According to The Clorox Company, which makes everything from lip balm to cat litter to charcoal to bleach, this is exactly what happened to it in 2023. But Clorox says that the “debilitating” breach was not its fault. It had outsourced the “service desk” part of its IT security operations to the massive services company Cognizant—and Clorox says that Cognizant failed to follow even the most basic agreed-upon procedures for running the service desk.
Category: Security
Hackers are hiding powerful info-stealing malware in fake free VPNs downloaded from GitHub, don’t get tricked | TechRadar
Once executed, the dropper uses a multi-stage attack chain involving obfuscation, dynamic DLL loading, memory injection, and abuse of legitimate Windows tools like MSBuild.exe and aspnet_regiis.exe to maintain stealth and persistence.
1.7 billion passwords leaked on dark web and why yours is at risk | Fox News
A new report shows just how out of control the problem has become, with infostealer activity jumping 500% in just one year, harvesting more than 1.7 billion fresh credentials.
FBI shares massive list of 42,000 LabHost phishing domains
Although the LabHost operation is no longer active and the shared 42,000 domains are not likely currently used in malicious operations, there’s still significant value for cybersecurity firms and defenders.
Hackers using malware to steal data from USB flash drives | Fox News
When infected, USB drives can spread malware not just within a single organization but also across multiple entities if shared. These attacks don’t rely on network vulnerabilities, allowing them to bypass traditional security tools.
Years-old login credential leads to leak of 270,000 Samsung customer records | CSO Online
At that time, the login credentials were stolen from the computer of an employee of IT service provider Spectos, which offers software to monitor and improve service quality. It is linked to Samsung’s German ticket system at samsung-shop.spectos.com. Apparently, the compromised credentials had not been updated for years.
Online scams easy as ever, as cybercrime markets flourish
Cybercriminals are often portrayed in popular media as rogue and highly skilled individuals, wielding coding and hacking abilities from a dimly lit room. But such stereotypes are becoming outdated.
Apartment buildings broken into with phone in minutes — IoT-connected intercoms using default creds vulnerable to anyone with Google | Tom’s Hardware
A number of apartment complexes using internet-connected intercom/entry systems still use their default credentials, which make them fully accessible to anyone savvy enough to Google their unit’s manual.