Hatch Bank discloses data breach after GoAnywhere MFT hack
Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform. Hatch Bank is a financial technology firm allowing small businesses to access bank services from other financial institutions. As reported by TechCrunch, data breach notifications sent to impacted customers warned that hackers exploited a vulnerability in the GoAnywhere MFT software. READ MORE...
What GoDaddy's Years-Long Breach Means for Millions of Clients
For years, the domain registrar and Web hosting company GoDaddy has experienced a cyber barrage of extraordinary scale, it has confirmed - affecting both the company and its many individual and enterprise clients. As described in its 10K filing for 2022, released Feb. 16, the company has been breached once every year since 2020 by the same set of cyberattackers, with the latest occurring just last December. READ MORE...
Over 71k Impacted by Credential Stuffing Attacks on Chick-fil-A Accounts
American fast food restaurant chain Chick-fil-A has started notifying roughly 71,000 individuals that their user accounts have been compromised in a two-month-long credential stuffing campaign. In a notification letter to impacted customers, a copy of which was submitted to multiple Attorney General offices, Chick-fil-A says the accounts were compromised in a series of automated attacks targeting both its website and mobile application. READ MORE...
Thousands of Websites Hijacked Using Compromised FTP Credentials
Cloud security startup Wiz warns of a widespread redirection campaign in which thousands of websites targeting East Asian audiences have been compromised using legitimate FTP credentials. In many cases, the attackers managed to obtain highly secure auto-generated FTP credentials, and used them to hijack the victim websites to redirect visitors to adult-themed content. READ MORE...
Vulnerabilities of years past haunt organizations, aid attackers
Known vulnerabilities - those for which patches have already been made available - are the primary vehicle for cyberattacks, according to Tenable. The Tenable report categorizes important vulnerability data and analyzes attacker behavior to help organizations inform their security programs and prioritize security efforts to focus on areas of most significant risk and disrupt attack paths, ultimately reducing exposure to cyber incidents. READ MORE...
Microsoft releases Windows security updates for Intel CPU flaws
Microsoft has released out-of-band security updates for 'Memory Mapped I/O Stale Data (MMIO)' information disclosure vulnerabilities in Intel CPUs. The Mapped I/O side-channel vulnerabilities were initially disclosed by Intel on June 14th, 2022, warning that the flaws could allow processes running in a virtual machine to access data from another virtual machine. READ MORE...
Internet Explorer users still targeted by RIG exploit kit
Despite a very slim browser market share, Internet Explorer (IE) is still being exploited by exploit kits like the RIG exploit kit (EK). One major advantage for the malware distributors behind the exploit kit is that the outdated browser has reached end-of-life (EOL), which means it no longer receives security updates and patches against known threats. An exploit kit is a toolkit designed to facilitate the exploitation of client-side vulnerabilities most commonly found in browsers to deliver malware. READ MORE...
Krebs On Security: Highlights from the New U.S. Cybersecurity Strategy
The Biden administration today issued its vision for beefing up the nation's collective cybersecurity posture, including calls for legislation establishing liability for software products and services that are sold with little regard for security. The White House's new national cybersecurity strategy also envisions a more active role by cloud providers and the U.S. military in disrupting cybercriminal infrastructure, and it names China as the single biggest cyber threat to U.S. interests. READ MORE...
Chinese hackers use new custom backdoor to evade detection
The Chinese cyber espionage hacking group Mustang Panda was seen deploying a new custom backdoor named 'MQsTTang' in attacks starting this year. Mustang Panda is an advanced persistent threat (APT) group known to target organizations worldwide in data theft attacks using customized versions of the PlugX malware. The threat actors are also known as TA416 and Bronze President. READ MORE...
- ...in 1845, Congress overrides presidential veto for first time with a two-thirds majority vote, forcing President John Tyler to get Congressional approval to build new ships.
- ...in 1923, the first issue of TIME magazine is published. The first cover subject is then-Speaker of the US House of Representatives Joseph Cannon.
- ...in 1931, President Herbert Hoover signs a congressional act making "The Star-Spangled Banner" the official national anthem of the United States.
- ...in 1959, radio host and producer Ira Glass ("This American Life") is born in Baltimore, MD.
