MSP at the forefront against credential stuffing
Credential stuffing has been around for a while, and it is exactly what it sounds like: an attack in which hackers use a cache of compromised usernames and passwords to break into a system. However, hackers have recently found new ways to make it more effective, namely the arrival of artificial intelligence (AI), which allows for a far more algorithmic-driven strategy. These types of attacks are on the rise because hackers have new AI-driven tools. The 2024 Verizon Data Breach Investigations Report (DBIR) states that external actors perpetrated 83 percent of breaches. Of these breaches, 49 percent involved the use of stolen credentials. Cybercriminals often find lists of usernames and passwords on the dark web or as a by-product of a previous cyber-attack. For example, www.HaveIBeenPwned.com has tracked over 8.5 billion compromised credentials from over 400 data breaches. Notable attacks Some notable, recent credential stuffing attacks include: Dunkin’: Dunkin’ and its customers were victims of many credential-stuffing attacks beginning in 2015. New York State sued the doughnut and coffee chain, and now Dunkin’ will be required to maintain safeguards to protect against similar attacks in the future. They will also have to follow incident response procedures when an attack occurs and pay $650,000 in penalties and costs to the state of New York. Norton: In January 2023, Norton Lifelock Password Manager was hit with a brute-force credential stuffing attack. Threat actors used stolen credentials to log into customer accounts and access their data. Over 925,000 people were targeted in this attack. Hot Topic: American retailer Hot Topic disclosed in March 2024 that two waves of credential stuffing attacks in November 2023 exposed affected customers’ personal information and partial payment data. The Hot Topic fast-fashion chain has over 10,000 employees in more than 630 store locations across the U.S. and Canada, the company’s headquarters, and two distribution centers. Roku: Roku warned in April 2024 that 576,000 accounts were hacked in new credential stuffing attacks after disclosing another incident that compromised 15,000 accounts in early March of 2024. The company said the attackers used login information stolen from other online platforms to breach as many active Roku accounts as possible in credential-stuffing attacks. These are just a handful of high-profile examples. Most credential-stuffing attacks occur outside of the media glare, day after day, in offices and enterprises worldwide. .
FTC Cracks Down On ‘Deceptive’ AI Businesses
The Federal Trade Commission is cracking down on businesses that use deceptive artificial intelligence to lure in customers. In a new law enforcement sweep: operation AI comply. The FTC took action against companies it said used AI to trick, mislead, or defraud.
How will the Visa lawsuit affect businesses and customers?
The US Department of Justice's recent lawsuit against FinTech major Visa is part of a broader global trend aimed at curbing the dominance of financial and technology giants. It could potentially create more competitive markets and reduce barriers for new companies, while also addressing the rising debt-fee burden facing consumers.
Connecting your phone to rental car infotainment system? There is a big, hidden privacy risk
The recent data breach that exposed the sensitive information of some 300,000 Avis customers highlighted some critical vulnerabilities within the rental car industry. Yet, there’s another, often overlooked security risk when drivers use a rental car: the personal data you unknowingly leave behind when syncing your mobile device to a rental car’s infotainment system.
US proposal to ban Chinese software in connected vehicles could affect consumers
The US Commerce Department’s proposal on Monday to ban the sale of internet-connected vehicles with Chinese and Russian software and hardware on American roads could affect consumers and US car makers, possibly leading to higher prices.
TikTok faces tough questioning in court amid potential US ban
TikTok and its Beijing-based parent company, ByteDance, on Monday faced a tough line of questioning at a US appeals court while stating that a law which could force the company to sell its US operations or face a countrywide ban by January 19 would have a “staggering” effect on free speech.
Telegramin tulevaisuus: onko käyttäjien yksityisyys vaarassa Durovin pidätyksen jälkeen?
Telegramin tulevaisuus on näyttänyt vaikealta sen jälkeen, kun Telegramin perustaja ja toimitusjohtaja Pavel Durov pidätettiin sunnuntaina 25. elokuuta hänen yksityiskoneensa laskeuduttua Ranskaan. Uutinen Durovin pidätyksestä levisi nopeasti ja herätti paljon keskustelua teknologiasektorilla, sosiaalisessa mediassa ja viestintäsovellusten käyttäjien keskuudessa.
US Puts Big Bounty Bullseye on Russian Hackers
As cyberattacks persist to stir turmoil in geopolitical conflicts around the world, the United States amped up the volume as it calls out criminal cyberactivity suspected to come out of Russia. Now, it has indicted six Russian hackers involved in cyberattacks collectively known as “Whisper Gate.”
Is Microsoft about to kick security vendors out of the kernel?
When Microsoft locks the doors of a secretive security summit tomorrow, one topic is expected to loom large on the agenda. The official goal of the Windows Endpoint Security Ecosystem Summit at Microsoft’s HQ in Redmond, Washington, is to set out “concrete steps” to improve security and resiliency in the wake of the Crowdstrike global mega-outage.
Securing Your Digital Future: Insights from Cybersecurity Experts
Join us on Saturday 7th for an engaging virtual panel discussion with leading cybersecurity experts as they share their insights on the latest trends, challenges, and strategies in the world of cyber defense. From understanding emerging threats to implementing robust security measures, this session will provide you with the knowledge and tools needed to protect your digital assets and stay ahead of cyber adversaries