Happy Friday! Here’s what you might have missed in cybersecurity this week:
Cybersecurity researchers are warning of a new common threat involving hackers using fake Microsoft OAuth applications to steal credentials.
First detected early this year, these fake applications are used to impersonate well-known companies such as RingCentral, SharePoint, and more through MFA phishing via email campaigns.
Last month, Microsoft announced its plans to improve security by the end of this month to block legacy authentication protocols. Microsoft’s updates will hopefully make it harder for threat actors to use this technique.
(–Source: The Hacker News
Read More: Attackers Use Fake OAuth Apps with Tycoon Kit to Breach Microsoft 365 Accounts )
Ransomware group, INC Ransom, recently claimed to have stolen 1.2 terabytes of sensitive information from Dollar Tree in a post on its leak website, but Dollar Tree claims the information belongs to a different discount store, 99 Cents Only.
There is a connection between the two discount chains. 99 Cents Only filed for bankruptcy and closed all of its stores last year, after which Dollar Tree acquired some of the rights to former leases, IP, and in-store equipment from the brand, opening more Dollar Tree locations with many of the leases.
Though Dollar Tree now owns some of 99 Cents Only’s real estate lease rights, the breach does not affect Dollar Tree employees, only former employees of 99 Cents Only.
(–Source: TechRadar Pro
Read More: Dollar Tree denies data breach – says hackers targeted its rival instead )
After a voice phishing (vishing) attack on a company representative at Cisco last month gave an attacker access to a third-party cloud-based CRM used by the company, the profile information of users registered on Cisco’s website was compromised.
The stolen information includes basic account details such as names, organization names, addresses, user IDs, contact information, and metadata, but Cisco assures that no confidential information or passwords were affected.
(–Source: Bleeping Computer
Read More: Cisco discloses data breach impacting Cisco.com user accounts )
Pandora recently disclosed that customer information was compromised in a cyberattack on a third-party platform used by the company.
The jewelry company stated that names and email addresses were included in the compromised information, but highly sensitive information such as passwords and credit card information was not stolen, and there are currently no signs of the stolen data being abused.
It’s currently unknown how many people were affected by this attack.
(–Source: TechRadar on Yahoo! News
Read More: Pandora confirms data breach – customer data stolen, here’s what we know )
An unauthorized third party gained access to a US-based database hosted by a third party service provider used by French luxury brand, Chanel, compromising some of the brand’s client data related to individuals who contacted their client care center..
Operations are unaffected by the incident and incident response protocols were enacted as soon as the breach was detected. It’s unclear how many people are affected, but no information beyond names, mailing addresses, and contact information appears to have been compromised. Affected individuals have been notified by Chanel.
(–Source: WWD on MSN
Read More: Chanel Reports Data Breach Impacting U.S. Client Care Database Amid Rising Retail Cyberattacks )
Microsoft has created a prototype, called Project Ire, of an advanced AI system said to reverse-engineer and identify malicious software without human assistance.
Microsoft hopes this program, which was correct 98% of the time in early tests, will help stop threats faster and even protect billions of devices more effectively as cyberthreats continue to evolve.
(–Source: Geekwire on MSN
Read More: Microsoft’s new AI reverse-engineers malware autonomously, marking a shift in cybersecurity )
