Infosec In Brief Canadian outsourcer Telus Digital has admitted it fell victim to a cyberattack.
The company said it is “investigating a cybersecurity incident involving unauthorized access to a limited number of our systems” and “took immediate steps to address the unauthorized activity and secure our systems against further intrusion. “
Telus is now “actively managing the situation and continue[s] to monitor it closely.”
Those soothing words contrast with reports that Telus has leaked a petabyte or more of data, and that crime gang ShinyHunters did the deed after acquiring valid Google Cloud Platform credentials as a result of the Salesloft breach.
- Simon Sharwood
Cloud Software Group (CSG), the conglomerate that includes Citrix and Tibco, on Sunday wrote to customers urging them to implement all patches ASAP.
“Given the evolving geopolitical landscape and the corresponding increase in state-sponsored and opportunistic cyber threats, I am writing to urge immediate attention to your security posture across all our products,” wrote the company’s CISO Kumar Palaniappan.
“Threat intelligence indicates a marked uptick in targeted attacks against critical infrastructure, supply chains, and enterprise environments linked to ongoing geopolitical conflicts. These include advanced persistent threats (APTs), ransomware campaigns, and zero-day exploitation attempts,” he added.
Palaniappan said CSG’s security teams “are operating at an elevated alert level” and have “accelerated vulnerability assessments, threat monitoring, and patch release cycles across our entire product portfolio.”
The CISO urged customers to apply all available patches and product updates immediately, check implementations follow instructions in CSG’s published security baselines, and enable MFA and audit logging.
He also urged customers “Verify your deployments are on supported, current versions of our products.” That instruction has the potential to see customers need new licenses, turning geopolitics into a revenue-generation opportunity for CSG.
- Simon Sharwood
Starbucks last week delivered bitter news to hundreds of employees: Attackers gained access to the company’s HR portals and stole their personal and financial information.
In a data breach notification filed with the Maine attorney general's office, the coffee giant said 889 people were affected by the digital intrusion. And in a subsequent letter sent to employees, Starbucks advised impacted staff that their names, Social Security numbers, and dates of birth, along with financial account numbers and routing numbers, may have been snarfed up by "an unauthorized third party."
Starbucks became aware of the breach around February 6, and at that point, launched an investigation into the security SNAFU with the help of law enforcement and infosec experts.
"The investigation has determined that an unauthorized third party accessed certain Starbucks Partner Central accounts after obtaining the login credentials through websites impersonating Partner Central," the breach disclosure notice states.
Partner Central is the company's HR portal for employees – Starbucks calls them "partners" – and it's how workers view their paystubs, direct deposit info, time off, and other benefits.
Starbucks told The Register that the attackers spoofed the HR portal login page, then captured victims’ credentials when they used the phony portal.
"We recently identified that a limited number of retail partners had inadvertently interacted with deceptive websites impersonating an employee-facing site," a Starbucks spokesperson told us. "This allowed an unauthorized third-party to access certain partner accounts. We quickly resolved the issue, notified affected partners, and operations have since returned to normal."
After conquering the realms of threat intelligence and incident response, Mandiant founder Kevin Mandia is now venturing into agentic AI security with a brand-new red teaming company called “Armadin”.
The company concluded its first funding round last week, raising $189.9 million in what it says represents the highest-ever seed and series A funding round in the history of cybersecurity.
Mandia is the company's founding CEO and said Armadin will tackle what he called "hyperattacks" – AI-powered cyberattacks that are sophisticated, multi-modal, move at machine speed, and are therefore impossible to defend with existing tools designed for human use.
The company said that its product will deploy AI agents informed by custom models "in an agentic attacker swarm," mimicking the tactics displayed by the world's most advanced attackers.
Armadin wants customers to run this swarm in their environments, where it will mimic an advanced attack with privileged access to produce insights into potential attacks that the company will block before attackers find them.
"The AI shift is changing cybersecurity more rapidly than any transition in history," said Mandia. "In a world of machine-speed attacks, defense must become autonomous. You cannot have a human in the loop for every defense decision and expect to win.”
"We are building the most formidable offense to give organizations the greatest defense. It's important to national security."
Armadin’s debut came nearly four years after Google Cloud bought Mandiant for $5.4 billion.
Google Ventures, the investment capital arm of Google owner Alphabet, is one of the major investors in Armadin. The funding round was led by Accel, with other major players also investing, including Kleiner Perkins, Menlo Ventures, In-Q-Tel, 8VC, and Ballistic Ventures, a VC biz Mandia co-founded.
A software engineer allegedly stole millions of US citizens' Social Security data while working at the now-shuttered US Department of Government Efficiency (DOGE), the government cost-cutting group briefly overseen by Elon Musk.
The Social Security Administration's inspector general is investigating the claims, according to a letter sent to four congressional committees and reviewed by the Washington Post.
The accused engineer allegedly acquired the data from two sensitive, restricted databases, and copied content from at least one of them to a thumb drive. He then allegedly got a new job at a US government contractor, brought the stolen data with him and used it to inform his work in the new role.
Around 500 million Americans, alive and dead, are thought to be affected. The data reportedly includes basic personal information, Social Security numbers, ethnicities, citizenship statuses, and parents' names.
The company at which the alleged data thief now works told the Post that it carried out a two-day probe and found the claims to be unsubstantiated. A DOGE representative also said there was no evidence to support the allegations.
Canadian retail giant Loblaw says that it succumbed to a cyberattack and those behind it accessed customer data.
The company, which operates multiple brands spanning groceries, pharmaceutical goods, fashion, and beauty products, described it as "a low-level data breach" that involved customers' personal data.
Attackers accessed customers’ names, phone numbers, and email addresses. The retailer said it has informed affected customers.
Loblaw did not enumerate how many customers were affected by the attack, nor did it explain which system was breached to access the data.
"As part of its security response protocol, the company secured its network and customer information," Loblaw stated. "All customers will be automatically logged out of their accounts. To access the company's digital services, customers will need to log back in.
"Loblaw's current investigation indicates that passwords, health information, and credit card data were not compromised."
Per the same investigation, its financial services arm, PC Financial, also escaped unscathed.
The Register asked Loblaw for more information, including about the scale of the breach and which system(s) were compromised.
As Canada's largest retailer and food distributor, Loblaw operates more than 2,400 stores across the country and employs more than 190,000 people.
A company this size invariably has a large number of customers, 18 million of whom are signed up to its PC Optimum rewards program, according to figures stated on its website. ®
Source: The register