#sso-compromise

[ follow ]
#shinyhunters #voice-phishing #mfa-phishing #data-breach #pii-exposure #vishing #phishing-resistant-mfa
fromDataBreaches.Net
4 days ago

ShinyHunters claim to be behind SSO-account data theft attacks - DataBreaches.Net

The ShinyHunters extortion gang claims it is behind a wave of ongoing voice phishing attacks targeting single sign-on (SSO) accounts at Okta, Microsoft, and Google, enabling threat actors to breach corporate SaaS platforms and steal company data for extortion. In these attacks, threat actors impersonate IT support and call employees, tricking them into entering their credentials and multi-factor authentication (MFA) codes on phishing sites that impersonate company login portals.
Information security
Information security
fromTheregister
1 day ago

ShinyHunters claims Panera Bread in alleged data theft

ShinyHunters claims to have stolen tens of millions of records from Panera Bread, CarMax, Edmunds and other companies, including PII and account details.
fromComputerWeekly.com
1 day ago

Wave of ShinyHunters vishing attacks spreading fast | Computer Weekly

"Mandiant is tracking a new, ongoing ShinyHunters-branded campaign using evolved vishing techniques to successfully compromise SSO credentials from victim organisations, and enrol threat actor controlled devices into victim MFA solutions," he told Computer Weekly via email. "This is an active and ongoing campaign. After gaining initial access, these actors pivot into SaaS environments to exfiltrate sensitive data. An actor that identifies as ShinyHunters has approached some of the victim organisations with an extortion demand.
Information security
[ Load more ]