Lapsus returned from their “vacation” with a new leak. This time they published 70GB of data from software service company Globant. More
Ronin Network which runs Axie Infinity suffered a hack. A hacker stole over $600m in cryptocurrency. More
A security researcher released parts of the Mandiant report investigating the Okta breach. Apparently the attacker found an Excel document with Domain admin passwords (a sticky note on the monitor would have been better). Before exfiltrating that document, attackers performed Bing searches from the compromised machine and downloaded offensive security tools from GitHub, including a pre-built exploit to escalate privileges (CVE-2021-34484) and the well known credential dumping tool, mimikatz. More
Purple Fox threat actor delivers upgraded malware via trojanized software packages. More
Chinese hackers try to obtain PII & credit card data using phishing and copies of popular online brands. More
Okta acknowledged they made a mistake handling the Lapsus$ incident and released a detailed timeline. More
Kaspersky was added to the Security Risk List by the FCC. Companies on the list are banned from purchasing components from US companies without government approval. More
Don’t have time to check this page? You can get the news summary every week in your email inbox by subscribing to my newsletter.
OSCE3, OSEP, OSED, OSWE, OSCP certified. Over 10 years of experience in the IT industry, now working in Product Security and leading a Red Team. Huge Offensive Security and CTF nerd. I enjoy music, teaching and hiking.