December 17, 2023 at 04:48PM Database company MongoDB reported a hack of its corporate systems, disclosing that customer account metadata and contact information were part of the stolen data. The company detected suspicious activity on December 13th and confirmed later that hackers had access to its systems before discovery. MongoDB recommended customer vigilance against potential … Read more
December 17, 2023 at 12:24AM On Dec 13, 2023, MongoDB detected unauthorized access to its systems, leading to exposure of customer data. The company recommends customers to watch out for social engineering and phishing attacks, enforce MFA, and rotate their MongoDB Atlas passwords. Additionally, MongoDB is experiencing login issues, unrelated to the security event. Further … Read more
December 16, 2023 at 05:48PM MongoDB reported a breach in its corporate systems, exposing customer data to hackers. CISO Lena Smart notified customers of the breach, which involved unauthorized access to certain corporate systems and customer account metadata. While no data stored in MongoDB Atlas was exposed, the company suspects the breach went undetected for … Read more
December 16, 2023 at 05:41PM MongoDB experienced a cyberattack that breached its corporate systems and exposed customer data. The attack was detected by the company, and an investigation is ongoing. Although customer account metadata and contact information were compromised, data stored in MongoDB Atlas remains secure. The company urges customers to take security measures and … Read more
December 13, 2023 at 02:01PM Threat actors are exploiting weak authentication to abuse OAuth applications for cryptomining, phishing, and password spraying attacks, compromising user accounts for Microsoft services and exploiting OAuth applications with high privilege permissions. Mitigation includes implementing multifactor authentication and auditing apps and consented permissions. OAuth presents various risks and security researchers have … Read more
December 13, 2023 at 06:24AM Microsoft warns of adversaries using OAuth applications to automate virtual machine deployment for cryptocurrency mining and phishing attacks. Threat actors compromise user accounts to modify OAuth applications and maintain access to applications even if they lose access to accounts. Organizations are advised to enforce multi-factor authentication, conditional access policies, and … Read more
December 12, 2023 at 06:54PM Threat actors are leveraging OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining. Microsoft recommends using multi-factor authentication (MFA) and implementing security measures like conditional access policies and continuous access evaluation to defend against these malicious activities. Security teams should also prioritize enabling MFA … Read more
December 1, 2023 at 06:24AM The DOJ and FBI partially dismantled the Qakbot malware network, shutting down command servers but not arresting operators, leaving a diminished risk. They advise using multi-factor authentication, employee training, software updates, strong passwords, network filtering, a recovery plan, and adherence to the “3-2-1” backup rule. Users can check for past … Read more
November 27, 2023 at 03:02AM Digitalization has empowered consumers with more choices and information, but also increased concerns about identity theft and fraud. Consumers are worried about the misuse of AI and want their digital identity protected. Businesses can ease fears by implementing multifactor authentication and emphasizing adherence to privacy regulations. Passwordless authentication and proactive … Read more
November 17, 2023 at 02:54AM U.S. cybersecurity and intelligence agencies have issued a joint advisory about a cybercriminal group called Scattered Spider, known for using sophisticated phishing tactics. The group engages in data theft for extortion and has recently used BlackCat/ALPHV ransomware. Scattered Spider relies on social engineering techniques and has connections to the Gen … Read more