Category: Uncategorized

Chick-fil-A has confirmed a data breach of their mobile app that potentially exposed personal information of users.
Chick-fil-A has confirmed a data breach of their mobile app that potentially exposed personal information of users.
In a statement, the restaurant chain said the break impacted less than 2% of its customers but added it has taken steps to prevent further breaches.
“We never want our customers to experience something like this and have communicated directly with those impacted to resolve these issues, while taking necessary efforts to protect our systems and our customers in the future,” the statement said.
“We are grateful for our customers’ patience while we worked to resolve this issue and sincerely apologize for any inconvenience caused.”
WSOC-TV reported Chick-fil-A noticed unusual login activity on a specific Chick-fil-A One account and then launched an investigation. The investigation determined a cyberattack had been launched on the restaurant’s website and app between December 2022 and February of this year. The attack was launched using email addresses and passwords from a third-party source.
The information taken from customers includes names, email addresses, Chick-fil-A membership numbers, mobile payment numbers, QR codes, money saved on Chick-fil-A accounts and other personal information. The hackers also had access to credit and debit card numbers but only the last four numbers of whatever card was used to pay.
WSOC reported the company has taken several steps to prevent future issues, including increasing online security, monitoring and fraud control and sending alert to customers to reset their passwords. The restaurant also reimbursed mobile accounts that were impacted by the cyber-attack.
Chick-fil-A has information on what to do if you suspect your account has been compromised. You can see the steps you should take here.
What to do if fake mobile orders have been made using your account or if your points were used to redeem or gift rewards fraudulently.
If you purchase a product or register for an account through one of the links on our site, we may receive compensation.
Use of and/or registration on any portion of this site constitutes acceptance of our User Agreement, Privacy Policy and Cookie Statement, and Your Privacy Choices and Rights (each updated 1/26/2023).
Cookie Settings/Do Not Sell My Personal Information
© 2023 Advance Local Media LLC. All rights reserved (About Us).
The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of Advance Local.
Community Rules apply to all content you upload or otherwise submit to this site.
YouTube’s privacy policy is available here and YouTube’s terms of service is available here.
Ad Choices

source

A joint operation conducted by DHS, FCEB, and CISA Identified multiple attempts of a cyber attack on the U.S. Government IIS Server by exploiting a .NET deserialization Telerik Vulnerability.
Multiple hackers group initiated this attack, including APT actors. The successful exploitation of the vulnerability lets attackers execute an arbitrary code remotely on the federal civilian executive branch (FCEB) agency network where the vulnerable Telerik user interface (UI) is presented in the IIS webserver.
The IOC identified by the federal agencies belongs to the exploit that triggers the Telerik UI for ASP.NET AJAX builds before R1 2020 (2020.1.114).
The attack was conducted from November 2022 through early January 2023, targeting the .NET deserialization vulnerability (CVE-2019-18935) in the RadAsyncUpload function, leading attackers to exploit the exposure when the encryption keys are known due to the presence of CVE-2017-11317.
FCEB agency’s Microsoft IIS server is configured with Telerik UI for ASP.NET AJAX Q2 2013 SP1 (version 2013.2.717), and the vulnerability, upon the successful remote code execution, lets attackers gain interactive access to the web server.
FCEB agency has an appropriate plug-in to detect this vulnerability CVE-2019-18935. However, the detection failed due to the Telerik UI software being installed in a file path that doesn’t have access to scan and find the vulnerability.
CISA and the other joined agencies identified scanning & reconnaissance activities from multiple threat actors known as cybercriminal actor XE Group and the other group TA2. The successful attempt of scanning led to exploiting the vulnerability.
Once the vulnerability gets triggered and exploited, Threat actors upload malicious dynamic-link library (DLL) files to the C:WindowsTemp directory.
The files mimic PNG and are executed with the help of w3wp.exe process—a legitimate process that runs on IIS servers to handle requests sent to web servers and deliver content.
“CISA and authoring organizations confirmed that some malicious files dropped on the IIS server are consistent with a previously reported file naming convention that threat actors commonly use when exploiting CVE-2019-18935.”
In this case, CISA observed that TA1 named XE Group, started their system enumeration beginning in August 2022 and they were able to upload malicious DLL files to the C:WindowsTemp directory and then achieve remote code execution, executing the DLL files via the w3wp.exe process.
CISA received 18 files for analysis from a forensic analysis engagement conducted at a Federal Civilian Executive Branch (FCEB) agency.
In order to minimize the threat of other attacks targeting this vulnerability, CISA, the FBI, and MS-ISAC recommend a number of mitigation measures:-
Malicious actors exploited a vulnerability in the Microsoft Internet Information Services (IIS) web server used by a federal civilian executive branch agency (FCEB) and were able to execute remote code on the server successfully.
As a result of this advisory, the CISA, FBI, and MS-ISAC encourage you to continuously test your security program in a production environment for optimum performance versus the MITRE ATT&CK techniques.
Network Security Checklist – Download Free E-Book

source

Hospitality company Sonder has confirmed a data breach that has potentially compromised guest records.
According to a security update published on Wednesday, November 23, 2022, Sonder learned of unauthorized access to one of its systems on November 14.
“Sonder believes that guest records created prior to October 1, 2021, were involved in this incident,” the company wrote. It added that they have no evidence to indicate that accounts created after November 14, 2022, were involved.
“This suggests the company has improved their security since last October, that, or the attacker managed to access an old backup or copy of the data,” explained Mark Warren, product specialist at Osirium.
“‘Unauthorized access could apply to current staff, someone who left a while ago, a vendor, or an attacker,” Warren told Infosecurity.
The data potentially compromised in the breach reportedly include usernames and encrypted passwords, names, phone numbers, dates of birth, addresses and email addresses.
Certain guest transaction receipts, including the last four digits of credit card numbers and transaction amounts, could have also been compromised, alongside dates booked for stays at Sonder properties.
“Additionally, Sonder believes that copies of government-issued identification such as driver’s licenses or passports may have been accessed for a limited number of guest records,” the company added.
Sonder explained that upon discovering the breach, it took steps to contain it, including ensuring that the unauthorized individual no longer had access to systems and that operations were not affected and investigating the scope of the incident.
The company is also reportedly notifying affected users and appropriate regulatory bodies and has contacted law enforcement.
Warren said companies should learn from data breaches like this and improve their security posture by protecting customer databases (and backups) from attackers, disgruntled staff, and accidental damage. The executive also warned against letting staff have direct access to the credentials used to access those systems.
“Not only does that reduce the risk of access being compromised, but it makes life a lot easier when the company needs to rotate credentials,” Warren added.
“Without that control, changing credentials regularly or making them highly complex becomes too expensive, so many end up taking shortcuts or not updating credentials often enough.”
All in all, Warren believes protection always comes back to the fundamentals.
“Know where the sensitive data and systems are, understand who has access and who really needs it, and ensure that access is only possible through secure channels such as privileged access management.”
The Sonder data breach comes weeks after Shein's holding company Zoetop was fined $1.9m after failing to properly inform customers of a hack that reportedly affected millions of users.

source

The old adage “cybersecurity is everyone’s job” is more true than you might imagine. While not every department is tasked with threat hunting or reviewing detailed vulnerability disclosures, each has a role in protecting the organization from fraudsters and cyber criminals alike.
Customer service is uniquely positioned as the face of the company. These departments work with customers to resolve order and service disputes, answer questions, process product returns, modify account information and much more. They form a crucial link between a company and its customers. As such, it’s also important not to underestimate the role customer service plays in cybersecurity.
Depending on the business, a customer service agent may have access to a trove of customer information and company systems. They may even have access to change customer account information or take payments over the phone. Due to the combination of access and a job that requires helpfulness, customer service departments are a ready target for cyber criminals.
Customer service departments are often targeted with social engineering campaigns, tricking them into giving up information they wouldn’t otherwise share. According to the 2022 Data Breach Investigations Report, human actions are a direct factor in 82% of the breaches examined. In fact, social engineering facilitated 2,249 incidents where 1,063 of which resulted in data disclosure. Threat actors most often used phishing and pretexting to facilitate a breach.
The number of communication channels available to the modern customer far outnumber those available just over a decade ago. Depending on the technologies used, a company may interact with customers through live chat, social media, email, phone, SMS text messaging and other direct messaging channels. Some customer communications platforms can transfer conversations from one channel to another while keeping a log of the interaction from start to finish. In other instances, representatives can view detailed customer information in the course of addressing an issue.
Customer service agents must handle multiple competing priorities throughout the lifecycle of customer interaction. They must balance the responsibilities of providing accurate information quickly while verifying they are indeed working with the real customer. The customer service department is also responsible for preventing unintentional disclosures of company and customer data through its communications channels.
Customer service departments often experience high turnover rates and may lack appropriate resources for regular data privacy and cybersecurity training. Despite those factors, these departments function as an essential part of doing business. It’s important for the CIO to consider what resources the department currently utilizes and how they can be improved to ensure every employee has the knowledge and risk awareness necessary to prevent cyber incidents.
Customers entrust their personal data to companies they do business with; they expect every department with access to handle the data properly. Customer identity access management can help, but the human element must also be examined. CIOs are in a position to build a culture that abides by data protection regulations. Policies and procedures outline the company’s standard approach. The CIO lays the foundations for an organizational culture that balances excellent customer service and cyber risk awareness.
The CIO can work with the customer service department to improve security controls, policies and training.
A careful examination of the current support systems and how customer service agents interact with them can reveal important deficiencies in the software itself as well as the security controls in place. CIOs can open a feedback loop with the department to encourage comments about improvements in software and customer workflows.
Adjusting security controls and customer interaction workflows can help eliminate steps that are unnecessary or provide too much information to a support agent who does not need it to perform their duties. Platform tweaks can be very helpful in preventing unintentional access to personal information. However, they do not fully protect employees from potentially urgent and emotional appeals for private information they may encounter.
The CIO should work with the customer service department to tailor a cybersecurity awareness training program to meet their needs. An annual cybersecurity basics training course doesn’t happen often enough nor contain the right information for a busy customer service department which frequently interacts with strangers through multiple channels. Training should happen often, be engaging, be relevant to the employee’s functions and teach risk awareness (rather than focusing only on the multitude of attack types).
In this way, an organization’s customer service department can work hand-in-hand with its cybersecurity team to the benefit of both.
Michelle is a freelance technology writer. She has created technical content for a range of brands and publications, including Business Insider, DICE, GE Dig…
4 min read – Discover how threat actors are waging attacks and how to proactively protect your organization with top findings from the 2023 X-Force Threat Intelligence Index.
12 min read – ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development…
2 min read – According to the Global Cybersecurity Outlook 2023, 93% of cybersecurity leaders and 86% of business leaders think a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years. Additionally, 43% of organizational leaders think it is likely…
The days when email was the main vector for phishing attacks are long gone. Now, phishing attacks occur on SMS, voice, social media and messaging apps. They also hide behind trusted services like Azure and AWS. And with the expansion of cloud computing, even more Software-as-a-Service (SaaS) based phishing schemes are possible. Phishing tactics have evolved faster than ever, and the variety of attacks continues to grow. Security pros need to be aware. SaaS to SaaS Phishing Instead of building…
Understaffed security teams need all the help they can get, and they are finding that help through SOAR. SOAR — security orchestration, automation and response — is defined by Gartner as the “technologies that enable organizations to collect inputs monitored by the security operations team.” Gartner identifies a SOAR platform’s three prime functionalities: Threat and vulnerability management, security operations automation and incident response. The number of threats coming across the network and endpoints each day overwhelms most organizations. Adding SOAR…
In this digital age, it is increasingly important for businesses to be aware of their online presence and data security. Many companies have already implemented measures such as two-factor authentication and strong password policies – but there is still a great deal of exposure regarding email visibility. It should come as no surprise that cyber criminals are always looking for ways to gain access to sensitive information. Unfortunately, emails are a particularly easy target as many businesses do not encrypt…
The finance and insurance sector proved a top target for cybersecurity threats in 2022. The IBM Security X-Force Threat Intelligence Index 2023 found this sector ranked as the second most attacked, with 18.9% of X-Force incident response cases. If, as Shakespeare tells us, past is prologue, this sector will likely remain a target in 2023. Finance and insurance ranked as the most attacked sector from 2016 to 2020, with the manufacturing sector the most attacked in 2021 and 2022. What…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats.

source

The world’s biggest car maker, Toyota Motor released an apology notice stating that nearly 300,000 customer details were leaked. The company said to the users who had signed up for the T-Connect smartphone app, which links to their vehicles.
“The E-mail addresses and customer management numbers of some customers who have signed up for “T-Connect”, 296,019 cases were found to have been leaked”, Toyota.
“We sincerely apologize for causing great inconvenience and concern to our customers”.
Toyota Data Breach
The company’s data leak was due to the company’s source code of the user site of “T-Connect” being posted on GitHub for above three years.
“It was discovered that the published source code contained an access key to the data server, and by using it, it was possible to access the e-mail address and customer management number stored in the data server”, Toyota explains.
They ensured to change of the access key of the data server with other necessary preventive steps. No secondary damage has been confirmed.
The company said personal information such as e-mail address and customer management number were leaked. Other information such as name, phone number, credit card, etc. is not affected.
Toyota also explained that the “T-Connect” website development subcontractor wrongly uploaded part of the source code to their GitHub account while it was set to be ‘public’.
“This incident was caused by the inappropriate handling of the source code by the development contractor company”, Toyota said..
The company further said they would write to users individually in case any illegal activity is detected. 
“In addition, we have prepared a special form on our website that allows you to check whether your email address is subject to this campaign”, Toyota.
In this case, it is possible that spam e-mails such as “spoofing” or “phishing scams” using e-mail addresses may be sent. Therefore, the company requested not to open any suspicious email with an unknown sender or subject.
Thus, there is a risk of virus infection or unauthorized access, so please do not open the attached file and immediately delete the e-mail itself, concludes the report.
Cyber Attack with Zero Trust Networking – Download Free E-Book

source

Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.

Bank seizures impose new challenges on vendors in every segment and may spur consolidation.
The banking crisis and nagging suspicion that hardship will spread, even to companies not directly linked to the failed banks, could have an ancillary effect on the cybersecurity market.
The failures and government takeover of Silicon Valley Bank and Signature Bank will impose new challenges on vendors that were already on poor financial footing, and potentially spur vendor consolidation and a near-term impact on innovation flowing from startups.
Plenty of cybersecurity companies were attempting to find an exit strategy or achieve greater stability once economic headwinds became a reality, Jeff Pollard, VP and principal analyst at Forrester, said via email.
The bank seizures aren’t helping matters, but that won’t have as much of an impact and accelerate consolidation as other trends that were already underway, according to Pollard.
Cybersecurity budgets remain robust and recent Hiscox research shows organizations have tripled investments in IT security since 2018.
But where that money is being spent and the pool of cybersecurity vendors claiming those dollars is shrinking. Vendor consolidation and economic uncertainty are reinforcing a need for cybersecurity companies to rein in spending and steady their financial standing.
Three-quarters of organizations were moving to consolidate the number of cybersecurity vendors they used last year, according to a report Gartner released in September.
A lack of efficiency, integration challenges, overlapping tools and a glut of cybersecurity tools that do one thing often do more harm than good, according to cybersecurity experts. Tool sprawl is widespread and not a recent phenomenon.
Mark Sasson, co-founder and managing partner at Pinpoint Search Group, a cybersecurity headhunter firm that tracks vendor funding and M&A activity, said startups that aren’t making measurable improvements and closing in on their cash runway are susceptible to fire sales or closures.
“This is the nature of the game, and the business risks are always accentuated in poor economic situations, which we are clearly in,” Sasson said via email.
Vendors that have achieved a strong market fit and built successful businesses won’t be impacted by a tightening of venture capital or debt financing, Pollard said. “For vendors that were hoping to subsidize growth with investor capital, that didn’t pay attention to fundamentals and just burned cash — this will hit them hard.”
Pollard estimates there’s at least one or two highly exposed vendors across each segment of the cybersecurity market. He expects exits in endpoint detection and response, extended detection and response, endpoint protection, data detection and response and risk qualification platforms.
“In almost all cases the vendors that exit early will be the most successful or the most disastrous,” Pollard said.
The banking crisis could be a tipping point that shifts M&A and private equity deals to the forefront, thereby reducing but not halting investment in innovation, Sasson said.
“If the pendulum swings toward M&A and consolidation now, it’ll swing back at some point toward innovation,” he said.
Get the free daily newsletter read by industry experts
CISOs are up against talent shortages and retention concerns amid an increasingly sophisticated threat landscape.
Enterprise cybersecurity is navigating market turmoil and vendor consolidation. Here’s what experts expect to happen to the industry in 2023.
Subscribe to Cybersecurity Dive for top news, trends & analysis
Get the free daily newsletter read by industry experts
CISOs are up against talent shortages and retention concerns amid an increasingly sophisticated threat landscape.
Enterprise cybersecurity is navigating market turmoil and vendor consolidation. Here’s what experts expect to happen to the industry in 2023.
The free newsletter covering the top industry headlines

source

IT Jobs: How To Become An Information Security Analyst  Information Security Buzz
source

Last month, Flutterwave, Africa’s largest startup by private valuation, was involved in a hack that resulted in more than ₦2.9 billion (~$4.2 million) missing from its accounts, according to local tech publication Techpoint Africa.
According to the documents seen by the publication and reviewed by TechCrunch, unknown actors transferred the funds across 28 accounts in 63 transactions in early February. Police investigations are ongoing as Flutterwave, via legal counsel and law enforcement parties, has filed a motion and seeks to freeze accounts across 27 financial institutions that interacted with the missing funds, Techpoint Africa reported. 
Several tweets regarding the alleged hack have also come up over the weekend. Some provided information about the hack, while others complained about frozen accounts that might be related to the hack. According to Techpoint Africa, the motion filed that 107 accounts, including the fifth beneficiaries of those accounts, are to be placed on lien/Post-No-Debit (PND). This directive restricts bank customers from withdrawing funds from their accounts. 
The cause and method of the attack remain unclear. However, one of the postulations from online commentary is that the hack might have been socially engineered, meaning that merchants’ keys were compromised, allowing the hackers to access the monies in their Flutterwave accounts. 
Meanwhile, Flutterwave, via a statement on the matter, has denied that it was hacked:
At Flutterwave, we understand that our customers’ personal and financial information is of the utmost importance. We take this responsibility seriously and understand that any potential security breach can cause anxiety and concern among our customers. We want to reassure you that Flutterwave has not been hacked. As a financial institution, we monitor transactions through our transaction monitoring systems and 24-hour fraud desk and review any suspicious activity. We collaborate with other financial institutions and law enforcement agencies to keep our ecosystem safe and secure.
During a routine check of our transaction monitoring system, we identified an unusual trend of transactions on some users’ profiles. Our team immediately launched a review (inline with our standard operating procedure), which revealed that some users who had not activated some of our recommended security settings might have been susceptible.
We want to confirm that no user lost any funds, and we take pride in the fact that our security measures were able to address the issue before any harm could be done to our users.
Our commitment to keeping our users’ financial information safe and secure is why we invest heavily in security initiatives such as periodic audits, certifications, and licenses such as the PCI-DSS & ISO 27001. These are in line with global best practices in information security management.
We want you to continue to trust us and feel secure in using Flutterwave for your business needs. Our commitment is to enable your business growth while keeping your financial information safe and secure.
You may have recently heard some claims on Flutterwave's security. We want to assure you that Flutterwave has not been hacked, and no customer funds were lost.
Thank you for choosing us 🦋
Read more here 🙏🏾: https://t.co/a27ZIy0w1k pic.twitter.com/o3KfChucJ9
— Flutterwave (@theflutterwave) March 5, 2023

This is a developing story…

source

Cybersecurity: When Best Intentions Fall Short of the Threat Reality  CPO Magazine
source

Julia Houston on lessons from the Equifax data breach  McKinsey
source