IT security pros are not the only ones with sandboxes and honeypots to test malware in, as hackers are doing the same – in developing parts of the world. A report from Performanta says that many hackers would first try out new malware strains in developing countries, before targeting companies in the developed world. The … Read more
UnitedHealth Group has issued an update on the data breach that recently struck its subsidiary, Change Healthcare. The healthcare giant suffered a ransomware attack that knocked some of its services offline and affected different pharmacies and other adjacent businesses across the United States. In an update, UnitedHealth Group said that based on initial targeted data … Read more
Russian state-sponsored threat actors were observed abusing an old printer vulnerability to drop custom malware on target endpoints. The malware helped them exfiltrate sensitive data and login credentials. This is according to a new report from Microsoft Threat Intelligence, published earlier this week. As per the report, since mid-2019, a group known as Fancy Bear … Read more
A sophisticated new phishing attack was spotted in the wild, leveraging a wide variety of tools to bypass antivirus protections and ultimately deliver different Remote Access Trojan (RAT) malware. According to cybersecurity researchers at Fortinet, an unidentified threat actor was seen sending phishing emails, stating a shipment has been delivered, and attaching an invoice. This … Read more
The US Department of Health and Human Services (HHS) has issued a warning that hackers are attempting to target the helpdesks of hospitals in order to gain access to critical hospital systems. The hackers have been observed contacting hospital IT help desks using local area code phone numbers and then pretending to be a hospital … Read more
The future of mobile malware is here. For the first time, cybercriminals are infiltrating iOS and Android devices and stealing user face scans. Then, armed with the power of deepfakes and AI, they’re replicating the user’s likeness to break into their bank accounts. Yes, you read that correctly. Today’s technology allows bad actors to spoof … Read more
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new Microsoft Sharepoint Server vulnerability to its Known Exploited Vulnerabilities (KEV) catalog, signaling that hackers have begun exploiting it in the wild. The vulnerability is tracked as CVE-2023-24955, and carries a severity score of 7.2. It is described as a critical remote code execution … Read more
The Ray framework, an open source tool for AI and Python workload scaling, is vulnerable to half a dozen flaws that allow hackers to hijack the devices and steal sensitive data. This is according to cybersecurity researchers from Oligo, who published their findings on a new hacking campaign they dubbed “ShadowRay”. Apparently active since early … Read more
Security researchers have found a relatively easy and cheap way to clone the keycards used on three million Saflok electronic RFID locks in 13,000 hotels and homes all over the world. The keycard and lock manufacturer, Dormakaba, has been notified, and it is currently working to replace the vulnerable hardware – but it’s a long, … Read more
An unpatchable vulnerability has been discovered in Apple’s M-series chips that allows attackers to extract secret encryption keys from Macs under certain conditions, according to a newly published academic research paper. Named “GoFetch,” the type of cyber attack described involves Data Memory-Dependent Prefetchers (DMPs), which try to predict what data the computer will need next … Read more