At a glance.
- Third-party data breach at Discord.
- Black Basta conducts ransomware attack against technology company ABB.
- Intrusion Truth returns to dox APT41.
- Anonymous Sudan looks like a Russian front operation.
- Attribution and motivation of "RedStinger" remain murky.
- CISA summarizes Russian cyber offensives.
- Seven new entries to CISA's Known Exploited Vulnerabilities Catalog.
- Remote code execution exploits Ruckus in the wild.
- Espionage and YouTube comments.
Third-party data breach at Discord.
Bleeping Computer reports that Discord, the well-known VoIP and instant messaging social platform, has experienced a data breach via the compromised account of a third-party support agent. Discord says that the ticket queue of the support agent contained “user email addresses, messages exchanged with Discord support, and any attachments sent as part of the tickets.” The company quickly disabled the agent’s account and did a malware sweep of the device. Security Affairs reports that Discord is also working with their third-party support provider to improve their cybersecurity and prevent an incident like this from taking place again. Discord told affected users that the company believed the risk from the breach is minimal, but that they advise vigilance against potential fraud or phishing attempts.