Cyber criminals are flocking to the GENESIS marketplace, a one-stop shop for login credentials, cookies, device fingerprints, website vulnerabilities and other sensitive data on Hackers’ wish list. The invite-only market has become an important tool for hackers to carry out their attacks. The site offers personal data stolen from breaches to world-wide companies and organizations. Genesis is easy to use, hosted on the regular internet and has a modern interface unlike the dark web markets that require special software and payment in obscure cryptocurrencies.

Online scam targets gift cards and loyalty cards Over 100,000 inboxes are the target of an under the radar approach to extracting small amounts of funds from giftcards, credits, and other valuables that show up in people’s inboxes. This cybercrime group could be seeking 5 to 10 million authentications attempts using IMAP to net 50K to 100K of working inbox credentials.

At a productive White House meeting on August 25th, Microsoft, Google, Amazon, Apple, IBM and others committed to significant efforts in the cybersecurity area. Google plans to invest more than 10 billion to strengthen cybersecurity and train 100,000 Americans in technical security fields. Apple is making security improvements through their supply chain. Microsoft committed $20 billion dedicated to more advanced security tools and $150 billion assisting government agencies to upgrade their systems.

Cyber experts warn that Chinese tech giant Tuya’s IOT products may be a high security risk. Tuya makes products that have been incorporated into many of today's, smart devices including smart TVs, smart home security camera, home thermostats and appliances—even smart pet feeders. Many of the products that make them smart are provided by Tuya currently installed in over 116 million smart devices. Over 5000 brands have incorporated Tuya’s tech into their devices. Tuya falls under a new Chinese law that requires company to turn over any and all collected when the government request it.

White Hacker returns millions in cryptocurrency hacked from Poly Network last week. The company has decided to offer the hacker a $500K bug bounty. The white hat hacker had stated that he/she had initiated the hack for fun—and was motivated to demonstrate a vulnerability in the company’s software. Some companies are offering bug bounties to help identify problems with the systems.

The UK National Security Centre recommends using three random words as passwords because they are easy to remember and are often stronger that the combinations of letters and numbers that people are led to create. Their research found that hacking software targeted predictable strategies meant to make passwords more complex. Example of substituting the letter O with a zero or the number one with an exclamation mark. For best results, use three random words—not related or predictable words.

Microsoft alerts that the BazaCall attack starts with malicious emails that tricks the users into calling the fake call center. Claiming that a demo service is ending and the user will be charged for a premium service.

The National Cryptologic Foundation Cyber Center for Education and Innovation has just released a great booklet, Outsmart Cyberthreats, on cyber security for Middle and High School students. The scenarios show students how to protect themselves and their devices from threats.

Facebooks takes down over 200 Iranian Hacker Accounts used to target US Military Personnel This week Facebook disabled a sophisticated online cyber espionage campaign by Iranian threat actor AKA Tortoiseshell which was targeting about 200 military personnel and companies in the defense and aerospace using fake online personas. The hackers used fictitious personas to contact its targets, building trust over months, posing as recruiters and employees of defense related companies.