SonicWall has urged customers to reset passwords after a security breach exposed encrypted firewall configuration backup files for less than 5% of its customers, potentially aiding attackers in exploiting firewalls. The breach involved brute-force attacks on cloud backups, with no evidence of files being leaked online. SonicWall recommends verifying backup status, resetting passwords and TOTP, and importing new preferences. The incident coincides with ongoing attacks by the Akira ransomware group exploiting SonicWall vulnerabilities to gain network access and disable security defenses.
Plex experienced a security breach exposing some user data, prompting the company to advise users to reset their passwords, enable two-factor authentication, and sign out of connected devices to enhance account security.
Plex, a media streaming platform, experienced a security breach exposing user emails, usernames, and hashed passwords. The company has contained the breach, urged users to reset their passwords, enable two-factor authentication, and sign out of all devices to enhance security. Plex is reviewing its security measures to prevent future incidents and emphasizes vigilance against phishing.
Google has clarified that it did not issue a warning to 2.5 billion Gmail users to reset their passwords, contradicting recent false reports. The company emphasized the strength of Gmail's security measures and advised users to adopt passkeys for better protection, dismissing claims of a major security breach as inaccurate. This incident is part of a pattern of unverified security scare stories in the media.
The FBI warns organizations not to reset passwords in response to attacks by the threat group Scattered Spider, which uses social engineering and spearphishing to manipulate support staff into resetting passwords and transferring MFA tokens. Recent ransomware attacks attributed to Scattered Spider may actually be linked to the group ShinyHunters, highlighting collaboration among cybercriminals. Additionally, the FBI warns against scanning QR codes in suspicious packages, as they can facilitate financial fraud and malware installation.
The FBI has issued a warning against resetting passwords in response to the Scattered Spider cyber threat, which uses social engineering to manipulate support staff into resetting passwords and transferring MFA tokens. Organizations are advised to use phishing-resistant multifactor authentication and review helpdesk procedures to prevent these targeted attacks. Additionally, the FBI warns against scanning QR codes in unsolicited packages, which can lead to financial fraud and data theft.
The FBI and CISA have issued a warning against resetting passwords in response to attacks by the threat group Scattered Spider, which uses sophisticated social engineering tactics to manipulate helpdesk staff into resetting passwords and transferring MFA tokens. Organizations are advised to use phishing-resistant multi-factor authentication and review helpdesk procedures to prevent these targeted attacks.
Malicious parties are exploiting the Apple ID password reset system to bombard iPhone users with prompts to take over their accounts, a tactic known as "MFA bombing." To protect against this attack, users should consistently decline the reset prompts, avoid answering calls even if they appear to be from "Apple Support," and consider temporarily changing their phone number associated with their Apple ID. There are concerns about a rate limit problem with the Apple ID password reset system, and while Apple is urged to address this issue, users are advised to be cautious and seek alternative methods to safeguard their accounts.
Apple users are being targeted by a sophisticated phishing scam that bombards them with fake password reset requests, with scammers even calling and posing as Apple Support. The scam exploits a bug in Apple's password reset feature, and users are urged to be cautious and not provide any personal information or one-time passcodes to unknown callers. Apple declined to comment on the phishing attacks but directed users to its support article on recognizing phishing attempts.
A new phishing attack targeting Apple users floods their devices with password reset requests and follows up with fake Apple Support calls, attempting to trick victims into sharing the reset code. The attackers use personal data obtained from People Data Labs to gain the victims' trust. Apple has not yet commented on the matter, and users are advised not to share the reset code with anyone to prevent unauthorized access to their Apple ID.
Apple users are being targeted by a new phishing attack called "MFA Bombing," which bombards victims with multiple password reset notifications in hopes of tricking them into granting access to their accounts. Attackers may also pose as Apple Support to obtain verification codes and reset passwords. While Apple has not responded to the issue, users can protect themselves by consistently selecting "Don't Allow" for reset notifications, verifying calls from Apple Support, and enabling the Apple Recovery Key for added security.
Apple users are being targeted by a sophisticated attack that involves receiving numerous system-level messages prompting them to reset their Apple ID password, followed by fake Apple Support calls. The attackers likely obtained victims' email and phone number associated with their Apple ID and used a password reset form to send the prompts. There is no foolproof way to protect against this attack, and users are advised to be vigilant and verify the authenticity of any password reset requests, even if they appear to come from Apple.
Apple users are being targeted in an advanced phishing attack that exploits a potential bug in Apple's password reset feature, bombarding them with endless password change notifications in an attempt to trick them into approving the change. Attackers are able to lock users out of their accounts if the request is approved, and they may also make phone calls pretending to be Apple support to obtain one-time password reset codes. The attack seems to exploit a bug in Apple's forgotten password page, and affected users should be cautious and avoid clicking "Allow" on any suspicious requests.
Apple's visionOS 1.1 beta update for the Vision Pro headset introduces a feature that allows users to reset the device if they forget their password, addressing a previous limitation that required a visit to an Apple Store or repair center for a reset. The update also includes support for Mobile Device Management (MDM) for business environments. Additionally, the release of visionOS 1.1 to the public is anticipated to coincide with the launch of iOS 17.4 in early March.
