Cyber Threat Report: Cyber Security News for 12/01/23

Staples Confirms Cyberattack Behind Service Outages, Delivery Issues
Reported Staples internal operation problems including an inability to access Zendesk, VPN employee portals, print email, use phone lines, and more. Read More

Okta Admits Hackers Accessed Data On All Customers During Recent Breach
Previously stated that only a fraction of customers were affected. Read More

Booking.com Customers Scammed in Novel Social Engineering Campaign
The scam is proving so fruitful that sales of Booking.com portal credentials are commanding sale prices of up to $2000. Read More

Cybersecurity Firm Executive Pleads Guilty To Hacking Hospitals
The former COO of a cybersecurity company has pleaded guilty to hacking two hospitals to boost his company's business. Read More

Daixin Team Group Claimed The Hack Of North Texas Municipal Water District
The North Texas Municipal Water District (NTMWD) is a regional water district that provides wholesale water, wastewater treatment, and solid waste services to member cities and customers in North Texas. Read More

Cyber Incident Reporting May Be “Material” For Federal Contractors
A failure to follow the reporting requirements could be grounds for False Claims Act liability Read More

Iranian Hacker Group Hacked The Municipal Water Authority Of Aliquippa In Pennsylvania
Iranian threat actors hacked the Municipal Water Authority of Aliquippa (MWAA) and took control of one of their booster stations. Read More

Japan's Space Agency Suffers Cyber Attack, Points Finger At Active Directory
JAXA got to know about the attack after an external organization conducted an internal audit. Read More

Fewer Cybersecurity Professionals Losing Their Jobs In Breach ‘Blame’ Game
Meanwhile, a majority of businesses chose to switch cybersecurity vendors in the aftermath of a breach Read More

HEADLINE PRIVACY & IT SECURITY COMPLIANCE NEWS

Staples, the American office supply retailer, took down some of its systems to contain the impact of a recent cyberattack and protect customer data. Multiple reports on Reddit highlighted internal operation issues, with employees unable to access various systems. Staples confirmed the cybersecurity risk, temporarily disrupting backend processing, product delivery, and communication channels. While stores remain open, online orders may experience delays as systems are being restored. There is no evidence of ransomware, but the full extent of the breach and potential data theft remains uncertain.

Okta, a U.S. identity management company, revised its disclosure, confirming that a recent breach compromised data from all customers, contrary to initial statements suggesting a smaller impact. The breach, executed by a hacker with stolen credentials, focused on the support case management system, leading to the theft of customer-uploaded session tokens. While 99.6% of customers had only names and email addresses exposed, there's a potential risk of phishing or social engineering attacks exploiting the compromised information.

Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.