top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #90 - March 25, 2024

Suspected MFA Bombing Attacks Target Apple iPhone Users

Source: Dark Reading

Attackers are targeting Apple iPhone users with a rash of MFA bombing attacks that use a relentless series of legitimate password-reset notification alerts in what appears to be an attempt to take over their iCloud accounts. The activity has focused attention on the evolving nature of so-called multifactor authentication (MFA) bombing attacks.




Retail chain Hot Topic hit by new credential stuffing attacks

Source: Bleeping Computer

American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data. The Hot Topic fast-fashion chain has over 10,000 employees in more than 630 store locations across the U.S. and Canada, the company's headquarters, and two distribution centers.




UnitedHealth Admits Patient Data Was 'Taken' in Mega Attack

Source: Info Risk Today

UnitedHealth Group has publicly acknowledged that data was "taken" in the cyberattack on its Change Healthcare unit and said it has started analyzing the types of sensitive personal, financial and health information potentially compromised. Meanwhile, the U.S. Department of State is offering a reward of up to $10 million for information leading to the identification or location of leadership of ransomware-as-a-service group BlackCat/Alphv, which claimed to be behind the attack.




US Treasury Urges Financial Sector to Address AI Cybersecurity Threats

Source: Infosecurity Magazine

The US Department of the Treasury has warned of the cybersecurity risks posed by AI to the financial sector. The report, which was written at the direction of Presidential Executive Order 14110 on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence, also sets out a series of recommendations for financial institutions on how to mitigate such risks.




CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability

Source: The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting Microsoft Sharepoint Server to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of active exploitation in the wild. The vulnerability, tracked as CVE-2023-24955 (CVSS score: 7.2), is a critical remote code execution flaw that allows an authenticated attacker with Site Owner privileges to execute arbitrary code.



111 views

Comments


Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page