Tag Multi-Factor Authentication

Amazon Disrupts Russian APT29 Watering Hole Attack Targeting Microsoft Authentication

Amazon has effectively thwarted a watering hole campaign orchestrated by the Russian APT29, known as Midnight Blizzard, which exploited compromised websites to undermine Microsoft authentication through malicious redirects. The incident came to light when Amazon’s security team discerned new activities from APT29, a threat group correlated with Russia’s Foreign Intelligence…

Read MoreAmazon Disrupts Russian APT29 Watering Hole Attack Targeting Microsoft Authentication

Navigating the Personal Data Protection Act: Steps to Take in the Event of a Data Breach

KUALA LUMPUR, August 28 — In an era rife with phishing attempts, relentless spam, and the looming threat of scams, safeguarding personal data has become more vital than ever. This necessity underscores the purpose of the Personal Data Protection Act 2010 (PDPA), designed to shield individuals from the misuse of…

Read MoreNavigating the Personal Data Protection Act: Steps to Take in the Event of a Data Breach

Google Exposes OAuth Token Theft Linked to UNC6395 in Salesforce Breach

A recent advisory from Google and Mandiant has uncovered a significant data breach involving Salesforce, where the threat actor UNC6395 deployed stolen OAuth tokens to bypass Multi-Factor Authentication (MFA). Organizations are urged to take steps to protect non-human identities to prevent similar breaches. According to the advisory from the Google…

Read MoreGoogle Exposes OAuth Token Theft Linked to UNC6395 in Salesforce Breach

FBI Alerts on Scattered Spider’s Growing Attacks Targeting Airlines Through Social Engineering

June 28, 2025
Cybercrime / Vulnerability

The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…

FBI Issues Alert on Scattered Spider’s Growing Attacks Against Airlines Through Social Engineering On June 28, 2025, the Federal Bureau of Investigation (FBI) issued a warning regarding the cybercrime group known as Scattered Spider, which has notably expanded its attack vector to include the aviation sector. In light of this…

Read More

FBI Alerts on Scattered Spider’s Growing Attacks Targeting Airlines Through Social Engineering

June 28, 2025
Cybercrime / Vulnerability

The U.S. Federal Bureau of Investigation (FBI) has reported that the notorious cybercrime group Scattered Spider is expanding its focus to the airline industry. The agency is actively collaborating with aviation and industry partners to address these threats and assist affected organizations. “These perpetrators exploit social engineering tactics, often impersonating employees or contractors to trick IT help desks into granting unauthorized access,” the FBI stated on X. “Their methods frequently include bypassing multi-factor authentication (MFA), such as persuading help desk services to add unauthorized MFA devices to compromised accounts.” Scattered Spider is also known to target third-party IT providers, increasing the risk of attacks on trusted vendors and contractors. These incidents often lead to data theft, extortion, and ransomware. In a statement released…

Google Verifies Salesforce Data Breach Caused by ShinyHunters Through Vishing Scam

In a significant security incident, Google has acknowledged that one of its internal databases was compromised by the notorious cybercriminal group known as ShinyHunters (also identified as UNC6040). The Google Threat Intelligence Group (GTIC) reported that the unauthorized access to its Salesforce database occurred in June and involved the exposure…

Read MoreGoogle Verifies Salesforce Data Breach Caused by ShinyHunters Through Vishing Scam

Are Retailers Taking Adequate Measures to Prevent Cyberattacks?

Recent months have seen a significant surge in cyberattacks targeting well-known retailers, including Marks & Spencer, Harrods, and Victoria’s Secret. This alarming trend has prompted industry experts to advocate for heightened investments in cybersecurity and digital resilience among retail brands. The vast online presence of these companies, coupled with the…

Read MoreAre Retailers Taking Adequate Measures to Prevent Cyberattacks?

Law Firm Files Complaint Against Qantas Following Customer Data Breach

Recent developments in cybersecurity have once again put the spotlight on data privacy laws in Australia, particularly following a significant cyber attack targeting Qantas Airways. Legal representatives from Maurice Blackburn have filed a formal complaint with the Office of the Australian Information Commissioner (OAIC), advocating for millions of customers affected…

Read MoreLaw Firm Files Complaint Against Qantas Following Customer Data Breach