Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2024

Arctic Wolf

Cisco Duo Third-Party Compromise

Apr 28, 2024 By Andres Ramos In Arctic Wolf
On April 16, 2024, Cisco Duo informed affected customers of a breach involving their SMS and VOIP multi-factor authentication (MFA) service provider. The breach occurred on April 1st due to a phishing attack, allowing unauthorized access to the provider’s systems, including SMS and VoIP MFA message logs for specific Duo accounts between March 1st and March 31st, 2024. Though the threat actor accessed message logs, they did not obtain message content.
Read Post
ekran

Data Breach Response and Investigation: 8 Steps for Efficient Remediation

Apr 24, 2024 By Ekran In Ekran
From financial losses to legal issues to a damaged reputation, the consequences of a data breach can severely impair organizations. Therefore, having robust data breach incident response and investigation procedures is critical for organizations to mitigate the impact of such incidents. In this article, we review what a data breach is and how it can influence your organization as well as provide eight simple steps to efficiently respond to and investigate data breaches.
Read Post
idstrong

Red Flags of Jobs and Employment Scams: How to Protect Yourself

Apr 24, 2024 By IDStrong In IDStrong
Job scams continue to rise in the United States as of 2024. According to the Federal Trade Commission (FTC), Americans lost about $490 million to job opportunities and employment scams in 2023, with 107,134 reports. This was a significant increase over 2022, with 95,327 reports of employment scams and a $373.5 million loss to these scams. Besides financial losses, scam artists are also conning unsuspecting job seekers out of their personally identifiable information.
Read Post
idstrong

Top 6 Secure Payment Methods

Apr 23, 2024 By Steven In IDStrong
With cyber threats on online payment methods becoming more common in today's digital age, ensuring that payment systems are secure and sensitive information is not hijacked when making payments has become ever more critical. To ensure that you choose the right option when making payments online or physically, we have compiled a list of the top 6 most secure payment methods. These payment options prioritize security, offering robust features and protections to safeguard your financial data.
Read Post
Arctic Wolf

Phishing: A Primer on How to Protect Your Organization

Apr 22, 2024 By Nathan Caldwell In Arctic Wolf
In April of 2024, the FBI released a warning that threat actors are sending SMS phishing, also known as smishing, messages to individuals pretending to be toll road operators messaging about unpaid toll fees. This kind of attack is a common one, and targets more than just individuals –— think the MGM resorts breach of 2023 that started with a phishing call to an IT professional and ended up costing the casino millions.
Read Post
nightfall

Here's what caused the Sisense data breach-and 5 tips for preventing it

Apr 22, 2024 By Rohan Sathe In Nightfall
From Uber in 2016 to Okta in 2023 to Sisense in 2024, it’s evident that there’s a pattern behind the tech industry’s most devastating breaches: Data sprawl. Let’s dive into how data sprawl played a part in last week’s Sisense breach, as well as how security teams can be proactive in defending against similar attacks.
Read Post
idstrong

What Is Cloud Security?

Apr 22, 2024 By Steven In IDStrong
Cloud computing has gained traction in recent years due to its ease of scalability, flexibility, and efficiency. It allows businesses to accelerate innovation and spend less in meeting client or consumer demands. With several businesses migrating their operations to the cloud, cloud computing has become the technology of choice as it becomes more readily accessible and affordable.
Read Post
idstrong

6 Airbnb Scams To Watch Out For

Apr 22, 2024 By Steven In IDStrong
Airbnb has brought a new paradigm to the hospitality industry. It has become the go-to platform for persons looking to make additional income with their properties and travelers looking for unique accommodation experiences away from home. However, this new model and its appeal have also attracted individuals looking to exploit the platform for fraud. Scams on Airbnb are becoming increasingly common, as both hosts and guests are not left out from becoming targets.
Read Post
idstrong

Credit Card vs Debit Card: Which Is Safer?

Apr 22, 2024 By Steven In IDStrong
Identity theft and card fraud are the main concerns associated with using debit and credit cards. Like any financial instrument, credit and debit cards are susceptible to certain security threats that can compromise cardholders' information and lead to credit card fraud or debit card fraud. Common examples of such financial security threats include card theft, phishing, skimming, malware, card cloning, vishing, weak passwords/PINs, and social engineering.
Read Post
foresiet

Unveiling the Nestle Data Breach: A Deep Dive into R00TK1T's Threat

Apr 19, 2024 By Foresiet In Foresiet
In the ever-evolving landscape of cybersecurity threats, the recent breach by the notorious hacker group R00TK1T serves as a stark reminder of the vulnerabilities faced by even the most established organizations. As the Foresight Threat Team delves into the details of this alarming incident, it becomes imperative to shed light on the implications and lessons to be learned from this breach.
Read Post
knowbe4

Half of U.K. Businesses Experienced a Security Breach or Cyber Attack in the Last 12 Months

Apr 19, 2024 By Stu Sjouwerman In KnowBe4
Analysis of cyber attacks targeting U.K. organizations highlights the effectiveness of social engineering attacks and the fact that businesses are missing the mark on how to stop it. The U.K. Government just released their Cyber Security Breaches Survey 2024 where they asked U.K. businesses and charities about their experiences with cyber attacks and breaches, their preparedness plans, response plans and the impacts of the attacks. According to the survey results, half (50%) of all U.K.
Read Post
foresiet

IntelBroker alleges a breach of Space-Eyes, targeting data crucial to US national security

Apr 18, 2024 By Foresiet In Foresiet
A hacker known as "IntelBroker" has purportedly breached Space-Eyes, a geospatial intelligence firm, potentially exposing sensitive US national security data. Authorities are currently investigating the claim, recognizing the potential ramifications it could have on critical government operations.
Read Post
idstrong

What is Sensitive Data: How to Protect Important Personal Data

Apr 18, 2024 By Steven In IDStrong
Sensitive personal data is among the most valuable information attached to us; it’s so valuable that there are international regulations for its maintenance, storage, and management. It is data that contains essential details about us, like Social Security Numbers (SSNs), bank accounts, tax IDs, health insurance data, and all the other “unique-to-one” credentials.
Read Post
Pentest People

Roku Makes 2FA Mandatory for all After Nearly 600K Accounts Pwned

Apr 17, 2024 By Pentest People In Pentest People
After attackers accessed around 591,000 customer accounts this year, Roku is making 2FA mandatory. Over two separate incidents, the first affecting 15,363 accounts and the second affecting roughly 576,000. In these cases, the attackers used the accounts to purchase streaming subscriptions and hardware stored in users accounts, the company has confirmed.
Read Post
idstrong

What is Single Sign-On: The Benefits and Importance of Implementing SSO

Apr 16, 2024 By Steven In IDStrong
Every day, more people get online - most do it for leisure, but organizations are increasingly moving into the digital environment. The increasing number of these new end-point users makes it clear that the cyber world must evolve. No longer can experts argue for unique platform passwords when password fatigue is prominent, nor can cybersecurity defenders protect all the various attack junctures across multiple platforms and tools.
Read Post
foresiet

Unveiling the KryptonZambie Leak of PureB2B.co.uk Database

Apr 12, 2024 By Foresiet In Foresiet
In the ever-evolving landscape of cybersecurity threats, staying ahead of potential risks is paramount. Today, we delve into a recent breach uncovered by the Foresiet Threat Intelligence Team. Our focus centers on the infiltration of PureB2B.co.uk's database by the threat actor known as KryptonZambie, shedding light on the implications and strategies for mitigation.
Read Post
Arctic Wolf

Beyond Sisense: Navigating the Rising Tide of Supply Chain Attacks

Apr 12, 2024 By Dan Schiappa In Arctic Wolf
Threat actors looking to maximize the amount of money they can make and chaos they can cause have once again chosen the supply chain as their target of attack. On Thursday, April 11, the Cybersecurity & Infrastructure Agency (CISA) warned customers of Sisense, a company that provides data analytics services to thousands of international companies, that they should reset their credentials for Sisense services and look out for suspicious activity involving their services.
Read Post
Arctic Wolf

Sisense Customer Data Compromise

Apr 11, 2024 By Andres Ramos In Arctic Wolf
On April 11, 2024, CISA issued an cybersecurity advisory disclosing a compromise of customer data from Sisense. The previous day, cybersecurity journalist Brian Krebs had published an email sent to Sisense customers by the company’s CISO. The specific details of the compromise have not been made public at this time. Furthermore, Arctic Wolf has not observed any malicious activities conducted by threat actors using compromised credentials from Sisense.
Read Post
securitysenses

The Future of Cybersecurity: Leveraging Breach and Attack Simulation for Proactive Defense

Apr 10, 2024 By SecuritySenses In SecuritySenses
The digital landscape is no longer a frontier; it's a full-fledged battlefield. As organizations become increasingly reliant on interconnected technologies, their attack surface expands exponentially. Firewalls and antivirus software, the traditional defense lines, are akin to medieval fortifications in the face of modern artillery. To survive in this ever-evolving warzone, organizations need a proactive approach, a way to anticipate and counter threats before they inflict damage. Enter Breach and Attack Simulation (BAS), a transformative tool poised to revolutionize the future of cybersecurity.
Read Post
idstrong

Personal vs Sensitive Personal Information (SPI): What's the Difference

Apr 10, 2024 By Steven In IDStrong
What is there to know about a person? Certainly, their name, but how about their affiliations, philosophical beliefs, or sexual orientation? The nuanced information about a person—including those elements listed above and more—falls into a data category called “personal information” or “personally identifying information” (PII).
Read Post
idstrong

What Is An On-Path Attack and How Does It Work?

Apr 5, 2024 By Steven In IDStrong
Suppose someone left their home, got in their car, and drove to the grocery store. Much like data packets that travel over Internet highways, the car will use various pathways to reach its destination; however, once the car gets to the store, a question remains: what happened between the generating point and the destination? If nothing happened, the driver (our data) traveled safely and without incident.
Read Post
idstrong

What is Bait and Switch Scams: How it Works and How to Avoid It

Apr 5, 2024 By Steven In IDStrong
Ever follow an ad featuring limited-time products to a company’s web page only to find they’re selling something else entirely? Or have you added a product to a cart only to discover a laundry list of issues, from poor quality to endless fees? Bait and switch (also called “bait-and-switch” or “B&S”) is a classification of fraudulent activities that most recognize as false advertising.
Read Post
manageengine

Uncovering identity threats: Lessons learned from a real-life data breach

Apr 4, 2024 By ADManager Plus In ManageEngine
Every IT admin, regardless of the company size or employee count, shares a common fear: data breaches. The horror of discovering their organization’s data exposed on the dark web, accessible to anyone, is definitely a nightmare. So, IT admins are on the constant lookout for leading solutions that protect access to organization data and manage employee identities effectively. But where does the real challenge lie? In managing the employee identities, or their access to data?
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.