CIRCLE WITH A DOT

Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

T

Incident Summary:Victim: Wynn ResortsThreat Actor: ShinyHuntersImpact: Employee data accessedClaim: 800k+ PII recordsAlleged vector: Oracle PeopleSoft environment
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized infosec threatintel identitysecurit sso mfa
1

1

0 Votes

1 Posts

2 Views

T

Incident Summary:Victim: Wynn ResortsThreat Actor: ShinyHuntersImpact: Employee data accessedClaim: 800k+ PII recordsAlleged vector: Oracle PeopleSoft environmentOperational notes:• Incident response + external experts engaged• Leak site entry removed• Credit monitoring deployedShinyHunters TTPs historically include:– Vishing against SSO– OAuth token abuse– Device code phishing targeting Entra / identity ecosystems– SaaS data exfiltrationIdentity is the pivot point.Source: https://www.bleepingcomputer.com/news/security/wynn-resorts-confirms-employee-data-breach-after-extortion-threat/Follow us for tactical threat briefings.Share detection or IAM hardening insights below.#Infosec #ThreatIntel #IdentitySecurity #SSO #MFA #ShinyHunters #CyberExtortion #DataProtection #IAM #SOC #BlueTeam #SecurityEngineering
J

Users: “Why do we need MFA?
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized securityawarene mfa phishing
1

0 Votes

1 Posts

1 Views

J

Users: “Why do we need MFA? It’s annoying.”Also users: “I clicked a link that said ‘Free Gift Card From TotallyRealCompany.biz’—is that bad?”#SecurityAwareness #MFA #Phishing
B

A slick new phishing-as-a-service offering demonstrates just how easily a username+password and a one-time token can be phished.
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized phishing mfa starkiller
8

1

0 Votes

8 Posts

2 Views

A

@briankrebs Running into a sever error on the site, FYI.
T

“Starkiller” phishing service proxies real login pages and relays MFA in real time
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized cybersecurity phishing mfa accounttakeover zerotrust
1

1

0 Votes

1 Posts

3 Views

T

“Starkiller” phishing service proxies real login pages and relays MFA in real time.Targets include brands like Microsoft and Google.Result:Passwords captured.MFA intercepted.Session cookies stolen.Reported by Abnormal AI.Phishing is evolving into enterprise-grade tooling.Are passkeys the only sustainable defense?Follow @technadu for independent cybersecurity reporting.Join the discussion below.#CyberSecurity #Phishing #MFA #AccountTakeover #ZeroTrust #Infosec #DigitalIdentity #ThreatIntel
T

🚨 Legitimate RMM Abuse in Crazy Ransomware Intrusions
Watching Ignoring Scheduled Pinned Locked Moved Uncategorized infosec threathunting ransomware mfa rmm
1

1

0 Votes

1 Posts

2 Views

T

Legitimate RMM Abuse in Crazy Ransomware IntrusionsHuntress investigations reveal:• Net Monitor for Employees deployed via msiexec• SimpleHelp persistence via PowerShell• Disguised binaries (OneDriveSvc.exe, vhost.exe)• Defender service tampering• Crypto wallet keyword monitoring• SSL VPN credential compromise as initial accessThe adversary leveraged redundancy across remote access tools to guarantee persistence even if one method was removed.Key takeaway: Detection must focus on anomalous deployment patterns of legitimate administrative tools - not just malware signatures.Are you correlating RMM installations with VPN authentication anomalies?Engage with your defensive insights below.Follow @technadu for advanced threat intelligence coverage.Source: https://www.bleepingcomputer.com/news/security/crazy-ransomware-gang-abuses-employee-monitoring-tool-in-attacks/#InfoSec #ThreatHunting #Ransomware #MFA #RMM #CyberDefense #SecurityOperations #BlueTeam #ThreatIntel