More Corporate Giants are Victims to the MOVEit Vulnerability
Description
There is an adage that says, “Old habits die hard.” Exploitable vulnerabilities die equally hard as well. It was May 28, 2023, when the MOVEit vulnerability was first identified. MOVEit is a secure Managed File Transfer (MFT) software developed by Progress Software that securely transfers files and data between servers, systems, and applications. The vulnerability known as CVE-2023-34362 allows hackers to bypass authentication on unpatched (more…)
Toymaker Settles Data Breach Class Action Suit for $500,000
Description
Squishable, a New York based company that makes cute and cuddly companion toys for children, suffered what is referred to as a Magecart attack that affected nearly 16,000 customers back in 2022. These types of attacks are carried out by injecting malicious scripts into e-commerce sites to steal payment information. In Squishable’s case, the malicious code was present on their website from May 26 to (more…)
Abusing Default Credentials
Attackers can exploit default credentials to escalate privileges within systems, endangering sensitive assets.
Internal Network Penetration Testing is typically done by organizations for compliance reasons, either for HIPAA or for PCI DSS Compliance. But regardless of why most companies invest in it, it’s an essential part of ensuring that your security controls are being managed effectively, and (more…)
Eat, Drink, & Be Wary
This Holiday Season ….
It is a time of joy, generosity, and, for many, a whirlwind of gatherings, traveling, and shopping. Unfortunately, it’s also prime time for cybercriminals. With all the season preparations and events, people often get too busy and distracted. Critical security protocols can sometimes be rushed or forgotten, making everyone even more (more…)
Not a Success Story
This Holiday Season ….
Cyber threats are more real than ever. From phishing scams to card skimming to spoofing, your online shopping and travel bookings are at increased risk. Stay vigilant when purchasing through an app or securing travel plans, as your sensitive data and access to work networks could be compromised—causing more lasting damage than an (more…)
Dental Center Agrees to Settlement of $2.7 Million for Data Breach
Description
Great Expressions Dental Centers, a Michigan-based dental service organization with nearly 300 affiliated practices across the United States, experienced a significant data breach in February 2023. The incident affected approximately 1.9 million patients and employees. Over a six-day period, an unauthorized party potentially accessed personal information of both employees and patients. For employees, the compromised data included names, Social Security numbers (SSNs), driver’s license (more…)
Weaponizing Legacy Software
Legacy software that uses web traffic can be used to blend in with other incoming and outgoing traffic.
There are a variety of ways to gain the access needed to remotely execute commands on a compromised machine. One way that HALOCK Security Team has been able to gain access during an Assumed Breach Penetration Test is by utilizing (more…)
Multi-Vendor Vulnerability Results in Data Breach at Rackspace
Description
Rackspace is a managed cloud computing provider based in San Antonio, Texas, that offers cloud hosting, dedicated servers, and multi-cloud solutions. The company servers than 300,000 customers across the world, including two-thirds of the world’s largest public traded companies. On the morning of September 24, 2024, Rackspace fell victim to a cyberattack that exploited a zero-day vulnerability in a monitoring application provided by ScienceLogic. (more…)
Data Breach Victims Eligible for Compensation in $3.25M Settlement
Description
See Tickets, a global ticketing services company, detected suspicious activity on several of its e-commerce platforms in May of 2023. A subsequent investigation revealed that cybercriminals had injected malicious code into the company’s checkout pages. This unauthorized code enabled the attackers to capture customer information transactions processed between February 28, 2023, and July 2, 2023. The compromised data included names, addresses, zip codes, payment card (more…)
$200,000 Fraudulent Scheme Forces Finance Director to Step Down
Description
The mayor of Plymouth, Connecticut reported on the mayor’s office Facebook page that the town had fallen victim to a sophisticated social engineering scam. Cybercriminals had compromised the accounts of one of the town’s vendors a month earlier, gaining access to information about an ongoing project for the town. Using this knowledge, the scammers sent fraudulent invoices to the town’s financial department. While the (more…)
