D1 Defend, Author at D1 Defend - Page 2 of 39 D1 Defend

D1 Defend, Author at D1 Defend - Page 2 of 39 D1 Defend

x

Author: D1 Defend

Cerebral Data Breach – 3.18 Million Affected

Posted on by D1 Defend

Cerebral, an online platform that offers mental health care services, recently suffered a data breach that may have affected up to 3.18 million users. According to its report, the breach was due to the company’s use of third-party pixel trackers.

Cerebral did not say the exact number of users affected. However, the company said it had taken steps to ease the breach’s impact.

What Exactly Are Tracking Pixels?

Tracking pixels are tiny pieces of code that businesses can embed on their websites, online ads, or marketing emails.

Whenever you use a webpage, ad, or email that contains a tracking pixel, it sends a message to a server. This message can collect data about the users, including their behavior and activity.

But criminals can use these pixels maliciously, posing a significant risk to users’ privacy.

Cerebral has been using pixels since it started in October 2019. By using third-party pixel
trackers, Cerebral left themselves open to illegal access to their system.

Consequently, the hackers were able to get their hands on users’ personal information, including their names, medical histories, and health insurance plans.

What Are the Consequences of a Data Breach?

Data breaches can have far-reaching effects on both individuals and companies. Identity theft, financial losses, and reputational damage are just a few of the dangers.

It was on Jan. 3, 2023, that Cerebral uncovered the breach. The company found out it had
mistakenly shared sensitive user information with other companies, including mental health evaluations, findings, and treatment plans.

The breach also exposed user subscription plans. Unfortunately, this put Cerebral in violation of HIPAA regulations to safeguard people’s private health information.

How Can Businesses Avoid a Data Breach?

To prevent data breaches, you must understand the potential risks of using third-party trackers. Protecting your customers’ data and being wary of data breaches is essential.

To keep your business safe from a data breach:

  • Check for weak spots and threats to your business.
  • Use passwords and access controls to protect critical information.
  • Keep an eye out for any suspicious activity or unauthorized access.
  • Train your employees to spot and deal with security problems.
  • Have a plan in case there is a security breach.

The Cerebral breach highlights the importance of keeping users’ information safe. As a business, you must remain proactive in securing your data and staying updated with the latest security measures.

Used with permission from Article Aggregator

Hiatus Malware Targets Business Routers

Posted on by D1 Defend

There is a new malware campaign targeting business-grade routers. It is called Hiatus, a complex operation that deploys the HiatusRAT malware. It is a kind of Remote Access Trojan (RAT) that cybercriminals use to gain remote control over a target system.

Hiatus is the first of its kind. Lumen’s security experts say it has been around since July 2022 and is still active. It gives business owners another reason to tighten cybersecurity. To help you protect your organization, here’s everything you need to know about the malicious campaign.

How Does the Hiatus Campaign Work?

The Hiatus campaign uses three components, namely a bash script, HiatusRAT, and a tcpdump variant. The threat actor will breach the target device and deploy the bash script. That will download and trigger the HiatusRAT. Next, the malware will steal the following: network data, system data, process data, and file system data.

The HiatusRAT malware will maintain communication with the C2 server. That way, the threat actor can keep watch over the target network. The bash script will also set up a packet-capturing program to monitor activity in TCP ports. The data there is unencrypted, so it is easy for hackers to steal.

Who Is the Hiatus Campaign Targeting?

The Hiatus campaign targets DayTrek Vigor VPN routers nearing the end of their lives. These are the 3900 and 2690 models with the i386 architecture. Businesses use these high-bandwidth routers to provide VPN support to their remote employees.

Small to medium-sized companies are the common users of these routers, so they are at high risk for attack. As of February, researchers said around 4,000 machines are vulnerable. They suspect the threat actors are spying on their targets and building a proxy network. The affected regions include Europe and North and South America.

However, the attackers are keeping a low profile to avoid detection. Out of all the routers they can attack, they have only breached 2%. That’s around a hundred compromised routers. The strategy also allows them to focus on the most critical profiles.

The Bottom Line

The HiatusRAT malware can harvest all kinds of data and communicate with remote servers. The Hiatus campaign is ongoing, and no one knows how many it will victimize. That is why business owners should not let their guard down. Not only can you lose money and intellectual property in a data breach, but you will also break your customers’ trust. Invest in your organization’s security before it is too late.

Used with permission from Article Aggregator

AT&T Data Breach – 9 Million Affected

Posted on by D1 Defend

In a recent statement, telecommunications giant AT&T confirmed that a hack on a vendor it was working with exposed around 9 million accounts. AT&T said that the sensitive information was mainly about device upgrade eligibility.

The hacking happened in January 2023 using a weakness in the vendor’s system. The hackers accessed customer data, such as their names, addresses, phone numbers, and account numbers.

AT&T said the hack did not involve sensitive information like Social Security numbers, credit card details, or account passwords. Also, the exposed data was old information.

The hack did not affect its internal systems, according to AT&T. The company is actively contacting customers affected by the data breach.

What Is a Data Breach and Its Consequences?

A data breach occurs when someone gains unauthorized access to sensitive information, such as confidential or personal information. This can lead to severe consequences for those affected, including identity theft, fraud, and other malicious activities.

In the case of AT&T, the consequences of their recent breach may include phishing attacks, spam, and potential legal and financial penalties.

Additionally, the company’s reputation may suffer due to the failure to protect its customers’ data.

How to Minimize the Risk of a Data Breach When Working With Vendors

Business owners need to know the potential risks and threats when working with vendors. Here are some ways to minimize the risk of data breaches:

1. Check the vendor’s reputation before working with them. Before you start working with a vendor, conduct a full background check. Ensure they have a good reputation and a
history of securing their data.

2. Use contracts. Establish a comprehensive agreement outlining the security measures the vendor must fulfill to protect your data.

3. Limit access to data and only share what is necessary. Only give them access to the data
they need to perform their duties. Also, ensure that the vendor places measures to protect
the data, such as encryption and access controls.

4. Monitor vendor activity. Regularly monitor the vendor’s movement and keep track of any changes in how they access your data. This will help you detect any potential breaches or misuse.

5. Have an incident response plan. An incident response plan outlines the steps to take in
case of a data breach. This should include communication protocols, containment
measures, and actions for notifying affected parties.

By following these practices, business owners can reduce the risk of data breaches when working with vendors and help ensure the security of their data.

Final Thoughts
Identity theft and fraud are common after-effects if there is a breach in your data. It is crucial for businesses to monitor their accounts for suspicious activity, regularly review account statements and credit reports, and report any unauthorized activity immediately.

Used with permission from Article Aggregator

Microsoft Patch Tuesday

Posted on by D1 Defend

Microsoft released on March 14, 2023, a security update that fixes at least 74 bugs in Windows and other software. Hackers are already attacking two flaws, including a very serious one in Microsoft Outlook.

Microsoft Outlook Vulnerability

The Outlook bug, CVE-2023-23397, affects all versions of Microsoft Outlook from 2013 to the most recent one.

Microsoft said that threat actors are taking advantage of this bug. It starts working automatically when a malicious email goes to an email server, even before it appears in the Preview Pane.

CVE-2023-23397 is an NTLM relay exploit that enables an attacker to gain a user’s Windows account password and use it in a “Pass The Hash” attack.
The flaw makes it possible for a threat actor to pose as a trustworthy person. This is the same as an attacker having a valid password and getting into an organization’s systems.

Windows SmartScreen Vulnerability

The second exploited flaw, CVE-2023-24880, is a “Security Feature Bypass” in Windows
SmartScreen. The flaw can let malicious code run without SmartScreen checks.
CVE-2023-24880 lets threat actors create files that get around Mark of the Web (MOTW)
defenses. By bypassing the MOTW, hackers can spread malware through documents and other infected files that SmartScreen normally blocks.

Microsoft also fixed seven other security flaws this week with a “critical” rating. The rating
means that a threat actor could take complete remote control of a Windows host without the user having to do much.

Action Plan for Business Owners

Windows is a staple in many businesses. Owners should take the following precautions to protect their clients and make sure their systems are safe:

  • Install security updates quickly. Once there’s a new patch, you should update your
    software to stop exploitation.
  • Establish a regular update schedule. Check for and apply updates for your operating
    system, apps, and security programs on a regular basis.
  • Get people to use strong passwords. Encourage employees to use strong, unique
    passwords and consider using a password manager.
  • Enable multi-factor authentication. This provides an added layer of security.
  • Train your workers about security. Teach your employees best practices, like spotting suspicious emails and what to do when a cyberattack happens.
  • Always have a backup plan. Back up your data regularly and keep it in several places for quick recovery.
  • Monitor network activity. Use tools for network monitoring to find strange behavior and possible threats.
  • Develop an incident response plan. Plan for handling cybersecurity issues, including ways to deal with threats.
  • Review policies on security. Regularly review and update security policies to adapt to new threats and technology.

Final Word

Organizations need to be always aware of cyber dangers. By regularly reviewing and updating security rules, you can keep your digital environment safe from threats.

Used with permission from Article Aggregator

Everything to Know About Essendant’s Multi-Day Outage

Posted on by D1 Defend

Essendant, a Staples-owned wholesale distributor of office supplies and stationery, paused its operations recently because of a multi-day, network-wide outage. The system disruption has prevented customers from placing orders online or contacting the company’s customer care unit.

While Essendant has yet to disclose the reason behind the outage, many think someone had hacked into the company’s system. Customers are expressing their frustration over the company’s lack of transparency.

Essendant’s Outage Is Preventing Fulfillment of Orders

The network-wide outage started on the night of March 6, 2023. Essendant then began notifying customers about it the following day. Because of the disruption, the company can’t accommodate new online orders or fulfill existing ones. Aside from customers and suppliers, the incident also affects freight carriers. The company has told them to postpone pickups for now.

Essendant carries more than 160,000 items and caters to around 30,000 resellers. The disruption has a significant impact on its supply chain.

What Is Essendant Doing to Address the Issue?

Since March 20, 2023, Essendant has taken significant steps to recover its operations.
The company has restored at least a hundred systems and performed end-to-end testing. It is currently in the pilot stages of its pick, pack, and ship efforts.

Here’s what customers can expect from Essendant at this point of its recovery:

Empower users now have new login credentials and can place orders through the
portal.

Aside from Empower, customers can access other Solution Central applications. That
includes List Assistant, ICAPS, Essendant Marketing Studio, and Market Xpert.

Essendant’s customer care team is only accessible through email. Request volumes are high, and turnaround time will be longer.

There will be longer shipment times because of higher order volumes.

The Bottom Line

The Essendant outage highlights the importance of data backups. Losing large amounts of
information, whether employee, customer, or systems data, can cripple a business. But with a data backup strategy, you have a duplicate of your systems and can recover faster.

Secondly, it’s a reminder for business owners to have a contingency plan. If your supplier can’t deliver for whatever reason, having a backup plan will save your business.

Used with permission from Article Aggregator

View More

Schedule a Call