The eBay malvertising attack involved fraudulent Google ads that misled users searching for customer support contact details. These ads redirected victims to fake eBay support websites, where scammers attempted to steal money through fake tech support services. The attack was mitigated by Malwarebytes identifying the malicious ads and notifying the public to avoid calling suspicious numbers. Users are advised to verify eBay support information directly from eBay’s official website to prevent falling victim to such scams.
In the News – 10 Convicted in Columbia-based multistate identity theft and fraud ring
Brief Summary: On November 6, 2024, ten individuals aged 27 to 63 were convicted in a Columbia, South Carolina federal court of participating in a multi-state identity theft and fraud ring between July 2020 and August 2023 that targeted victims in eight United States (U.S.) states.
Key points:
-The states of victims were North and South Carolina, Florida, Texas, Georgia, Virginia, Missouri, and New York.
-Personal identifiable information (PII), including the names, home addresses, social security numbers, dates of birth, and credit scores stolen from over 150 victims, were obtained from the dark web.
-The stolen PII was used to manufacture fraudulent credentials, bills, pay stubs and bank statements in order to implement the following fraudulent schemes:
-vehicle title loan scheme – conspirators obtained title loans from financial institutions in the name
of their victims.
-personal title loan scheme – conspirators obtained personal loans from financial institutions in the
name of their victims, most notably via the PPP program designed to provide fully forgivable loans
through the U.S. Small Business Administration to provide emergency relief to businesses affected
by the COVID-19 pandemic.
-residential rental scheme – conspirators fraudulently leased and rented residences in the name of
their identity theft victims but for their personal use.
The convictions were the results of federal and state intelligence and police interagency investigation.
A vulnerability in the LiteSpeed Cache plugin for WordPress, which has over 6 million active installations, has been discovered allowing unauthenticated visitors to gain administrator-level access by exploiting a security flaw in the plugin’s role simulation feature. This flaw permitted unauthorized access that could lead to the installation of malicious plugins.
The identified vulnerability exploits weak security hash checks that could be reproduced under certain configurations set by an administrator, including high run duration settings and load limits in the plugin’s Crawler feature.
The vulnerability, listed as CVE-2024-50550, has raised concerns due to the ease with which hashes can be brute-forced, thereby bypassing key security checks.
Key conditions for reproducing this vulnerability include:
• Enabling the Crawler feature and setting a run duration between 2500-4000 seconds
• Setting the server load limit to 0
• Activating role simulation for users with administrator privileges
In response to the vulnerability, the LiteSpeed development team have removed the role simulation feature and strengthened hash generation to prevent unauthorized access attempts.
They also confirmed to Patchstack they plan to further improve security by incorporating more robust random value generators in future updates, aiming to provide better protection against brute-force attacks.
Patchstack advised LiteSpeed Cache users to update to version 6.5.2 or higher to mitigate this issue.
This vulnerability highlights the critical importance of ensuring the strength and unpredictability of values that are used as security hashes or nonces,” the firm said. “Any feature regarding role simulation or other user simulation should also be protected with proper access control.
Additionally, administrators should review plugin settings to ensure that configurations like the Crawler run duration and load limits are optimized for security.
ToxicPanda Malware Targets Banking Apps on Android Devices.
“ToxicPanda” the new Android malware was initially labeled under the TgToxic family based on familiar bot commands. However, Cleafy’s Threat Intelligence team later reclassified it as a separate threat because the code was found to be substantially different. Despite the absence of features such as Automatic Transfer System that enables data to be added onto and taken away from directly, which is associated with TgToxic, ToxicPanda is dangerous because it can lead to account takeover by using on-device fraud (ODF). This malware targets Android retail banking and has disseminated across Italy, Portugal, Spain and Latin-American zones. The spread of malware relies on social engineering methods, enabling the implementation of infected devices by cybercriminals who can intercept passwords at will and bypass two-factor recognition.
Newpark Resources, a Texas oilfield supplier, disclosed a ransomware attack on October 29, 2024, which disrupted access to some of its information systems and business applications. Upon detecting the incident, Newpark immediately enacted its cybersecurity response plan and initiated an investigation with external experts. Despite these disruptions, manufacturing and field operations have continued, utilizing established downtime procedures. Although the company hasn’t assessed the full financial impact, it currently anticipates minimal effects on its financial health or operations. No details about the ransomware type or responsible group have been shared, and no group has claimed responsibility yet.
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
AndroxGh0st has evolved to integrate the Mozi botnet, enabling the malware to target IoT devices and cloud services with an expanded attack capability. Originally designed to exploit vulnerabilities in Laravel and Apache, AndroxGh0st now uses a slew of new exploits that have been added to the malware, most notably flaws in Cisco ASA, Sophos Firewall, Oracle E-Business Suite, and TP-Link devices, to compromise systems, escalate privileges, and maintain persistence. The inclusion of Mozi helps AndroxGh0st perform massive DDoS attacks, thus posing a significant threat to critical infrastructure.
This development is important because it highlights malware’s ability to change and expand its attack surface, making defense mechanisms more challenging through the exploitation of multiple vulnerabilities found in various systems.
North Korean state-sponsored hacker group BlueNoroff, part of the Lazarus Group, is targeting cryptocurrency and DeFi businesses through a new malware campaign called “Hidden Risk.” This attack uses phishing emails with fake crypto-related news links, which lead to a malicious Mac application disguised as a PDF reader. Once executed, the malware downloads a backdoor named “growth,” allowing remote access, data collection, and persistent system control through modifications to the Zsh configuration. To protect yourself, be cautious with email attachments, avoid downloading unknown files, and stay vigilant for macOS-specific malware threats. https://hackread.com/north-korean-hackers-crypto-fake-news-hidden-risk-malware/
The incident came to light on August 22, when Halliburton, one of the world’s largest oilfield service providers, confirmed unauthorized access to some of its systems.
The company immediately launched an investigation and shut down some systems to contain the incident.
By the end of August, reports emerged that — based on indicators of compromise — the ransomware group known as RansomHub was likely behind the Halliburton attack.
Halliburton has yet to confirm that the incident was a ransomware attack, but its brief description suggests that it was. The company has confirmed that hackers accessed and exfiltrated information from its corporate systems.
From Amazon to McDonald’s: what do we know about the latest major data leak?
MOVEit Transfer is a managed file transfer software, which was impacted by a zero-day bug caused by a ransomware gang CI0p. The zero-day bug affected MOVEit Transfer’s servers, allowing attackers to access and download the data company customers stored there. The Moveit Transfer hack has caused major data breaches in companies, with millions of user records published on a data leak forum. Amazon has nearly 3 million records leaked including phone numbers, email addresses, and office locations of its employees, however Amazon and AWS systems were not impacted by this incident. Attackers can use this data to conduct social engineering, phishing, and credential-stuffing attacks, which lead to higher chances of data breaches occurring within the organization. According to Hudson Rocks, tens of companies were exposed, with millions of records, some of the companies included Amazon, MetLife, Cardinal Health, HSBC, and HP.
Grocery giant Ahold Delhaize’s US operations disrupted by cyberattack
Ahold Delhaize’s includes Food Lion, Giant, and Hannaford. The companies have all had to put their e-commerce website on hold. The sites now show they are having system difficulties. There isn’t much about the affect on sales, and specifics of the attack yet. However the companies are mitigating the attack by offering e-commerce through FreshDirect and posting apologies online to lessen the PR impact. It is really interesting to see how diversifying just their delivery has helped the company in this attack, because otherwise all online orders would have to be stopped.
iPhones now auto-restart to block access to encrypted data after long idle times
Apple has added a new security feature with the iOS 18.1 update released last month to ensure that iPhones automatically reboot after long idle periods to re-encrypt data and make it harder to extract. This switches the idle devices from an After First Unlock (AFU) state to a Before First Unlock (BFU) state, where the devices are more challenging to break using forensic phone unlocking tools. Furthermore, DFU makes extracting stored data harder, if not impossible, since even the operating system itself can no longer access it using encryption keys stored in memory.
Threat actors with ties to the Democratic People’s Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices.
Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built applications are part of a broader activity that includes malware written in Golang and Python.
CISA Warns of Critical Palo Alto Networks Bug Exploited in Attacks (2 minute read)
The CISA warned that attackers are actively exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a tool for migrating firewall configurations from other vendors to PanOS. The vulnerability allows attackers with network access to takeover Expedition admin accounts and potentially access configuration secrets, credentials, and other data. All Expedition usernames, passwords, API keys, and any firewalls processed by Expedition should be rotated after upgrading. Various proof-of-concept attack chains that exploit the vulnerability to obtain admin access to Palo Alto Networks firewalls are available in the article.
“TikTok ordered to close Canada offices following “national security review”
The government of Canada has ordered TikTok to close down all of its Canadian offices. This decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may be injurious to Canada’s national security. After a rigorous national security review involving multiple steps, the Canadian government has stated the specific national security risks are related to ByteDance Ltd.’s operations in Canada. ByteDance is the parent company of Tiktok and is a Chinese internet company headquartered in Beijing. The specific concerns are over the possibility that ByteDance would be compelled to share sensitive data on Canadian citizens to the Chinese government. This does not mean Canadians will no longer have access to the popular social media platform. It just means the Chinese owned company will have to close its Canadian operations located in Toronto and Vancouver. Many Canadians are protesting the closures and TikTok responded that: “Shutting down TikTok’s Canadian offices and destroying hundreds of well-paying local jobs is not in anyone’s best interest, and today’s shutdown order will do just that. We will challenge this order in court.” https://www.malwarebytes.com/blog/news/2024/11/tiktok-ordered-to-close-canada-offices-following-national-security-review
Set Forth, an American debt relief service, was involved in one of the extended data breaches; it exposed sensitive information belonging to approximately 1.5 million individuals. The data breach included sensitive information such as personal details including names, addresses, phone numbers, and Social Security numbers, which could pose a great risk to the affected individuals, including identity theft and financial fraud.
This breach was discovered when certain compromised data was found resting on a publicly accessible server, meaning there were too few security measures taken to protect sensitive data. In this regard, an investigation has been set forth by Set Forth with the cooperation of cybersecurity experts to trace the extent of the breach and take measures to prevent further incidents.
Affected individuals have been advised to closely monitor their financial accounts for suspicious activities and place fraud alerts or credit freezes on their credit reports to minimize further exposures. The incident has again brought into focus the imperative need for appropriate data security practices by organizations which deal in sensitive personal data of individuals. https://cybernews.com/security/american-debt-relief-service-set-forth-breached/
In 2017 Deloitte was hit with a cyberattack which granted the attacker with unfettered access to Deloitte’s global email server. The attack targeted an administrator account, cracking the password and using their identity to access the system as a whole. The account did not require two-factor authentication, showing a lack of identity management as well as poor access management. The attack was believed to have been successful in November of 2016, but was not detected until March of 2017, giving the attacker plenty of time to steal sensitive information. The attacker had unrestricted access to emails, usernames, passwords, and the future business plans of 244,000 Deloitte employees.
At the time the article was published, Deloitte had confirmed that 6 businesses they consult for had information that was compromised, however the number could be much higher. I chose this article because I had never heard of this breach, because it is related to identity and access management, and because it shows that even the best cybersecurity teams can still have large scale breaches.
Sara Sawant says
Large eBay malvertising campaign leads to scams
The eBay malvertising attack involved fraudulent Google ads that misled users searching for customer support contact details. These ads redirected victims to fake eBay support websites, where scammers attempted to steal money through fake tech support services. The attack was mitigated by Malwarebytes identifying the malicious ads and notifying the public to avoid calling suspicious numbers. Users are advised to verify eBay support information directly from eBay’s official website to prevent falling victim to such scams.
https://www.malwarebytes.com/blog/scams/2024/11/large-ebay-malvertising-campaign-leads-to-scams?web_view=true
Jocque Sims says
In the News – 10 Convicted in Columbia-based multistate identity theft and fraud ring
Brief Summary: On November 6, 2024, ten individuals aged 27 to 63 were convicted in a Columbia, South Carolina federal court of participating in a multi-state identity theft and fraud ring between July 2020 and August 2023 that targeted victims in eight United States (U.S.) states.
Key points:
-The states of victims were North and South Carolina, Florida, Texas, Georgia, Virginia, Missouri, and New York.
-Personal identifiable information (PII), including the names, home addresses, social security numbers, dates of birth, and credit scores stolen from over 150 victims, were obtained from the dark web.
-The stolen PII was used to manufacture fraudulent credentials, bills, pay stubs and bank statements in order to implement the following fraudulent schemes:
-vehicle purchase scheme – conspirators obtained multiple luxury vehicles.
-vehicle title loan scheme – conspirators obtained title loans from financial institutions in the name
of their victims.
-personal title loan scheme – conspirators obtained personal loans from financial institutions in the
name of their victims, most notably via the PPP program designed to provide fully forgivable loans
through the U.S. Small Business Administration to provide emergency relief to businesses affected
by the COVID-19 pandemic.
-residential rental scheme – conspirators fraudulently leased and rented residences in the name of
their identity theft victims but for their personal use.
The convictions were the results of federal and state intelligence and police interagency investigation.
Works Cited
WLTX. (2024, November 6). 10 convicted in Columbia-based multi-state identity theft and
fraud ring. Retrieved from WLTX News 19 – Crime: https://www.wltx.com/article/news/crime/10-convicted-in-columbia-based-multi-state-identity-theft-and-fraud-ring-federal-court-south-carolina/101-327ab39d-ff6c-4a73-9a2d-72411a5eb768
tut34684 says
LiteSpeed Cache Plugin Vulnerability Poses Admin Access Risk | Alessandro Mascellino | 30 Oct 2024
A vulnerability in the LiteSpeed Cache plugin for WordPress, which has over 6 million active installations, has been discovered allowing unauthenticated visitors to gain administrator-level access by exploiting a security flaw in the plugin’s role simulation feature. This flaw permitted unauthorized access that could lead to the installation of malicious plugins.
The identified vulnerability exploits weak security hash checks that could be reproduced under certain configurations set by an administrator, including high run duration settings and load limits in the plugin’s Crawler feature.
The vulnerability, listed as CVE-2024-50550, has raised concerns due to the ease with which hashes can be brute-forced, thereby bypassing key security checks.
Key conditions for reproducing this vulnerability include:
• Enabling the Crawler feature and setting a run duration between 2500-4000 seconds
• Setting the server load limit to 0
• Activating role simulation for users with administrator privileges
In response to the vulnerability, the LiteSpeed development team have removed the role simulation feature and strengthened hash generation to prevent unauthorized access attempts.
They also confirmed to Patchstack they plan to further improve security by incorporating more robust random value generators in future updates, aiming to provide better protection against brute-force attacks.
Patchstack advised LiteSpeed Cache users to update to version 6.5.2 or higher to mitigate this issue.
This vulnerability highlights the critical importance of ensuring the strength and unpredictability of values that are used as security hashes or nonces,” the firm said. “Any feature regarding role simulation or other user simulation should also be protected with proper access control.
Additionally, administrators should review plugin settings to ensure that configurations like the Crawler run duration and load limits are optimized for security.
https://www.infosecurity-magazine.com/news/litespeed-cache-plugin-flaw-admin/
Daniel Akoto-Bamfo says
ToxicPanda Malware Targets Banking Apps on Android Devices.
“ToxicPanda” the new Android malware was initially labeled under the TgToxic family based on familiar bot commands. However, Cleafy’s Threat Intelligence team later reclassified it as a separate threat because the code was found to be substantially different. Despite the absence of features such as Automatic Transfer System that enables data to be added onto and taken away from directly, which is associated with TgToxic, ToxicPanda is dangerous because it can lead to account takeover by using on-device fraud (ODF). This malware targets Android retail banking and has disseminated across Italy, Portugal, Spain and Latin-American zones. The spread of malware relies on social engineering methods, enabling the implementation of infected devices by cybercriminals who can intercept passwords at will and bypass two-factor recognition.
https://www.infosecurity-magazine.com/news/toxicpanda-malware-banking-android/
Yash Mane says
Newpark Resources, a Texas oilfield supplier, disclosed a ransomware attack on October 29, 2024, which disrupted access to some of its information systems and business applications. Upon detecting the incident, Newpark immediately enacted its cybersecurity response plan and initiated an investigation with external experts. Despite these disruptions, manufacturing and field operations have continued, utilizing established downtime procedures. Although the company hasn’t assessed the full financial impact, it currently anticipates minimal effects on its financial health or operations. No details about the ransomware type or responsible group have been shared, and no group has claimed responsibility yet.
https://securityaffairs.com/170696/cyber-crime/newpark-resources-ransomware-attack.html
Steven Lin says
AndroxGh0st Malware Integrates Mozi Botnet to Target IoT and Cloud Services
AndroxGh0st has evolved to integrate the Mozi botnet, enabling the malware to target IoT devices and cloud services with an expanded attack capability. Originally designed to exploit vulnerabilities in Laravel and Apache, AndroxGh0st now uses a slew of new exploits that have been added to the malware, most notably flaws in Cisco ASA, Sophos Firewall, Oracle E-Business Suite, and TP-Link devices, to compromise systems, escalate privileges, and maintain persistence. The inclusion of Mozi helps AndroxGh0st perform massive DDoS attacks, thus posing a significant threat to critical infrastructure.
This development is important because it highlights malware’s ability to change and expand its attack surface, making defense mechanisms more challenging through the exploitation of multiple vulnerabilities found in various systems.
https://thehackernews.com/2024/11/androxgh0st-malware-integrates-mozi.html
Lili Zhang says
North Korean state-sponsored hacker group BlueNoroff, part of the Lazarus Group, is targeting cryptocurrency and DeFi businesses through a new malware campaign called “Hidden Risk.” This attack uses phishing emails with fake crypto-related news links, which lead to a malicious Mac application disguised as a PDF reader. Once executed, the malware downloads a backdoor named “growth,” allowing remote access, data collection, and persistent system control through modifications to the Zsh configuration. To protect yourself, be cautious with email attachments, avoid downloading unknown files, and stay vigilant for macOS-specific malware threats.
https://hackread.com/north-korean-hackers-crypto-fake-news-hidden-risk-malware/
Rohith says
The incident came to light on August 22, when Halliburton, one of the world’s largest oilfield service providers, confirmed unauthorized access to some of its systems.
The company immediately launched an investigation and shut down some systems to contain the incident.
By the end of August, reports emerged that — based on indicators of compromise — the ransomware group known as RansomHub was likely behind the Halliburton attack.
Halliburton has yet to confirm that the incident was a ransomware attack, but its brief description suggests that it was. The company has confirmed that hackers accessed and exfiltrated information from its corporate systems.
https://www.securityweek.com/cyberattack-cost-oil-giant-halliburton-35-million/
Lily Li says
From Amazon to McDonald’s: what do we know about the latest major data leak?
MOVEit Transfer is a managed file transfer software, which was impacted by a zero-day bug caused by a ransomware gang CI0p. The zero-day bug affected MOVEit Transfer’s servers, allowing attackers to access and download the data company customers stored there. The Moveit Transfer hack has caused major data breaches in companies, with millions of user records published on a data leak forum. Amazon has nearly 3 million records leaked including phone numbers, email addresses, and office locations of its employees, however Amazon and AWS systems were not impacted by this incident. Attackers can use this data to conduct social engineering, phishing, and credential-stuffing attacks, which lead to higher chances of data breaches occurring within the organization. According to Hudson Rocks, tens of companies were exposed, with millions of records, some of the companies included Amazon, MetLife, Cardinal Health, HSBC, and HP.
https://cybernews.com/security/amazon-data-leak-explained/
Sarah Maher says
Grocery giant Ahold Delhaize’s US operations disrupted by cyberattack
Ahold Delhaize’s includes Food Lion, Giant, and Hannaford. The companies have all had to put their e-commerce website on hold. The sites now show they are having system difficulties. There isn’t much about the affect on sales, and specifics of the attack yet. However the companies are mitigating the attack by offering e-commerce through FreshDirect and posting apologies online to lessen the PR impact. It is really interesting to see how diversifying just their delivery has helped the company in this attack, because otherwise all online orders would have to be stopped.
https://www.cybersecuritydive.com/news/grocery-ahold-delhaize-cyberattack/732562/
Justin Chen says
iPhones now auto-restart to block access to encrypted data after long idle times
Apple has added a new security feature with the iOS 18.1 update released last month to ensure that iPhones automatically reboot after long idle periods to re-encrypt data and make it harder to extract. This switches the idle devices from an After First Unlock (AFU) state to a Before First Unlock (BFU) state, where the devices are more challenging to break using forensic phone unlocking tools. Furthermore, DFU makes extracting stored data harder, if not impossible, since even the operating system itself can no longer access it using encryption keys stored in memory.
https://www.bleepingcomputer.com/news/security/iphones-now-auto-restart-to-block-access-to-encrypted-data-after-long-idle-times/
Parth Tyagi says
Threat actors with ties to the Democratic People’s Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices.
Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built applications are part of a broader activity that includes malware written in Golang and Python.
https://thehackernews.com/2024/11/north-korean-hackers-target-macos-using.html
Aaroush Bhanot says
CISA Warns of Critical Palo Alto Networks Bug Exploited in Attacks (2 minute read)
The CISA warned that attackers are actively exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a tool for migrating firewall configurations from other vendors to PanOS. The vulnerability allows attackers with network access to takeover Expedition admin accounts and potentially access configuration secrets, credentials, and other data. All Expedition usernames, passwords, API keys, and any firewalls processed by Expedition should be rotated after upgrading. Various proof-of-concept attack chains that exploit the vulnerability to obtain admin access to Palo Alto Networks firewalls are available in the article.
https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-palo-alto-networks-bug-exploited-in-attacks/?utm_source=tldrinfosec
Charles Lemon says
“TikTok ordered to close Canada offices following “national security review”
The government of Canada has ordered TikTok to close down all of its Canadian offices. This decision was made in accordance with the Investment Canada Act, which allows for the review of foreign investments that may be injurious to Canada’s national security. After a rigorous national security review involving multiple steps, the Canadian government has stated the specific national security risks are related to ByteDance Ltd.’s operations in Canada. ByteDance is the parent company of Tiktok and is a Chinese internet company headquartered in Beijing. The specific concerns are over the possibility that ByteDance would be compelled to share sensitive data on Canadian citizens to the Chinese government. This does not mean Canadians will no longer have access to the popular social media platform. It just means the Chinese owned company will have to close its Canadian operations located in Toronto and Vancouver. Many Canadians are protesting the closures and TikTok responded that: “Shutting down TikTok’s Canadian offices and destroying hundreds of well-paying local jobs is not in anyone’s best interest, and today’s shutdown order will do just that. We will challenge this order in court.”
https://www.malwarebytes.com/blog/news/2024/11/tiktok-ordered-to-close-canada-offices-following-national-security-review
Elias Johnston says
test
Haozhe Zhang says
Set Forth, an American debt relief service, was involved in one of the extended data breaches; it exposed sensitive information belonging to approximately 1.5 million individuals. The data breach included sensitive information such as personal details including names, addresses, phone numbers, and Social Security numbers, which could pose a great risk to the affected individuals, including identity theft and financial fraud.
This breach was discovered when certain compromised data was found resting on a publicly accessible server, meaning there were too few security measures taken to protect sensitive data. In this regard, an investigation has been set forth by Set Forth with the cooperation of cybersecurity experts to trace the extent of the breach and take measures to prevent further incidents.
Affected individuals have been advised to closely monitor their financial accounts for suspicious activities and place fraud alerts or credit freezes on their credit reports to minimize further exposures. The incident has again brought into focus the imperative need for appropriate data security practices by organizations which deal in sensitive personal data of individuals.
https://cybernews.com/security/american-debt-relief-service-set-forth-breached/
Elias Johnston says
In 2017 Deloitte was hit with a cyberattack which granted the attacker with unfettered access to Deloitte’s global email server. The attack targeted an administrator account, cracking the password and using their identity to access the system as a whole. The account did not require two-factor authentication, showing a lack of identity management as well as poor access management. The attack was believed to have been successful in November of 2016, but was not detected until March of 2017, giving the attacker plenty of time to steal sensitive information. The attacker had unrestricted access to emails, usernames, passwords, and the future business plans of 244,000 Deloitte employees.
At the time the article was published, Deloitte had confirmed that 6 businesses they consult for had information that was compromised, however the number could be much higher. I chose this article because I had never heard of this breach, because it is related to identity and access management, and because it shows that even the best cybersecurity teams can still have large scale breaches.
https://www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails