Attacks

In response to the attack, Chick-fil-A forced customers to reset passwords, froze funds loaded into accounts, and removed any stored payment information from accounts. Chick-fil-A also states that they restored Chick-fil-A One account balances and added rewards to impacted accounts as a way of apologizing. As the accounts were breached using credentials exposed in other data breaches, impacted users must change their passwords at all sites they frequent, especially if they use the same Chick-fil-A…

Read More

Hatch Bank has offered to provide free access to credit monitoring services for 12 months to any affected individuals. This attack is just one example of an incident involving a third-party service. Whenever an organization is looking to do business with a third-party company, they should go through their own security audit of the company before signing a contract. This can include paying for a penetration test or requesting recent penetration test results, as well…

Read More

The Message Queuing Telemetry Transport (MQTT) protocol is a protocol that is known as the standard for IoT messaging and occurs over port 1883. As IoT devices become more and more prevalent in an environment, this typically opens a greater number of potential vulnerabilities to be exploited as IoT devices are often more insecure. From an organizational standpoint, the best way to protect against this campaign would be to limit IoT devices in the environment…

Read More

Users of Animaker are advised to be vigilant of any suspicious activity related to their accounts. It is also recommended that users enable two-factor authentication and use unique passwords for their various online accounts to mitigate the risk of further data breaches. Companies who use storage buckets should be aware that security controls typically need to be created after the creation of the bucket. Video Marketing Software Animker Leaking Trove of User Data

Read More

PyPI and other language-based repositories are increasingly being used by threat actors to distribute malware. Due to this, it is important to make sure that package installations are being done in a secure manner, to prevent an incidental infection within an organization. It is recommended that all imported libraries into an application are verified by developers, to make sure that there are no accidental typos in library names. Threat actors rely on accidental typos when…

Read More

Although it remains unknown as to why they did not ban Signal and Zoom, Russia has long attempted to control social media within its borders. Russia has been attempting to ban telegram since 2018; Telegram’s CEO claimed the Russian government planned to ban Telegram unless they handed over sensitive data and access to encrypted messages. The problem has become a larger issue for Russia since they invaded Ukraine in February of last year. The invasion…

Read More