Threat Brief: Supply-Chain, Trusted Vendor Attack Surfaces Rising
An uptick in third-party and vendor compromises shows how attackers are targeting trust chains. Here’s what to fix right now before your partners become your breach vector.
News
Signals, advisories, and timely notes from the field. Fast reads with enough context to act. Red and blue takeaways without the fluff.
Threat Brief: Qantas Leak and Oracle Zero‑Day
This week’s brief focuses on two major events: a data leak impacting Qantas and dozens of other companies, and a zero‑day vulnerability exploited in Oracle’s E‑Business Suite
SIM Farm Discovered by Federal Agents
Investigators reference organized crime and possible foreign links, but no public arrests yet.
Cyber Outage Alert: CrowdStrike Hit by Major Disruption
The disruption, stemming from a junior engineer pushing out a bad update, has left many businesses offline, vulnerable and scrambling to secure their systems.
Laundering site Sinbad seized
Cryptocurrency mixers, like Sinbad, allow users to deposit crypto, which is then mixed among various wallet addresses to obscure its traceability.
Not my dearest Okta :(
Cybersecurity month may be over, but the breaches don't stop.
23andMe Data Breach Alert!
Hackers infiltrated, using recycled login credentials to pilfer 23andMe accounts
Sony Cybersecurity Breach... Again.
This vulnerability, a severe SQL injection flaw leading to remote code execution, was exploited by the notorious Clop ransomware gang.
Cisco Redefines Cybersecurity Landscape with $28 Billion Splunk Acquisition!
This all-cash agreement, representing a 31% premium over Splunk's stock price, marks Cisco's largest deal to date.
Dark Web Drug Marketplace Shut Down by Finnish Law Enforcement!
The marketplace operated as a hidden service within the encrypted TOR network, enabling anonymous criminal activities, with drugs smuggled into Finland from abroad.
North Korea's Lazarus Group Strikes Big with $240M Crypto Heist!
This marks a significant escalation in their hacking activities.
Ransomware in the Healthcare sector!
Rhysida, a ransomeware-as-a-service operation, has claimed one of their first victims in the healthcare industry - Singing River Heath System.
MGM Resorts Hack of 2023
MGM Resorts International revealed yesterday that it's grappling with a cybersecurity issue affecting several systems, including its primary website, online reservations, and in-casino services like ATMs, slot machines, and credit card machines.
Ethereum Founders Twitter Gets Hacked
Vitalik Buterin, the creator of Ethereum crypto, found himself in an unfortunate situation when his Twitter account fell victim to a hacking incident.
Teams used as a landing pad for malware (2023)
Recently, companies have been seeing the abuse of Teams as a landing pad for malware.
NK Hackers Target Russian Government
North Korea, hacking another well known threat actor, Russia.
Significant Developments: USA & UK Impose Sanctions on 11 Russian Nationals Linked to Ransomware
In an international bust, the US and the UK have imposed sanctions on 11 Russian individuals associated with the TrickBot and Conti ransomware operations.