A Chinese-speaking threat actor that has been skimming credit card numbers off ecommerce sites and point-of-sale service providers in the Asia/Pacific region for more than a year has begun aiming at similar targets in North and Latin America as well. In a series of attacks since at least May 2023, the adversary has exploited vulnerabilities in Web applications - including one vulnerability that China's Hafnium group has used in cyber espionage campaigns - to gain access to sites belonging to organizations across multiple industry sectors. READ MORE...
Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack. Retool's development platform is used to build business software by companies ranging from startups to Fortune 500 enterprises, including Amazon, Mercedes-Benz, DoorDash, NBC, Stripe, and Lyft. Snir Kodesh, Retool's head of engineering, revealed that all hijacked accounts belong to customers in the cryptocurrency industry. READ MORE...
The threat actors linked to a suspected cyberattack attack against MGM Resorts have claimed to have accessed the company's Okta environment prior to the attacks. The group called AlphV said that MGM Resorts shut down their Okta servers after realizing the hackers had been lurking in their Okta Agent servers in order to find vulnerable passwords, in claims posted by Brett Callow, a threat analyst at Emsisoft. The threat actors also claimed to have super administrator privileges to the company's Azure tenant. READ MORE...
The recent attack on MGM Resorts generated lots of speculation with regard to what the cause was. Some folks claimed the culprit was ransomware. Well, confirmation is now forthcoming as an affiliate of the BlackCat/ALPHV ransomware group is said to be the one responsible for the attack and subsequent outage. The statement is quite long, takes a few digs at MGM Resorts, and seeks to correct what the group feels to be inaccurate statements made by security vendors and others with regard to the attack. READ MORE...
The Securities and Exchange Commission introduced new requirements for disclosing material cybersecurity incidents on Sept. 5, placing pressure on organizations to adopt robust reporting mechanisms. The C-suite impact is clear: company leadership must be able to quickly determine whether an incident is material to business operations. A four-business-day clock at that point starts ticking, a window in which publicly-traded companies will be required to disclose the event to SEC. READ MORE...