"If you don't say "yes way" to MFA, the consequences can be disastrous. Sensitive data belonging to about 50 global enterprises is listed for sale - and, in some cases, has already been sold - on the dark web following a major infostealer campaign, with apparent victims including American utility engineering firm Pickett and Associates; Japan's homebuilding giant Sekisui House; and Spain's largest airline Iberia."
"Stolen credentials combined with a lack of MFA are always a recipe for disaster, as we have seen in earlier big breaches such as Change Healthcare, British Library, and Snowflake customers' database hacks. "Because the organizations listed below did not enforce MFA, the attacker walks right in through the front door," the cybersecurity shop said in a Monday report. "No exploits, no cookies - just a password.""
"We're told Zestix gains access after employees inadvertently download infostealer-laden files to their devices. The stealer malware, such as RedLine, Lumma, or Vidar, then snarfs up saved credentials and browser history. The cybercriminal, who has been operating as an initial access broker and extortionist since at least 2021, specifically targets enterprise file synchronization and sharing (EFSS) platforms like Progress Software's ShareFile, Nextcloud, and OwnCloud."
Sensitive data from about 50 global enterprises is listed for sale on the dark web, with some datasets already sold. Apparent victims include Pickett and Associates, Sekisui House, and Iberia. The attacker uses the monikers Zestix or Sentap and leverages credentials stolen by infostealer malware such as RedLine, Lumma, and Vidar. Employees inadvertently download infected files, allowing the malware to collect saved credentials and browser history. The threat actor specifically targets enterprise file synchronization and sharing platforms including ShareFile, Nextcloud, and OwnCloud. Many victims did not enforce multi-factor authentication, permitting straightforward password-only access. The actor has operated as an initial access broker and extortionist since at least 2021.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]