Security News

American fast food chain Chick-fil-A has confirmed that customers' accounts were breached in a months-long credential stuffing attack, allowing threat actors to use stored rewards balances and access personal information. At the time, Chick-fil-A set up a support page with information on what customers should do if they detect suspicious activity on their accounts.

LastPass disclosed a breach in December where threat actors stole partially encrypted password vault data and customer information. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault," reads a new security advisory published today.

On Android, Google offers its own authenticator app, unsurprisingly called Google Authenticator, that you can get from Google Play. Google's add-on app does the job of generating the needed one-time login code sequences, just like Apple's Settings > Passwords utility on iOS. But we're going to assume that at least some people, and possibly many, will perfectly reasonably have asked themselves, "What other authenticator apps are out there, so I don't have to put all my cybersecurity eggs into Apple's basket?".

Protecting this account from phishing, or brute-force password attempts through a strong password policy, will keep a threat actor from accessing your company's password vaults. NIST recommends checking passwords against a breached password list.

Domain registrar Namecheap had their email account breached Sunday night, causing a flood of MetaMask and DHL phishing emails that attempted to steal recipients' personal information and cryptocurrency wallets. The phishing campaigns started around 4:30 PM ET and originated from SendGrid, an email platform used historically by Namecheap to send renewal notices and marketing emails.

Popular social media site Reddit - "Orange Usenet with ads", as we've somewhat ungraciously heard it described - is the latest well-known web property to suffer a data breach in which its own source code was stolen. Reddit systems were hacked as a result of a sophisticated and highly-targeted phishing attack.

Exactly the same when you try and use a password you say, "I want to copy that password and use it." You have to put in a master password to get access to your passwords, but you don't have to put in the master password to get access to the configuration file to get access to the passwords.

A top US cyber diplomat said his Twitter account was compromised over the weekend. Nate Fick, the inaugural US ambassador at large for Cyberspace and Digital Policy, on Saturday announced the hack of his personal account with - of course - a tweet.

The Dutch police announced on Friday that they dismantled the Exclu encrypted communications platform after hacking into the service to monitor the activities of criminal organizations. In the Netherlands alone, the police searched 22 locations and arrested 11 individuals believed to be connected with the Exclu platform.

For the most part, this week has been relatively quiet regarding ransomware attacks and researcher - that is, until the FBI announced the disruption of the Hive ransomware operation. Hive ransomware launched in June 2021 and quickly became one of the most active and prominent ransomware operations.