Loading
Yanuki
ARTICLE DETAIL
Cushman & Wakefield Confirms Vishing Cyberattack | Linux 'CopyFail' Vulnerability Grants Root Access | Apple Fixes Privacy Bug in iOS 26.4.2 Allowing Message Extraction | Fake Windows Update Website Delivers Password-Stealing Malware | Fake Windows 11 Update Distributes Password-Stealing Malware | Telegram Groups Facilitate Domestic Hacking and Abuse | CareCloud Data Breach and MSP Security Threats | GitHub Actions Under Attack: Credential Stealing Malware Injected into Popular Tools | New iPhone Hacking Tool "DarkSword" Threatens Millions of Users | Cushman & Wakefield Confirms Vishing Cyberattack | Linux 'CopyFail' Vulnerability Grants Root Access | Apple Fixes Privacy Bug in iOS 26.4.2 Allowing Message Extraction | Fake Windows Update Website Delivers Password-Stealing Malware | Fake Windows 11 Update Distributes Password-Stealing Malware | Telegram Groups Facilitate Domestic Hacking and Abuse | CareCloud Data Breach and MSP Security Threats | GitHub Actions Under Attack: Credential Stealing Malware Injected into Popular Tools | New iPhone Hacking Tool "DarkSword" Threatens Millions of Users

Security / Cybercrime

Cushman & Wakefield Confirms Vishing Cyberattack

Commercial real estate giant Cushman & Wakefield (C&W) has confirmed a cyberattack resulting from a vishing (voice phishing) incident. Two cybercrime groups, ShinyHunters and Qilin, have claimed responsibility for the attack, creating uncer...

Cushman & Wakefield confirms vishing cyberattack
Share
X LinkedIn

shiny hunter
Cushman & Wakefield Confirms Vishing Cyberattack Image via The Register

Key Insights

  • Cushman & Wakefield confirmed a 'limited' data security incident due to vishing, where an employee was socially engineered.
  • ShinyHunters claimed to have stolen over 500,000 Salesforce records containing PII and internal corporate data.
  • Qilin, considered a prolific ransomware group, also claimed responsibility but provided no specific details of the attack.
  • The company activated its response protocols and engaged third-party experts to investigate the incident.
  • **Why this matters:** This incident highlights the increasing sophistication of cyberattacks, particularly social engineering tactics like vishing, and the potential for significant data breaches, even in large organizations.

In-Depth Analysis

Cushman & Wakefield, a major player in the commercial real estate sector, has found itself the target of a cyberattack. The attack, stemming from a vishing incident, underscores the vulnerability of even large corporations to social engineering tactics. According to The Register&ref=yanuki.com, a C&W spokesperson stated the attack was 'limited' in scope. ShinyHunters, known for their large-scale breaches, claimed responsibility on May 1st, alleging the theft of 500,000 Salesforce records. Qilin, a prominent ransomware group, also claimed responsibility on May 4th, listing C&W on their data leak site but without providing details.

The situation is complicated by the dual claims of responsibility. It's unclear whether the two groups collaborated or if these are separate, coincidentally timed attacks. Cushman & Wakefield is currently investigating the incident with the help of third-party experts.

**How to Prepare:**

  • **Employee Training:** Implement regular training programs to educate employees about vishing and other social engineering tactics.
  • **Security Protocols:** Reinforce and update security protocols to prevent unauthorized access and data breaches.
  • **Incident Response Plan:** Maintain a well-defined incident response plan to quickly and effectively address security incidents.

**Who This Affects Most:**

  • **Cushman & Wakefield Clients:** Clients' sensitive data may be at risk.
  • **Cushman & Wakefield Employees:** Employee PII (Personally Identifiable Information) could be compromised.
  • **Stakeholders:** Reputational damage and financial losses can affect stakeholders.

Read source article

FAQ

What is vishing?

Vishing is a type of social engineering attack conducted over the phone, where attackers trick individuals into divulging confidential information.

Who are ShinyHunters and Qilin?

ShinyHunters is a cybercrime group known for large-scale data breaches. Qilin is a prolific ransomware group known for targeting numerous organizations.

Takeaways

  • Social engineering attacks like vishing can be highly effective.
  • Data breaches can have significant consequences for businesses and their stakeholders.
  • Incident response plans are crucial for minimizing the impact of cyberattacks.

Discussion

Do you think companies are doing enough to protect themselves from vishing attacks? Share your thoughts in the comments below!

Share this article with others who need to stay ahead of this trend!

Sources

Cushman & Wakefield confirms vishing cyberattack Commercial real estate giant Cushman & Wakefield confirms cyber attack Two ransomware gangs now claim Cushman & Wakefield after Salesforce breach claim

Disclaimer

This article was compiled by Yanuki using publicly available data and trending information. The content may summarize or reference third-party sources that have not been independently verified. While we aim to provide timely and accurate insights, the information presented may be incomplete or outdated.

All content is provided for general informational purposes only and does not constitute financial, legal, or professional advice. Yanuki makes no representations or warranties regarding the reliability or completeness of the information.

This article may include links to external sources for further context. These links are provided for convenience only and do not imply endorsement.

Always do your own research (DYOR) before making any decisions based on the information presented.

Related Stories

Security / Vulnerabilities

Linux 'CopyFail' Vulnerability Grants Root Access

A newly discovered Linux vulnerability named 'CopyFail' (CVE-2026-31431) poses a significant security risk, enabling local privilege escalation. This flaw allows unprivileged users to gain root access, impacting various Linux distributions...

The most severe Linux threat to surface in years catches the world flat-footed

Security / iOS

Apple Fixes Privacy Bug in iOS 26.4.2 Allowing Message Extraction

Apple has addressed a significant privacy vulnerability in iOS 26.4.2, which allowed law enforcement and other unauthorized entities to extract deleted messages from iPhones. This update is crucial for users concerned about privacy and data...

The tiny iOS 26.4.2 update that arrived this week is actually a really big deal

Security / Malware

Fake Windows Update Website Delivers Password-Stealing Malware

A fake Microsoft support website is tricking users into downloading malware disguised as a legitimate Windows update. This malware is designed to steal passwords, payment details, and account access, bypassing traditional security measures...

This fake Windows support website delivers password-stealing malware

Security / Cybersecurity

Fake Windows 11 Update Distributes Password-Stealing Malware

A fake Windows 11 update website is distributing malware disguised as a legitimate update, targeting users seeking early access to new features. This sophisticated campaign uses techniques that evade traditional antivirus software, making d...

Fake Windows 11 24H2 Update Poses as Legit Download to Steal Data

Security / Cybercrime

Telegram Groups Facilitate Domestic Hacking and Abuse

Recent research has uncovered a disturbing trend: Telegram groups are being used to facilitate domestic hacking and abuse. These groups are hubs for trading hacking tools, spyware, and non-consensual intimate images, enabling individuals to...

Men Are Buying Hacking Tools to Use Against Their Wives and Friends

Security / Cybersecurity

CareCloud Data Breach and MSP Security Threats

A recent cyberattack on CareCloud, a health tech provider, has raised concerns about patient data security. This incident, along with other emerging threats, highlights the increasing risks faced by Managed Service Providers (MSPs) and the...

Healthcare data breach hits system storing patient records

Security / Supply Chain

GitHub Actions Under Attack: Credential Stealing Malware Injected into Popular Tools

Recent supply chain attacks have targeted widely-used GitHub Actions, including those for the Trivy vulnerability scanner and Checkmarx KICS, injecting credential-stealing malware. These compromises pose a significant risk to CI/CD pipeline...

KICS GitHub Action Compromised: TeamPCP Strikes Again in Supply Chain Attack

Security / iPhone Security

New iPhone Hacking Tool "DarkSword" Threatens Millions of Users

A sophisticated iPhone hacking technique known as DarkSword has been discovered, capable of compromising hundreds of millions of iPhones running older versions of iOS. This poses a significant threat to users who haven't updated their devic...

Spyware once used by governments is now spreading to cybercriminals