← The CISO Life

Hitting Home: From Sports Betting to Critical Enterprise — Recent Attacks Show No Target is Safe

MH By Mike Housch
Threat Landscape Roundup

Threat actors are broadening tactics and targets—from consumer apps to core enterprise platforms and public-safety suppliers—blending sophisticated chains with commodity techniques. Below is the quick scan and what to do next.

Credential Stuffing Campaign Hitting DraftKings Users

A September 2 campaign leveraged reused credentials to access customer accounts (without breaching DraftKings’ own systems). Likely exposed data included profile and contact details, balance information, and the last four of cards. Password resets and MFA requirements followed, echoing a similar 2022 incident.

What good looks like

  • Mandate phishing-resistant MFA; rate-limit and add bot/behavioral controls to login flows.
  • Block known compromised credentials (have-I-been-pwned style checks) during signup and reset.
  • Real-time alerts for atypical account activity; auto-revoke sessions on risk signals.

Critical Zero-Day Exploitation in Oracle E-Business Suite

A high-severity flaw (BI Publisher/Concurrent Processing) enabled pre-auth RCE, reportedly exploited weeks prior to patch availability, with attribution linked to data-theft campaigns and increasing PoC adoption.

Immediate steps

  • Inventory internet-exposed EBS; apply vendor fixes off-cycle and verify post-patch hardening.
  • Look for IoCs tied to recent exploitation; isolate/report anomalous concurrent job activity.
  • Treat ERP like externally-facing infra: continuous monitoring, rapid patching, strict segmentation.

Targeted Breaches in Essential & Global Business

BK Technologies (Public Safety Communications)

Intrusion led to exfiltration of non-public data and minor operational disruption. Even “reliability-branded” suppliers need tabletop testing and explicit breach-notification schemas that include data elements and timelines.

Asahi (Global Beverage)

Ransomware group claims data theft and operational disruption across ordering, shipping, and support functions— another reminder that food/beverage remains a frequent target with material downstream impact.

Vendor playbook

  • Tier vendors by data criticality; require continuous assurance (SOC 2, pen results, SBOM/SLSA provenance).
  • Share telemetry cross-tenant (SIEM/XDR); rehearse incident interfaces and contact trees.
  • Scope least-privilege access; rotate vendor secrets regularly and monitor for anomalous API usage.

New Vulnerability in AI Development Tools

A command-injection bug in a popular Model Context Protocol (MCP) server for Figma enabled RCE via unsanitized shell execution when falling back from fetch to curl. Patched in a recent release, the risk is amplified by AI agents that may chain tools automatically.

Secure the toolchain

  • Pin patched versions; block untrusted tool downloads in CI/local dev; restrict child-process execution.
  • Harden agent prompts against indirect prompt injection; set egress allowlists for dev boxes.
  • Audit tokens/keys in .env and CI variables; rotate on dependency security events.

← Back to all posts