MSP at the forefront against credential stuffing
Credential stuffing has been around for a while, and it is exactly what it sounds like: an attack in which hackers use a cache of compromised usernames and passwords to break into a system. However, hackers have recently found new ways to make it more effective, namely the arrival of artificial intelligence (AI), which allows for a far more algorithmic-driven strategy. These types of attacks are on the rise because hackers have new AI-driven tools. The 2024 Verizon Data Breach Investigations Report (DBIR) states that external actors perpetrated 83 percent of breaches. Of these breaches, 49 percent involved the use of stolen credentials. Cybercriminals often find lists of usernames and passwords on the dark web or as a by-product of a previous cyber-attack. For example, www.HaveIBeenPwned.com has tracked over 8.5 billion compromised credentials from over 400 data breaches. Notable attacks Some notable, recent credential stuffing attacks include: Dunkin’: Dunkin’ and its customers were victims of many credential-stuffing attacks beginning in 2015. New York State sued the doughnut and coffee chain, and now Dunkin’ will be required to maintain safeguards to protect against similar attacks in the future. They will also have to follow incident response procedures when an attack occurs and pay $650,000 in penalties and costs to the state of New York. Norton: In January 2023, Norton Lifelock Password Manager was hit with a brute-force credential stuffing attack. Threat actors used stolen credentials to log into customer accounts and access their data. Over 925,000 people were targeted in this attack. Hot Topic: American retailer Hot Topic disclosed in March 2024 that two waves of credential stuffing attacks in November 2023 exposed affected customers’ personal information and partial payment data. The Hot Topic fast-fashion chain has over 10,000 employees in more than 630 store locations across the U.S. and Canada, the company’s headquarters, and two distribution centers. Roku: Roku warned in April 2024 that 576,000 accounts were hacked in new credential stuffing attacks after disclosing another incident that compromised 15,000 accounts in early March of 2024. The company said the attackers used login information stolen from other online platforms to breach as many active Roku accounts as possible in credential-stuffing attacks. These are just a handful of high-profile examples. Most credential-stuffing attacks occur outside of the media glare, day after day, in offices and enterprises worldwide. .
FTC Cracks Down On ‘Deceptive’ AI Businesses
The Federal Trade Commission is cracking down on businesses that use deceptive artificial intelligence to lure in customers. In a new law enforcement sweep: operation AI comply. The FTC took action against companies it said used AI to trick, mislead, or defraud.
Connecting your phone to rental car infotainment system? There is a big, hidden privacy risk
The recent data breach that exposed the sensitive information of some 300,000 Avis customers highlighted some critical vulnerabilities within the rental car industry. Yet, there’s another, often overlooked security risk when drivers use a rental car: the personal data you unknowingly leave behind when syncing your mobile device to a rental car’s infotainment system.
Telegramin tulevaisuus: onko käyttäjien yksityisyys vaarassa Durovin pidätyksen jälkeen?
Telegramin tulevaisuus on näyttänyt vaikealta sen jälkeen, kun Telegramin perustaja ja toimitusjohtaja Pavel Durov pidätettiin sunnuntaina 25. elokuuta hänen yksityiskoneensa laskeuduttua Ranskaan. Uutinen Durovin pidätyksestä levisi nopeasti ja herätti paljon keskustelua teknologiasektorilla, sosiaalisessa mediassa ja viestintäsovellusten käyttäjien keskuudessa.
US Puts Big Bounty Bullseye on Russian Hackers
As cyberattacks persist to stir turmoil in geopolitical conflicts around the world, the United States amped up the volume as it calls out criminal cyberactivity suspected to come out of Russia. Now, it has indicted six Russian hackers involved in cyberattacks collectively known as “Whisper Gate.”
Securing Your Digital Future: Insights from Cybersecurity Experts
Join us on Saturday 7th for an engaging virtual panel discussion with leading cybersecurity experts as they share their insights on the latest trends, challenges, and strategies in the world of cyber defense. From understanding emerging threats to implementing robust security measures, this session will provide you with the knowledge and tools needed to protect your digital assets and stay ahead of cyber adversaries
Telegram’s Future: Is Your Privacy At Risk Amid Durov’s Arrest?
On Sunday, August 25, Telegram’s founder and CEO Pavel Durov was arrested on an outstanding warrant when his private jet landed in France. The news of Durov’s arrest traveled fast, creating ripple waves across the tech industry, social media, and messaging app community. As the media continue to report on the developing story and the allegations against him and Telegram, Techopedia moves to understand how Telegram users are being impacted, what their concerns are, and what the future might hold.
The Rise of Job Posting Scams on Freelancing Platforms
For freelance workers such as content writers, developers, or web designers, platforms such as Fiverr and Upwork provide an array of opportunities for work. According to a recent study from Upwork, freelancers made up 38% of the workforce as of December 2023, comprising everyone from seasoned professionals to those just starting to dip their toes into the freelance world.
Analyzing the Recent AT&T Hack
The hackers responsible for the April 2024 attack on AT&T made off with a massive amount of user data. According to reports, the breach netted six months of call and text messages from virtually every AT&T cellular network customer, which is estimated to include 109 million customers using 127 million devices.
Could eBPF Save Us From CrowdStrike-Style Disasters?
In the aftermath of the CrowdStrike Windows security fiasco, security experts and developers alike are looking for a safer way to run low-level security programs. In a recent blog post, Brendan Gregg, a well-regarded system performance expert and Intel Fellow, suggests we can keep computers from crashing due to bad software updates, even those updates that involve kernel code,” thanks to eBPF.
