Scope of Salesforce Attacks Expands as Icarus Leaks Data
More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
More victims have emerged after attackers breached application vendor Klue and used its OAuth tokens to steal customers' Salesforce data.
Anthropic's Mythos Leak Points to Pattern of Failures, Sloppy Practices at AI LabsAnthropic accidentally exposed its most powerful unreleased AI model to compromise, and days later shipped its flagship coding tool's full source code without meaning to. Meta, Microsoft and OpenAI have each had comparable moments. Questions linger about the integrity of third-party AI tools.
Also: China-Linked APT Hijack Updates, Condé Nast Data Leaked, La Poste HitThis week, a Clop-linked vendor breach hit Korean Air, a China-linked APT hijacked software updates, a critical zero-day flaw remained unpatched, Condé Nast faced a data leak, La Poste was disrupted and Korean police extradited a malware operation suspect.
Hackers aren’t kicking down the door anymore. They just use the same tools we use every day — code packages, cloud accounts, email, chat, phones, and “trusted” partners — and turn them against us
Spanish flag carrier Iberia has begun notifying customers of a data security incident stemming from a compromise at one of its suppliers. The disclosure comes days after a threat actor claimed on hacker forums to have access to 77 GB of data allegedly stolen from the airline. [...]
Outsourcing your helpdesk always seems like a good idea – until someone else's breach becomes your problem Discord has confirmed customers' data was stolen – but says the culprit wasn't its own servers, just a compromised support vendor.…
Also: Clorox Sues IT Vendor Over Password BlunderThis week, XSS forum admin arrested, Clorox sued Cognizant, Lumma Stealer is back, NY regulates water, U.S. maritime cybersecurity rules in effect, new Coyote banking Trojan, a hacker nabbed details of Mexico City auxiliary police, Latin America cyberattacks, and World Leaks stole synthetic data.
Also: Clorox Sues IT Vendor Over Password BlunderThis week, XSS forum admin arrested, Clorox sued Cognizant, Lumma Stealer is back, NY regulates water, U.S. maritime cybersecurity rules in effect, new Coyote banking Trojan, a hacker nabbed details of Mexico City auxiliary police, Latin America cyberattacks, and World Leaks stole synthetic data.
Shellter Project, the vendor of a commercial AV/EDR evasion loader for penetration testing, confirmed that hackers used its Shellter Elite product in attacks after a customer leaked a copy of the software. [...]
Researcher Found Unsecured Database Server Containing 1,864 GB of OrthoMinds' DataAn orthodontic practice software vendor is notifying an undisclosed number of patients that their data was exposed to the internet for 10 days last November. The security researcher who discovered the data leak said the incident appears to have lasted longer and affected more than 200,000 patients.
PLUS: Data broker leak reveals extent of info trading; Hot new ransomware gang might be all AI, no bark; and more Infosec in brief Gravy Analytics, a vendor of location intelligence info for marketers which reached a settlement with US authorities last year over its alleged unlawful sale of location, has reportedly been hacked – potentially exposing millions of smartphone users.…
The data leak was not actually due to a breach in Amazon's systems but rather that of a third-party vendor; the supply chain incident affected several other clients as well.
Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum. [...]
T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. [...]
High-profile individuals including MPs said to be caught up in leak Exclusive Taxi software biz iCabbi recently fixed an issue that exposed the personal information of nearly 300,000 individuals via an unprotected database.…
SaaS vendor to blame for exposing employee data that was ultimately leaked on Dark Web forum, according to the home improvement retailer.
Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum. [...]
Trove reveals RATs that can pop major OSes, campaigns against offshore and local targets A cache of stolen document posted to GitHub appears to reveal how a Chinese infosec vendor named I-Soon offers rent-a-hacker services for Beijing.…
Researcher Reported Configuration Issue to Cloud Vendor After Lab Failed to RespondAn unsecured database appearing to belong to a Netherlands-based medical laboratory exposed 1.3 million records on the internet, including COVID test results and other personal identifiable information, said a security researcher who discovered the trove and reported his findings to the company.
Fawry confirms addresses, phone numbers, and dates of birth, leaked online.