The breach was facilitated by a password spray attack on a non-production test tenant account lacking two-factor authentication, highlighting the importance of robust account security measures.
Suspicions have been raised about a potential data leak from mobile service providers or a breach in the SMS provider used for OTP code delivery as the possible cause of the hacks.
Jan 20, 2024NewsroomNetwork Security / Threat Intelligence The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday issued an emergency directive urging Federal Civilian Executive Branch (FCEB) agencies to implement mitigations against two actively exploited zero-day flaws in Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) products. The development came after the vulnerabilities – […]
Jan 20, 2024NewsroomCyber Espionage / Emails Security Microsoft on Friday revealed that it was the target of a nation-state attack on its corporate systems that resulted in the theft of emails and attachments from senior executives and other individuals in the company’s cybersecurity and legal departments. The Windows maker attributed the attack to a Russian […]
The threat actor tracked as TA866 has resurfaced after a nine-month hiatus with a new large-volume phishing campaign to deliver known malware families such as WasabiSeed and Screenshotter. The campaign, observed earlier this month and blocked by Proofpoint on January 11, 2024, involved sending thousands of invoice-themed emails targeting North America bearing decoy PDF files. […]
A critical vCenter Server vulnerability (CVE-2023-34048) is actively being exploited, allowing attackers to execute remote code with high impact and without requiring authentication.
First new LP in seven years from the celebrated producer Bjork, Philip Glass and Kronos Quartet have all contributed to a new album from Planet Mu’s celebrated footwork artist JLIN. Planet Mu boss Mike Paradinas told Juno Daily: “It’s her most varied album yet” and paid tribute to the producer from Gary, Indiana for her […]
LoanDepot customers say they have been unable to make mortgage payments or access their online accounts following a suspected ransomware attack on the company last week. The mortgage and loan giant said on January 8 that it was working to “restore normal business operations as quickly as possible” following a security incident that involved the […]
This article provides a comprehensive look at crypters, software that disguises malware to evade antivirus detection. The discussion covers the basic operations of crypters, their increasing use in cybercrime, as well as the specifics of how PolyCrypt functions. Any tool or technique that promotes secrecy is music to the ears of dubious malicious attackers, who […]