Twilio breach let hackers see Okta's one-time MFA passwords
The threat actor behind the Twilio hack used their access to steal one-time passwords (OTPs) delivered over SMS from customers of Okta identity and access management company. Okta provides its customers with multiple forms of authentication for services, including temporary codes delivered over SMS through Twilio. With access to the Twilio console, the threat actor could see mobile phone numbers and OTPs belonging to Okta customers. READ MORE...
DoorDash Discloses Data Breach Related to Attack That Hit Twilio, Others
Food delivery company DoorDash revealed on Thursday that customer and employee data has been exposed as a result of a recent breach at a third-party vendor. DoorDash said hackers abused a third-party vendor's access to its systems. The attacker abused DoorDash's internal tools and gained access to the information of 'a small percentage of individuals'. In the case of consumers, the compromised information includes names, email addresses, delivery addresses, and phone numbers. READ MORE...
PyPI warns of first-ever phishing campaign against its users
The Python Package Index, better known among developers as PyPI, has issued a warning about a phishing attack targeting developers who use the service. The community-run organization said this is the first known phishing attack against PyPI users. And the attack has unfortunately been somewhat successful, resulting in the compromise of some users' accounts. READ MORE...
Patch critical flaw in Atlassian Bitbucket Server and Data Center! (CVE-2022-36804)
A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable instances. Bitbucket Server and Data Center are used by software developers around the world for source code revision control, management and hosting. CVE-2022-36804 is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. READ MORE...
LockBit ransomware gang gets aggressive with triple-extortion tactic
LockBit ransomware gang announced that it is improving defenses against distributed denial-of-service (DDoS) attacks and working to take the operation to triple extortion level. The gang has recently suffered a DDoS attack, allegedly on behalf of digital security giant Entrust, that prevented access to data published on its corporate leaks site. Data from Entrust was stolen by LockBit ransomware in an attack on June 18, according to a BleepingComputer source. READ MORE...
Malicious Plugins Found on 25,000 WordPress Websites: Study
Researchers at Georgia Institute of Technology have identified malicious plugins on tens of thousands of WordPress websites. An analysis of nightly backups of more than 400,000 unique web servers has revealed the existence of more than 47,000 malicious plugins installed on nearly 25,000 unique WordPress websites. More than 94% of these plugins (over 44,000) continue to be in use today. READ MORE...
New 'Agenda' Ransomware Customized for Each Victim
Cybersecurity company Trend Micro is raising the alarm on a new ransomware family called Agenda, which has been used in attacks on organizations in Asia and Africa. Written in the Golang (Go) cross-platform programming language, the threat has the ability to reboot systems in safe mode and to stop server-specific processes and services. Agenda targets Windows-based systems and has been used in attacks against healthcare and education organizations in Indonesia, Saudi Arabia, South Africa, and Thailand. READ MORE...
COVID-19 data put for sale on the Dark Web
Resecurity, a California-based cybersecurity company protecting Fortune 500, has identified leaked PII stolen from Thailand's Department of Medical Sciences containing information about citizens with COVID-19 symptoms. The incident was uncovered and shared with Thai CERT. The data was put for sale on several Dark Web marketplaces and was available for further purchase via a Telegram channel created by the bad actors. READ MORE...
- ...in 1833, King William IV gives his assent to an act of Parliament abolishing slavery throughout the British Empire.
- ...in 1898, The Goodyear tire company is founded, in Akron, OH, earning the city its nickname: "Rubber City."
- ...in 1958, United States Air Force Academy opens in Colorado Springs, CO.
- ...in 1966, The Beatles perform their last paid concert at Candlestick Park in San Francisco.
