IT pros understand that not all open-source products are created equal. Some of the most beloved tools for business and personal computing, including Firefox, WordPress, and Apache, are the result of successful, long-term open-source (OS) projects. However, when it comes to protecting your organization against information security threats, how do available OS options objectively stack up?
Monitoring user activity is crucial for maintaining a secure IT environment and complying with cybersecurity regulations. Ekran System is a comprehensive human-focused insider risk management platform for monitoring and managing user sessions. The platform lets you view user sessions to analyze employee and third party activity, meet compliance requirements, and protect your data and critical [β¦]
2024 has already been a tumultuous year for information security.
Verizon's 2024 Data Breach Investigations Report revealed some shocking statistics about criminal activity and attacks involving the exploitation of vulnerabilities: They have almost tripled (by 180%) since 2023.
Network monitoring software can be among the most effective tools for discovering when criminals have gained entry to your company's network, even when they try to avoid detection.
Pet retail company PetSmart has emailed customers to alert them to a recent credential stuffing attack.
Credential stuffing relies on the re-use of passwords. Take this example: User of Site A uses the same email and password to login to Site B. Site A gets compromised and those login details are exposed. People with access to the credentials from Site A try them on Site B, often via automation, and gain access to the userβs account.
If the user had different passwords on Site A and Site B, the attacker would have been stopped before they got in to Site B. This is why we are continuously telling people to not reuse their passwords. If all your logins are hard to remember (and they should be), you can use a password manager to help you.
Weβd like to like to praise PetSmart for the way in which it handled the attack, setting a good example by warning customers.
We want to assure you that there is no indication that petsmart.com or any of our systems have been compromised. Instead, our security tools saw an increase in password guessing attacks on petsmart.com and during this time your account was logged into. While the log in may have been valid, we wanted you to know.
In an abundance of caution to protect you and your account, we have inactivated your password on petsmart.com. The next time you visit petsmart.com, simply click the βForgot passwordβ link to rest your password. You can also reset your password by visiting www.petsmart.com/account/.
Across the internet, fraudsters are constantly trying to obtain user names and passwords and they often try and test the credentials they find on various websites, like ours. To help keep your accounts secure, remember to use strong passwords for each of your important accounts.
Thank you for your understanding. If you have any questions about this, or any other issue, please feel free to contact us at customercare@petsmart.com or 888-839-9638.
Sincerely,
The PetSmart Data Security Teamβ
While we donβt agree with everything in the emailβa strong password would not have made a difference hereβit is informative, to the point, and helpful.
Digital Footprint scan
If you were one of those customers and the login was not you, that means the attacker knew your email and password. Maybe they found them in the proceeds of a previous data breach.
Malwarebytes has a tool that can help you find out how much of your own data is currently exposed online. OurΒ free Digital Footprint scan scours the internet to find your exposed passwords and much more. Fill in your email address (itβs best to submit the one you most frequently use) and weβll send you a report.
We donβt just report on threats β we help safeguard your entire digital identity
Cybersecurity risks should never spread beyond a headline. Protect yourβand your familyβsβpersonal information by usingΒ Malwarebytes Identity Theft Protection.
Login
