Attacks

Individuals who have been compromised by this breach should change login information immediately. FanDuel allows for multi-factor authentication (MFA), which should be enabled on any active account. Phishing attacks are likely to occur after this type of information is stolen. FanDuel users that have been notified of a data breach should remain vigilant for future phishing attacks. Many account compromises are caused by using the same credentials across numerous sites. If one site is breached,…

Read More

With investigations still pending, Qulliq customers should remain vigilant. Regularly checking bank and credit card statements that may have been used on the company’s site is advised. Changing the password to QEC accounts, as well as anywhere else that login combination was used, is suggested as well. It is good news that QEC had an incident response plan in place, as many companies still do not. The investigation results will provide more information to the…

Read More

Android apps are constantly being used by threat actors because of the availability of third-party app stores and the lack of strict app guidelines for apps published within those stores. Android users should only download apps through the official Google Play Store and only from trusted developers. https://www.bleepingcomputer.com/news/security/new-hook-android-malware-lets-hackers-remotely-control-your-phone/

Read More

Even though the data stolen in the breach did not include sensitive information, the stolen data could still be used to carry out attacks if used in conjunction with other publicly available data. The company has stated that the malicious activity has been contained at this point for this attack. Whenever a customer is notified by a company of a data breach, they should ensure they are taking the proper steps to protect themselves including…

Read More

BOLDMOVE demonstrates the value of two key things – patching and a defense in depth strategy. As this malware spreads primarily through FortiOS devices, which contain minimal logging capabilities, it can go undetected for large periods of time. Patching, however, would mitigate the threat as the systems would not be vulnerable in the first place. With up to date patching, this malware cannot spread unchecked throughout the environment, making it the best defense against this…

Read More

It has almost been a year since the invasion of Ukraine, and security researchers have discovered a series of new malware deployed against Ukrainian targets. These attacks have caused more global cooperation in support of Ukraine as well as a better understanding of Russian cyber capabilities and tactics. Russians have been targeting telecommunications, new agencies, and social media platforms to disrupt the flow of information within Ukraine. Although several attacks have been successful, CERT-UA has…

Read More

After the first breach was suffered, Mailchimp stated they’d be reassessing their security posture and making changes. Now that a second breach has occurred, it’s unclear if they did not take these steps, or their new defenses simply failed. Taking preventative security measures can go a long way and save valuable time, money, and reputation. Cyber attacks are not slowing down anytime soon, so it’s advised that companies that have not taken the next steps…

Read More