The Oh No! news.

Oh No! News, is Good

News.

Threat analysis; your attack surface.

TAGS: Malware, Phishing, Security Breach

GoDaddy, a Web Hosting Provider Hit Multiple Times by the

Same Group.

This month, GoDaddy, a leading web hosting provider, revealed that

it had experienced a major security breach over several years, resulting

in the theft of company source code, customer and employee login

credentials, and the introduction of malware onto customer

websites.

Major Security Breach: Spanning several years.

Data Breach:

Employee login credentials & customer data.

10-k

form Filled with the U.S. Securities and Exchange Commission.

sec:

GoDaddy Announces Security Incident Affecting Managed WordPress

Service.

Malware:

Compromising customer websites managed by GoDaddy.

Phishing Attacks: Exposed customer data including login credentials,

email addresses, and SSL private keys.

Chick-Fil-A Customers are Victims of a Data Breach.

Fast-food chain Chick-fil-A has issued a warning to customers

regarding a recent data security breach. The incident occurred between

Dec. 18, 2022 and Feb. 12, 2023, during which unauthorized parties

gained access to customer information, according to a statement posted

on the California Attorney General’s website on Tuesday.

Data Breach:

membership numbers, mobile pay numbers, QR codes, last 4 digits of

credit/debit card numbers, credits on Chick-fil-A accounts, birthdays,

phone numbers, and addresses.

New phishing campaign uses fake ChatGPT platform to scam

eager investors.

Bitdefender Antispam Labs confirmed that these scams initiate with

an email containing a link that directs users to a copycat version of

ChatGPT. The goal of this copycat version is to convince users that they

can earn as much as $10,000 per month on the duplicate ChatGPT

platform.

Phishing: Email

based scam.

LassPass Security Incident Update and Recommended

Actions.

Major Security Breach: Spanning multiple years.

Data Breach:

Employee login credentials, source code & other intellectual

property, customer data.

Malware:

Attackers exploited third-party software to compromise company systems

by delivering a keylogger type malware.

InfoSec; the language of security.

TAGS: Information Security, Monitoring

Bitwarden flaw can let hackers steal passwords using

iframes.

Bitwarden highlights that the autofill feature is a potential risk

and even includes a prominent warning in its documentation,

specifically mentioning the likelihood of compromised sites abusing the

autofill feature to steal credentials.

Phishing: Sniff

credentials from a webpage HTML inline frame.

wikipedia:

An inline frame places another HTML document in a frame. Unlike an

&l