The Breach News

Lucid PhaaS Achieves 169 Targets Across 88 Countries with iMessage and RCS Smishing Attacks

A recent investigation has unveiled a sophisticated phishing-as-a-service (PhaaS) platform named Lucid, which is reportedly targeting 169 entities across 88 countries. The modus operandi involves smishing—phishing via SMS—leveraging Apple iMessage and Rich Communication Services (RCS) on Android devices. This approach enables cybercriminals to exploit legitimate communication channels, effectively bypassing conventional…

Read MoreLucid PhaaS Achieves 169 Targets Across 88 Countries with iMessage and RCS Smishing Attacks

Zscaler and Palo Alto Networks Hacked Through Salesloft Drift – Dark Reading

Data Breach Targets Zscaler and Palo Alto Networks through Salesloft Drift Vulnerability In a recent cybersecurity incident, Zscaler and Palo Alto Networks have fallen victim to a breach facilitated through a vulnerability in the Salesloft Drift platform. This breach is a stark reminder of the ever-evolving landscape of cyber threats…

Read MoreZscaler and Palo Alto Networks Hacked Through Salesloft Drift – Dark Reading

New Study Finds: 95% of AppSec Remediations Fail to Mitigate Risk

For over ten years, application security teams have encountered a perplexing issue: with enhanced detection tools came increasingly irrelevant outcomes. As alerts from static analysis tools, scanners, and CVE databases surged, the expected promise of improved security slipped further away, morphing into a cycle of alert fatigue and strained resources.…

Read MoreNew Study Finds: 95% of AppSec Remediations Fail to Mitigate Risk

Lazarus Group Likely Employing New WinorDLL64 Backdoor for Data Exfiltration

Recent developments in cybersecurity have illuminated a sophisticated backdoor associated with a malware downloader known as Wslink, believed to be utilized by the notorious Lazarus Group, an actor aligned with North Korean interests. The findings, reported by ESET, highlight a payload referred to as WinorDLL64, which acts as a comprehensive…

Read MoreLazarus Group Likely Employing New WinorDLL64 Backdoor for Data Exfiltration

Palo Alto Networks, Zscaler, and PagerDuty Affected by Salesforce Linked Data Breaches

Hackers leveraged vulnerabilities in the Salesloft Drift application to acquire OAuth tokens, resulting in unauthorized access to Salesforce data and exposing sensitive customer information at several major technology companies. A significant cyber intrusion has involved a group known as UNC6395, which has reportedly compromised sensitive customer data across various organizations,…

Read MorePalo Alto Networks, Zscaler, and PagerDuty Affected by Salesforce Linked Data Breaches

The Impact of SSL Misconfigurations on Your Attack Surface

In the process of evaluating an organization’s external attack surface, issues tied to encryption, specifically SSL misconfigurations, attract significant scrutiny. The reasons for this focus are manifold: their prevalence, intricate configuration processes, and the ease with which they can be exploited by attackers make these vulnerabilities a pressing concern for…

Read MoreThe Impact of SSL Misconfigurations on Your Attack Surface

Absolute Dental Reports Data Breach Impacting Over 1.2 Million People – The HIPAA Journal

Data Breach at Absolute Dental Affects Over 1.2 Million Individuals In a significant data breach, Absolute Dental has confirmed that the personal information of more than 1.2 million individuals has been compromised. This incident underscores the persistent vulnerabilities present in the healthcare sector, where patient data is a prime target…

Read MoreAbsolute Dental Reports Data Breach Impacting Over 1.2 Million People – The HIPAA Journal

New Hacking Group ‘Clasiopa’ Targets Materials Research Organizations Across Asia

Recent investigations by Symantec, a branch of Broadcom Software, have unveiled a distinct cyber threat targeting materials research organizations across Asia. This emerging actor, designated as Clasiopa, employs a unique toolkit, the origins of which remain largely unspecified but suggest possible affiliations with India. Evidence hinting at this connection includes…

Read MoreNew Hacking Group ‘Clasiopa’ Targets Materials Research Organizations Across Asia