Password stealers are being deployed at scale: "After execution, the password-stealing malware harvests passwords and cookies from all the victim’s browsers and sends them to the attacker via Telegram/Discord APIs."
This can all be stopped with MyCena SEAM solutions: Companies encrypt all access so users never know their passwords, so they can't be stolen. It is an easy, fast and efficient way to stop breaches at your company.
Airbus has confirmed a data breach that exposed confidential business information via a partner airline’s compromised account.
Threat intelligence firm Hudson Rock said the threat actor ‘USDoD’ compromised a Turkish Airlines employee account using the Redline info-stealer malware in August 2023. The malware targets saved passwords and session cookies, allowing threat actors to bypass multifactor authentication.
Hudson Rock suggested that the Turkish airline employee infected their computer after downloading a “pirated version of the Microsoft .NET framework.”
The threat actor announced the airplane-themed data breach on the 22nd anniversary of the September 11 terrorist attacks and threatened “Lockheed Martin, Raytheon, and the entire defense” industry.
The hacker who was also responsible for an FBI data leak exposed the stolen data on the English language hacking forum BreachForums shortly after joining the ransomware group ‘Ransomed.’
Lapsus$ exposed the largest security gap of organisations: the access process where employees create their passwords to access your systems. Imagine if employees use their own keys to enter your office or factory.
To close this security gap, use to Encrypted Access Management:
- Company generates and distributes highly secure encrypted passwords for each system to employees, to be used like keys.
- Integration with web apps, local apps, RDP, SSH, WDE, terminals… already embed in the MyCena process.
- Employees don’t know passwords, so no password phishing, fraud, error, eliminating 95% of breaches.
"According to the report, the hacker group employed simple but effective techniques, such as phishing employees and stealing phone numbers to gain access.
The success of these techniques exposed “weak points in our cyber infrastructure” that could be exploited for future attacks, the report said."
Hollywood understands cybersecurity better than many people who work in the industry: your digital identity is not a secret, it is open for AI to use and abuse. If you work in cybersecurity and still believe you can use identity for access, see what's happening in Hollywood.
BlackCat claims to have exfiltrated the sensitive personal information of clinicians and Trust employees such as CVs, driver’s license numbers, IDs, social security numbers, financial reports, accounting and loan data, insurance agreements, and more. The data dump also includes client documentation, credit card data, and other commercial secrets.
The group demanded that the Trust pay a ransom by 3rd July to get its data back, failing which it would publish all of the stolen data online.