Infiltration of Patelco's systems on May 23 enabled the exfiltration of individuals' names, birthdates, Social Security numbers, driver's license numbers, and/or email addresses although the stolen information varied among impacted individuals, according to a breach notice from Patelco.
Threat actors leveraged the zero-day to infiltrate three of Rackspace's internal monitoring web servers with the ScienceLogic app and the third-party utility, facilitating access to customers' account names and numbers, usernames, Rackspace internally generated device IDs, device names and IP addresses, and AES256 encrypted Rackspace internal device agent credentials.
Check Point Research researchers discovered that installation of the fake WalletConnect app triggers a wallet connection request and the stealthy activation of the MS Drainer toolkit, which then conducts token and NFT scanning and exfiltration without being detected by targets.
Aside from IP addresses and social media details, more than 1,800 plaintext passwords belonging to staffers have also proliferated across the dark web, findings from a joint Proton and Constella Intelligence report showed.
Infiltration of a Michigan Medicine employee account through a malicious multi-factor authentication prompt has enabled attackers to access and exfiltrate emails containing patients' names and medical record numbers, as well as diagnostic or treatment details.
Included in the nearly 500 MB data trove leaked by grep were information on Dell's internal ticketing system, including Agile and VPN incident reports and other ticket summaries for VPN improvements and DevOps software access requests.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.
