On Tuesday, Microsoft publicly acknowledged that the LAPSUS$ hacking group had achieved “limited access” to its systems, coinciding with a revelation from Okta, an identity authentication services provider, indicating that nearly 2.5% of its customer base may have been affected by the breach. Microsoft’s Threat Intelligence Center (MSTIC) confirmed that…
An emerging cybersecurity threat has surfaced, centered around the exploitation of a recently patched vulnerability in the open-source Roundcube webmail software. This vulnerability has been targeted as part of a phishing campaign aimed at stealing user credentials from various organizations. The cybersecurity firm Positive Technologies reported the discovery of a…
Uber Technologies Inc. has recently acknowledged a security breach affecting its internal computer systems, first reported late Thursday. The company stated that there is currently “no evidence” suggesting that sensitive user data, such as trip history, has been accessed during the incident. In a public statement, Uber clarified, “We have…
On Thursday, Cloudflare, a leader in web infrastructure and security, reported it has successfully mitigated the largest volumetric distributed denial of service (DDoS) attack ever recorded. This significant incident, initiated by a Mirai botnet, targeted a client within the financial sector last month. Cloudflare’s analysis revealed that at its peak,…
Twilio Faces Another Security Incident with Customer Data Compromised This week, communication services provider Twilio reported a security breach that occurred on June 29, 2022, attributed to the same group responsible for a significant breach in August 2022. The company revealed that unauthorized access to customer information was achieved through…
Coinbase, a prominent cryptocurrency exchange based in the United States, recently disclosed a cybersecurity incident that compromised the personal information of some of its employees. On February 5, 2023, the company reported that its robust cyber controls successfully thwarted the attacker from gaining direct access to its systems, effectively preventing…
OpenAI announced on Friday that a vulnerability in the Redis open source library led to the unintended exposure of personal information and chat titles belonging to users of its ChatGPT service earlier in the week. This incident, first identified on March 20, 2023, permitted certain users to access snippets of…
A sophisticated cyber operation, dubbed “PhantomCaptcha,” has targeted prominent humanitarian organizations and government entities engaged in war relief efforts in Ukraine, as detailed in recent research by SentinelLABS. The campaign has notably affected major organizations such as the International Red Cross, UNICEF, and the Norwegian Refugee Council, along with various…
Okta, a leading provider of identity services, revealed a recent security incident affecting its support case management system. Unidentified threat actors exploited compromised credentials to gain access, allowing them to view sensitive files uploaded by certain customers. David Bradbury, Okta’s Chief Security Officer, stated, “The threat actor was able to…
