preparation for a cyberattack 

Preparation can go a long way into demystifying threats. It can also give you the knowledge you need to protect yourself, company and family. BlackCloak has previously published an article breaking down man-in-the-middle attacks  and how poor password practices can be costly.