Bitwarden’s Iframe Flaw Explained
The purpose of password managers is to safeguard our login credentials and online accounts. However, a popular password manager recently made headlines for its major security flaw. Bitwarden is under scrutiny because its autofill feature gives hackers easy access to sensitive information. The company has known about the vulnerability for years but left the issue unaddressed.
If your company uses Bitwarden, here's everything you need to know about the issue. That way, you can take the necessary steps to secure your login credentials and other private data.
Everything to Know About Essendant’s Multi-Day Outage
Essendant, a Staples-owned wholesale distributor of office supplies and stationery, paused its operations recently because of a multi-day, network-wide outage. The system disruption has prevented customers from placing orders online or contacting the company’s customer care unit.
While Essendant has yet to disclose the reason behind the outage, many think someone had hacked into the company’s system. Customers are expressing their frustration over the company's lack of transparency.
Microsoft Patch Tuesday
Microsoft released on March 14, 2023, a security update that fixes at least 74 bugs in Windows and other software. Hackers are already attacking two flaws, including a very serious one in Microsoft Outlook.
AT&T Data Breach – 9 Million Affected
In a recent statement, telecommunications giant AT&T confirmed that a hack on a vendor it was working with exposed around 9 million accounts. AT&T said that the sensitive information was mainly about device upgrade eligibility.
The hacking happened in January 2023 using a weakness in the vendor's system. The hackers accessed customer data, such as their names, addresses, phone numbers, and account numbers.
SCAM OF THE WEEK: New Alert! Cybercriminal at Your Door
Ring is a popular brand of security cameras designed for home safety. Unfortunately, Ring customers were the latest victims of a phishing attack. Cybercriminals sent phishing emails spoofed as Ring to try and steal customers’ sensitive information.
Cybercriminals start this attack by sending you a phishing email with an HTML file attached. The email looks like it’s from Ring, and it instructs you to open the file to update your Ring membership. If you click this file, you’ll be redirected to a malicious website that spoofs Ring’s login page. This website prompts you to enter sensitive information, such as your credit card number and social security number. If you enter your information, you’ll be redirected to Ring’s legitimate website, making the email look more real.
Hiatus Malware Targets Business Routers
There is a new malware campaign targeting business-grade routers. It is called Hiatus, a complex operation that deploys the HiatusRAT malware. It is a kind of Remote Access Trojan (RAT) that cybercriminals use to gain remote control over a target system.
Hiatus is the first of its kind. Lumen's security experts say it has been around since July 2022 and is still active. It gives business owners another reason to tighten cybersecurity. To help you protect your organization, here's everything you need to know about the malicious campaign.
Cerebral Data Breach – 3.18 Million Affected
Cerebral, an online platform that offers mental health care services, recently suffered a data breach that may have affected up to 3.18 million users. According to its report, the breach was due to the company’s use of third-party pixel trackers.
Cerebral did not say the exact number of users affected. However, the company said it had taken steps to ease the breach’s impact.
Reduce the Risk of Business Email Compromise Attacks
Email threats have been around since the early 90s. But phishing techniques are much more sophisticated now than they were back then. One of the most successful and lucrative tactics is business email compromise (BEC). BEC scams have stolen over $43 billion from businesses worldwide between July 2019 and December 2021. Threat actors are making more money from it than ransomware.
It's not enough to have a simple email security solution in place. Business owners should do more to protect their companies from these malicious attacks. To help you, here's everything you should know about BEC scams and what you can do to safeguard your organization.
Maintain Customer Trust By Scaling Up IT Systems
Every business owner knows that forming a strong relationship with customers is essential to succeed. And two important elements of this relationship are positive customer experience and customer trust. Having these will help you bring in new customers and repeat or loyal customers.
With businesses relying more on computer systems for various functions, data breaches have become one of the leading threats to customer trust and confidence. As such, you have to make sure that your IT system is protected from security attacks. These incidents will endanger your operations and cause your customers to lose trust in you.
Hatch Bank Falls Victim to Data Breach
Hatch Bank confirmed a data breach that compromised its customers' personal data. The financial technology firm said hackers found a vulnerability in its internal file-transfer software. This allowed the hackers to access and steal around 140,000 customer names and social security numbers from Jan. 30-31, 2023.
Hatch is using Fortra's GoAnywhere file-transfer platform. Many other large businesses also use GoAnywhere to share sensitive files.
Chick-fil-A Confirms Credential Stuffing Attack
Credential stuffing is one of the many forms of cyberattacks on the rise. It's a low-risk, low-cost automated method. It uses bots to access username-password combinations from past data breaches. It then uses that information to exfiltrate data from a new target system. It relies on people's habit of reusing the same login credential across various sites.
Chick-fil-A is one of the most recent victims of a credential stuffing attack. That proves that even large companies aren't exempt from these malicious attempts. Here's everything you need to know about the incident so you can stay informed.
US Government: Royal Ransomware Targets Critical Infrastructure
The United States government is alerting organizations about the Royal ransomware operation. The Federal Bureau of Investigation (FBI) and the Cybersecurity & Infrastructure Security Agency (CISA) said in a joint advisory that the Royal ransomware gang poses an increasing threat to critical infrastructure of numerous sectors in the U.S.
The Royal ransomware group has been targeting different sectors across the country and abroad. Among its victims are health care, education, communications, and manufacturing organizations.
How to Protect Your Organization From Callback Phishing
Callback phishing scams are one of the worst cyberattacks you can encounter. It is devastating to experience on a personal level. But it is even more disastrous if it happens to your organization. To help you, here is a guide covering how callback phishing works and the steps you should take to address it.
SCAM OF THE WEEK: Hiding Behind Namecheap
The web hosting company Namecheap was the latest victim of a combined hacking and phishing attack. In this attack, cybercriminals hacked into SendGrid, Namecheap’s email service. Then, they used SendGrid to impersonate businesses by hacking into their email services.
To start the scam, cybercriminals sent emails with links that led to fake websites. These websites looked real and were even hosted by Namecheap’s web hosting service. If you were to visit these websites, you'd be asked for your personal information, payment details, and login credentials. Unfortunately, cybercriminals could then use this information for their own malicious purposes.
Password Mask Attacks
Having a password for online accounts is not enough protection. Hackers and cybercriminals have found a way to crack passwords and hijack emails, bank accounts, social media pages, and other digital real estate. Through password mass attacks, cyber threat actors no longer have to spend a long time trying to guess your online credentials.
Microsoft Exchange Online Outage Blocks Access to Mailboxes Worldwide
Microsoft Corp. announced via Twitter on March 1 that a worldwide outage affected Exchange Online – its cloud-based email service.
According to the software giant in a series of tweets, Exchange Online users can't access their mailboxes. Users can't send or receive emails and got error messages.
The good news is that Microsoft resolved these technical issues in a few hours.
News Corp Cyberattack
News Corporation (News Corp) has disclosed more information about the 2022 cyberattack against the major publishing conglomerate. News Corp revealed that the cybercriminals had access to its systems two years ago, starting in Feb. 2020.
News Corp recently sent notification letters to affected employees. These laid out the most recent information on the data breach. The breach affected workers at the company’s publications, The New York Post and The Wall Street Journal, and its UK news operations.
Dish Network Cyberattack
Dish Network confirmed that the network outage it is currently experiencing is due to a
cybersecurity breach. This outage also affected its internal communications systems.
The breach occurred on Feb. 23 and disconnected Dish’s websites and apps. The network’s call centers also went offline. Subscribers cannot access their accounts, stream shows, or avail of Dish’s services.
Ransomware Attack on Dole
Ransomware is a threat businesses cannot afford to ignore. Such a cyberattack often blocks user access to systems until the perpetrator receives ransom. A recent cautionary tale is a ransomware attack on Dole Food Company.
Dole reported on Feb. 22 a cybersecurity incident involving ransomware. Although it is unclear when or how the attack occurred, Dole said it had a limited impact on its operations. However, there are reports saying the disruption may be more serious than the company let on.
Microsoft Exchange Server Antivirus Exclusions
The Microsoft Exchange Server is an e-mail server developed exclusively for Windows OS users. It also offers collaboration functions like scheduling and calendaring.
One of the Exchange Server's biggest draws is its high availability features. These features ensure that outages and server failures won’t disrupt server operations.
But while the Exchange Server sounds like a dream for users, it also has limitations. Microsoft warned against performing antivirus scans on some Exchange Server’s files, folders, and processes.