November 27, 2024 at 02:48PM Zello warns users to reset passwords for accounts created before November 2, 2024, due to a potential security breach. Customers have received notices but no additional information. The incident follows a previous data breach in 2020, raising concerns about password security and unauthorized access to user accounts. ### Meeting Takeaways: … Read more
October 16, 2024 at 12:59PM Hackers employ various techniques to compromise passwords and access systems. This post outlines seven common password attacks including brute-force, phishing, and credential stuffing, alongside prevention strategies such as multi-factor authentication, user education, and robust password policies. Implementing these measures can significantly enhance organizational security against attacks. **Meeting Takeaways on Password … Read more
October 15, 2024 at 08:10AM Organizations increasingly rely on digital technologies, making identity the key security perimeter. Despite adopting security measures like MFA and single sign-on, many accounts remain vulnerable to attacks. Research indicates significant gaps in MFA usage and password security, with high risks of credential stuffing and phishing due to weak practices. ### … Read more
September 13, 2024 at 03:01PM DNA testing company 23andMe has agreed to a $30 million settlement in response to a lawsuit involving a data breach affecting 6.4 million customers. The settlement includes cash payments and enhanced security measures. The breaches were due to unauthorized access and credential-stuffing attacks, leading to leaked data and subsequent class-action … Read more
July 8, 2024 at 04:17PM Nearly 10 billion plaintext passwords, dubbed RockYou2024, have been leaked on a hacking forum. While the list may aid in brute-force attacks, it is unlikely for websites to allow such attempts. However, cybercriminals could find success in combining this data with other breaches to execute credential-stuffing attacks. Users are advised … Read more
June 19, 2024 at 09:33AM Amtrak notifies customers of a hacking incident involving username and password combinations obtained from other data breaches. Threat actors accessed accounts, changing email addresses and accessing personal and financial information. Amtrak urges affected individuals to reset passwords, review account statements, and consider placing fraud alerts on credit files. The company … Read more
June 12, 2024 at 07:39AM ShinyHunters, a notorious hacker gang, executed a colossal data breach on Ticketmaster, exposing 560 million users’ data. Live Nation confirmed the breach and initiated an investigation. The same group also targeted Santander, linked through the common use of Snowflake. Snowflake’s CISO provided recommendations for preventing unauthorized access. Implementing MFA is … Read more
June 4, 2024 at 04:05PM A new ransomware group, “Fog,” has been conducting traditional attacks by locking up data in virtual environments for quick payouts. They utilize stolen VPN credentials, exploit vulnerabilities in VPN gateways, and employ tactics like credential stuffing and disabling Windows Defender. Fog targets US organizations, especially in the education sector, due … Read more
June 3, 2024 at 03:50PM Have I Been Pwned service added a trove of 361 million stolen credentials obtained from cybersecurity researchers who collected them from Telegram cybercrime channels. The stolen data includes username and password combinations, along with raw cookies, and was shared for free on Telegram. The credentials have affected numerous websites, and … Read more
May 30, 2024 at 11:53AM Okta, an identity management service provider, is warning of credential-stuffing attacks against its Customer Identity Cloud’s cross-origin authentication feature. The company has provided guidance for mitigating the attacks and preventing them, including monitoring event logs for specific indicators and enabling breached password detection. Further defense measures include passwordless authentication, strong … Read more