January 24, 2024 at 03:12PM Jason’s Deli alerted its Deli Dollars rewards program members about potential exposure of personal data due to a credential-stuffing attack. It impacted over 344,000 customers. Names, addresses, phone numbers, birth dates, and partial credit card numbers were compromised. The restaurant is urging customers to update their login credentials and emphasizes … Read more
January 23, 2024 at 02:59PM The SEC’s X account was compromised in a SIM-swapping attack, leading to a Bitcoin ETF message and federal inquiries. The SEC admitted disabling multi-factor authentication in July 2023. SIM swapping is difficult to defend against, involving social engineering and exploiting vulnerabilities in telecom APIs. Investigations into the incident are ongoing … Read more
January 23, 2024 at 06:54AM Hackers used SIM swapping to take over the US Securities and Exchange Commission’s Twitter account, announcing the approval of a bitcoin exchange-traded fund. After the post caused a spike in bitcoin price, the agency clarified that the account had been compromised. The hackers gained unauthorized access through a telecom carrier … Read more
January 3, 2024 at 03:05PM LastPass is strengthening customer password requirements, mandating a minimum 12-character master password for enhanced security, prompted by advancements in password cracking and user behavior. The rollout will start with email notifications to customers, along with additional measures such as multi-factor re-enrollment. The changes aim to mitigate security incidents and breaches. … Read more
December 17, 2023 at 04:44PM Summary: Receiving an unprompted one-time passcode (OTP) in an email or text suggests stolen credentials, highlighting the theft of legitimate corporate network access. Cyberattacks exploit these credentials for data theft, espionage, ransomware, and financial fraud. Multi-factor authentication (MFA) enhances security, reducing successful breaches but caution is advised with SMS and … Read more
December 15, 2023 at 02:06PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned against the use of default passwords in technology products due to the potential security risks. They recommended alternatives such as unique setup passwords, time-limited passwords, and mandating physical access for initial setup. CISA stressed that relying on customers to change passwords … Read more
December 15, 2023 at 11:49AM In January 2023, the Cybersecurity and Infrastructure Security Agency (CISA) conducted a Risk and Vulnerability Assessment (RVA) for a Healthcare and Public Health (HPH) organization. The RVA included web application, phishing, penetration, database, and wireless assessments. While no significant external vulnerabilities were identified, the internal testing revealed multiple misconfigurations and … Read more
December 12, 2023 at 06:54PM Axiad announced the findings of its 2023 State of Authentication Survey, revealing that phishing is the most feared cyberattack, with 88% of respondents feeling prepared to defend against password-based attacks despite 52% falling victim. Despite this, 93% still use passwords, with 45% planning to adopt passwordless technology. Axiad urges action … Read more
November 30, 2023 at 05:56PM Okta updated the impact of its September hack from less than 1% to all customers, revealing the potential for heightened phishing risks due to leaked user data. Despite this, Okta reported a 20% revenue increase and remains optimistic about its identity platforms. However, some are observing a market shift away … Read more
November 29, 2023 at 04:35PM Okta’s October support system breach impacted all customer accounts, far more than the initial 134 reported. Although mostly names and emails were accessed, the risk of phishing is heightened. Okta urges customers to use multi-factor authentication. The scale of the breach was realized after additional analysis and the discovery of … Read more