Security News

Email marketing firm MailChimp disclosed on Sunday that they had been hit by hackers who gained access to internal customer support and account management tools to steal audience data and conduct phishing attacks. In an email to BleepingComputer, MailChimp has confirmed that the breach was more significant than just Trezor's account being accessed by threat actors.

A compromised Trezor hardware wallet mailing list was used to send fake data breach notifications to steal cryptocurrency wallets and the assets stored within them. Trezor is a hardware cryptocurrency wallet that allows you to store your crypto assets offline, rather than using cloud-based wallets or wallets stored on your PC that are more vulnerable to theft.

Okta's outsourced provider of support services, Sitel has shared more information this week in response to the leaked documents that detailed the various incident response tasks carried out by Sitel after the Lapsus$ hack. The documents, leaked by a researcher online, perpetuated the myth that Sitel stored its domain admin passwords extracted from LastPass in an Excel spreadsheet-a claim now dispelled by Sitel.

The LAPSUS$ data extortion gang announced their return on Telegram after a week-long "Vacation," leaking what they claim is data from software services company Globant. "We are officially back from a vacation," the group wrote on their Telegram channel - which has nearly around 54,000 members as of writing - posting images of extracted data and credentials belonging to the company's DevOps infrastructure.

Online retail and photography manufacturing platform Shutterfly has disclosed a data breach that exposed employee information after threat actors stole data during a Conti ransomware attack. Today, Shutterfly disclosed that its network was breached on December 3rd, 2021, due to a ransomware attack.

A rogue employee working at HubSpot - used by more than 135,000 customers to manage marketing campaigns and on-board new users - has been fired over a breach that zeroed in on the company's cryptocurrency customers, the company confirmed on Friday. The breach has rippled through the crypto industry: As of Monday, crypto lending platform BlockFi, bitcoin-purchasing automation platform Swan Bitcoin, bitcoin company NYDIG, peer-to-peer payments technology company Circle and cryptocurrency fund Pantera Capital had been affected.

Microsoft on Tuesday confirmed that the LAPSUS$ extortion-focused hacking crew had gained "Limited access" to its systems, as authentication services provider Okta revealed that nearly 2.5% of its customers have been potentially impacted in the wake of the breach. Identity and access management company Okta, which also acknowledged the breach through the account of a customer support engineer working for a third-party provider, said that the attackers had access to the engineer's laptop during a five-day window between January 16 and 21, but that the service itself was not compromised.

An unknown Chinese-speaking threat actor has been targeting betting companies in Taiwan, Hong Kong, and the Philippines, leveraging a vulnerability in WPS Office to plant a backdoor on the targeted systems. The first infection vector used in this campaign is an email with a laced installer that pretends to be a critical WPS Office update, but in most attacks, the threat actors use a different method.

The Lapsus$ extortion crew has turned its attention to identity platform Okta and published screenshots purportedly showing the group gaining access to the company's internals. Oliver Pinson-Roxburgh, CEO of security outfit Bulletproof, warned: "As the gatekeeper to the networks and data of thousands of organizations, a breach at Okta would have significant consequences."

Cloud security: How your public cloud environment may be vulnerable to data breach. A report released Tuesday by cloud security provider Laminar examines how a lack of visibility, poor controls and shadow data can leave your cloud environment open to security threats.