U.S. business publication Fast Company disclosed that while the cyberattack it experienced late last month has not compromised personal information from its executive board members, contributor credentials have been stolen and sold online, BleepingComputer reports.
"The hacked downloaded Fast Company contributor user names and passwords and made the obtained information available for purchase on the website called Breach Forums," said Fast Company in a data breach notification.
Fast Company earlier said that it has sought a top incident response and cybersecurity company to help in its investigation of the incident but the publication has yet to divulge more details about the attack. Fast Company had its website shut down two weeks ago after racist notifications were sent by the hacker to readers' mobile devices through Apple News and after the site was defaced to display that it had been hacked by security researcher Vinny Troia.
Thrax, who claimed to be behind the intrusion, noted that Fast Company had been compromised through a breach of its site's content management system.
Numerous government, political, and academic organizations in South Korea have been targeted by the Chinese state-backed advanced persistent threat operation TAG-74 as part of a "multi-year" cyberespionage campaign part of China's intellectual property theft and influence operations, The Hacker News reports.
BleepingComputer reports that vulnerable Openfire messaging servers impacted by the already addressed high-severity authentication bypass flaw, tracked as CVE-2023-32315, are being subjected to ongoing attacks aimed at ransomware encryption and cryptominer distribution.
Ukraine's Prosecutor General's Office and other departments involved in war crimes documentation have been facing mounting cyberattacks from Russian state-sponsored threat operations looking to obtain evidence regarding such crimes, which is a sharp contrast from the previous targeting of energy facilities, Reuters reports.