Cyber Security News
Vulnerability in Apache Project Let Hackers Launch Supply Chain Attacks
The unsuspecting system downloads the public package instead of the intended private one, potentially injecting malicious code.
HACKRead
AeroNet Wireless Launches 10Gbps Internet Plan: A Landmark Moment in Puerto Rico’s Telecommunications Industry
San Juan, Puerto Rico, April 25th, 2024, CyberNewsWire
CyberNews
IntelBroker strikes again: Accor database leaked, exposing 642K individuals
Hackers have shared a database exposing 642,000 individuals’ personal information, including full names, email addresses, job titles, and the company they work for.
Bleeping Computer
GHC-SCW: Ransomware gang stole health data of 533,000 people
Non-profit healthcare service provider Group Health Cooperative of South Central Wisconsin (GHC-SCW) has disclosed that a ransomware gang breached its network in January and stole documents containing the personal and medical information of over 500,000 individuals.
CyberNews
Group Health Cooperative falls victim to ransomware attack, 500K people affected
The Group Health Cooperative of South Central Wisconsin (GHC-SCW) has fallen victim to a cyberattack that leaked the data of roughly 534,000 people.
Cyber Security News
JsOutProx Malware Abusing GitLab To Attack Financial Institutions
GitLab is a prominent web-based Git repository manager that is exploited by hackers to gain unauthorized access to confidential source code,
DarkReading
Ransomware, Junk Bank Accounts: Cyberthreats Proliferates in Vietnam
An economic success story in Asia, Vietnam is seeing more manufacturing and more business investment. But with that comes a significant uptick in cybercrime as well.
CyberNews
Florida kids aged 13 and under banned from social media under new bill
Florida’s Governor signs a bill that bans children 13 and under from becoming social media account holders – critics argue it violates free speech.
Bleeping Computer
The Week in Ransomware - March 1st 2024 - Healthcare under siege
Ransomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA.
CyberNews
Arrest warrant issued for Meta spokesperson, from Russia with love
A Moscow court issued an arrest order for Meta spokesperson Andy Stone on charges of inciting terrorism. Is this Kremlin propaganda or does Stone need to watch his back?
CyberNews
Ridesharing service breach exposes 155K users
HopSkipDrive data breach expose hundreds of thousands of people.
CyberNews
Hulu and Disney Plus in Netflix-style crackdown
The show is over – again. Just as Netflix did last year, Disney Plus and its subsidiary platform Hulu will now begin to restrict password sharing.
HACKRead
Hackers Uncover Airbus EFB App Vulnerability, Risking Aircraft Data
Whitehat hackers from Pen Test Partners identified a critical issue in Airbus' Flysmart+ Manager suite and promptly reported it to affected vendors.
HACKRead
Microsoft Teams External Access Abuses to Spread DarkGate Malware
Microsoft Teams targeted for phishing and malware attacks. Learn how to protect your organization against these evolving cyber threats.
Bleeping Computer
The Week in Ransomware - January 26th 2024 - Govts strike back
Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison.
CyberNews
Lush claimed by Akira ransomware
Lush’s name popped up on Akira ransomware gang’s data leak site.
CyberNews
Indian trade association exposes sensitive data
FICCI exposed an important file, risking indirect financial loss and reputational damage, as well as legal and compliance problems.
CyberNews
CERT-UA warns of new surge of malware, OCEANMAP, MASPIE, and STEELHOOK
Russia using malware to steal sensitive data
Bleeping Computer
Get productive in the holidays with $200 off Microsoft Office 2019
Productivity tools are something we all need and we'll all use, all year long. This Microsoft Office instant download for Mac or Windows is an ideal gift at $29.97 for either, $200 off the $229 MSRP, but only now through the end of December 25th.
Bleeping Computer
Give a gift they'll use with $690 off this learning bundle
The gift of learning pays off all year long. This lifetime subscription bundle opens the door to 24 different languages and over 1000 training courses for $159.97 with code ROSETTA at checkout, $690 off the $849 MSRP, but only now through the end of December 25th!
The Cyber Express
France Boosts ICC Cybersecurity with US$465,000 After Recent Cyberattack
In response to a recent cyberattack, France has announced an additional allocation of US$465,000 (€500,000) to enhance the International Criminal
HACKRead
Hacker IntelBroker Leaks Alleged Sensitive US DoD Documents
IntelBroker claims that the documents include information about communications between the Pentagon and the US Army’s CIO/G-6.
CyberNews
“Clear gods” defraud thousands in cell upgrade scheme, causing $28M in losses
The uncovered wire fraud scheme involved more than 26,000 fraudulent transactions and resulted in a loss of more than $28,000,000
CyberNews
LockBit adds ALDO Shoes to its victim list, company shrugs off incident
The notorious ransomware gang LockBit has added ALDO Shoes, a Canadian multinational corporation retailer, to its victim list.
The Cyber Wire
Ukraine at D+688: Cyberespionage from your besties?
Ukraine's SSSCIP gets a new chief, and Russian defense industries are targeted by foreign intelligence services. Who those services might be are unknown, but circumstantially they look a little like people from Shanghai or Pyongyang.
The Cyber Wire
Ukraine at D+648: Cyberespionage from your besties?
Ukraine's SSSCIP gets a new chief, and Russian defense industries are targeted by foreign intelligence services. Who those services might be are unknown, but circumstantially they look a little like people from Shanghai or Pyongyang.
Cyber Security News
Slovenia’s Biggest Power Provider has Suffered a Cyberattack
HSE one of the biggest power providers in Slovenia was targeted by a serious cyberattack and control system as well as fire alarms.
CyberNews
Pennsylvania water facility hit by Iranian hackers
A CISA cybersecurity warning says the Iranian hacker group targeting water and energy facilities in Israel, attacked two townships in Pennsylvania over the weekend.
CyberNews
Systems East attackers steal 209K encrypted payment cards
Systems East attacker stole thousands of encrypted payment cards.
Bleeping Computer
CISA warns of actively exploited Juniper pre-auth RCE exploit chain
CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain.
Bleeping Computer
LastPass breach linked to theft of $4.4 million in crypto
Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents.
Bleeping Computer
The Week in Ransomware - October 27th 2023 - Breaking Records
Ransomware attacks are increasing significantly, with reports indicating that last month was a record month for ransomware attacks in 2023.
SecurityWeek
Critical Infrastructure Stakeholders Gather for Day 2 of SecurityWeek's 2023 ICS Cybersecurity Conference
SecurityWeek’s 2023 ICS Cybersecurity Conference - Day 2 of the annual industrial cybersecurity conference.
The Record
EU asks Meta, TikTok to account for their response to Israel-Hamas disinformation
The European Commission sent Meta and TikTok letters Thursday, requesting information on the platforms’ efforts to rein in disinformation relating to the Israel-Hamas war.
Ars Technica
AI chatbots can infer an alarming amount of info about you from your responses
This troubling ability could be used by scammers or to target ads.
CyberNews
DDoS attacks trending upwards: multiple EU websites under siege
DDoS attacks are currently on the rise.
Bleeping Computer
The Week in Ransomware - October 13th 2023 - Increasing Attacks
Ransomware gangs continue to pummel the enterprise, with attacks causing disruption in business operations and resulting in data breaches if a ransom is not paid.
Bleeping Computer
The Week in Ransomware - September 29th 2023 - Dark Angels
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed.
Bleeping Computer
SickKids impacted by BORN Ontario data breach that hit 3.4 million
The Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were impacted by the recent breach at BORN Ontario. The top Canadian pediatric hospital disclosed that as a part of its operations, it shares personal health information with BORN Ontario "related to pregnancy, birth and newborn care."
DataBreaches
Experiment: How easy it was for me to influence Anonymous hacktivists
Jesse William McGraw writes: To say that we are living in a volatile time would be a brazen understatement. Since the onset of #OpRussia and successive...
SecurityWeek
Recent Juniper Flaws Chained in Attacks Following PoC Exploit Publication
Four vulnerabilities in the J-Web component of Junos OS have started being chained in malicious attacks after PoC exploit code was published.
Bleeping Computer
How the FBI nuked Qakbot malware from infected Windows PCs
The FBI announced today the disruption of the Qakbot botnet in an international law enforcement operation that not only seized infrastructure but also uninstalled the malware from infected devices.
Bleeping Computer
Hackers exploit critical Juniper RCE bug chain after PoC release
Hackers have started using a critical exploit chain to target Juniper EX switches and SRX firewalls via their Internet-exposed J-Web configuration interface.
Cyber Security News
Hackers Leverage Websites hosted on AWS S3 Buckets to Send Phishing Links
In this new wave of phishing attacks, hackers are turning to AWS S3 Buckets to host phishing links, providing them with a more convincing and legitimate façade.
Bleeping Computer
The Week in Ransomware - May 26th 2023 - Cities Under Attack
Ransomware gangs continue to hammer local governments in attacks, taking down IT systems and disrupting city's online services.
Cyber Security News
Atomic macOS Malware Steals Auto-fills, Passwords, Cookies, Wallets
The cybersecurity researchers at Cyble discovered a new macOS malware, 'Atomic' (aka 'AMOS'), sold for $1,000/month on private Telegram channels.
Security Affairs
Atomic macOS Stealer is advertised on Telegram for $1,000 per month
Atomic macOS Stealer is a new information stealer targeting macOS that is advertised on Telegram for $1,000 per month. Cyble Research and Intelligence Labs (CRIL) recently discovered a Telegram channel advertising a new information-stealing malware, named Atomic macOS Stealer (AMOS). The malware targets macOS, it was designed to steal sensitive information from the infected systems. The […]
Bleeping Computer
The Week in Ransomware - April 28th 2023 - Clop at it again
It has been a very quiet week for ransomware news, with only a few reports released and not much info about cyberattacks. An item of interest was Microsoft linking the recent PaperCut server attacks on the Clop and LockBit ransomware operation.
Ars Technica
cURL, the omnipresent data tool, is getting a 25th birthday party this month
Founder will open a 25-year bottle of Scotch and chat about its history and future.
Bleeping Computer
CISA warns of critical VMware RCE flaw exploited in attacks
CISA has added a critical severity vulnerability in VMware's Cloud Foundation to its catalog of security flaws exploited in the wild.
Bleeping Computer
The Week in Ransomware - March 3rd 2023 - Wide impact attacks
This week was highlighted by a massive BlackBasta ransomware attack targeting DISH Network and taking down numerous subsidiaries, including SlingTV and Boost Mobile.
Bleeping Computer
Dish Network goes offline after likely cyberattack, employees cut off
American TV giant and satellite broadcast provider, Dish Network has mysteriously gone offline with its websites and apps ceasing to function over the past 24 hours.
Bleeping Computer
PyTorch discloses malicious dependency chain compromise over holidays
PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector.
Bleeping Computer
Holiday 2022 deal: 20% off Zero2Automated malware analysis training
Zero2Automated, the creators of the popular malware analysis and reverse-engineering course, is having a Christmas special where you can get 20% off all courses on their site, with additional goodies thrown in.
Bleeping Computer
Google pushes emergency Chrome update to fix 8th zero-day in 2022
Google has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year.
Bleeping Computer
The Week in Ransomware - September 30th 2022 - Emerging from the Shadows
This week's news primarily revolves around LockBit, BlackMatter, and the rising enterprise-targeting Royal ransomware operation.
Bleeping Computer
LastPass says hackers had internal access for four days
LastPass says the attacker behind the August security breach had internal access to the company's systems for four days until they were detected and evicted.
Bleeping Computer
Google Chrome emergency update fixes new zero-day used in attacks
Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year.
Bleeping Computer
The Week in Ransomware - August 26th 2022 - Fighting back
We saw a bit of ransomware drama this week, mostly centered around LockBit, who saw their data leak sites taken down by a DDoS attack after they started leaking the allegedly stolen Entrust data.
CyberNews
Twitter to roll out podcasts | Cybernews
From August 25th, podcasts will be added to Twitter as part of their Spaces Tab, which offers live audio conversations on the platform.
SecurityWeek
Black Hat 2022: Ten Presentations Worth Your Time and Attention
SecurityWeek editors have combed the Black Hat USA 2022 agenda carefully and identified the top 10 sessions that will be making news headlines all week.
Security Affairs
Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club
Hackers have stolen over $250,000 in Ethereum from Bored Ape Yacht Club (BAYC), this is the third security breach it suffered this year. Threat actors compromised Bored Ape Yacht Club (BAYC) for the third time this year, they have stolen and sold NFTs, making away with 142 ETH, equivalent to over $250,000. The hacker conducted […]
Bleeping Computer
Emergency Windows 10 updates fix Microsoft Store app issues
Microsoft has released out-of-band (OOB) updates on Thursday evening to address a newly acknowledged issue impacting Microsoft Store apps.
Bleeping Computer
The Week in Ransomware - April 29th 2022 - New operations emerge
This week we have discovered numerous new ransomware operations that have begun operating, with one appearing to be a rebrand of previous operations.
Bleeping Computer
Europol dismantles massive call center investment scam operation
Europol has announced the arrest of 108 people suspected of being involved in an international call center operation that tricked victims into investment scams.
Bleeping Computer
The Week in Ransomware - March 25th 2022 - Critical infrastructure
With the US providing military aid to Ukraine and its sanctions damaging the Russian economy, the US government disclosed this week that there is intelligence that Russia is preparing for potential cyberattacks against US interests.
Security Affairs
Hacker leaked a new version of Conti ransomware source code on Twitter
A Ukrainian security researcher has leaked more source code from the Conti ransomware operation to protest the gang’s position on the conflict. Hacker leaked a new version of the Conti ransomware source code on Twitter as retaliation of the gang’s support to Russia The attack against the Conti ransomware and the data leak is retaliation […]
Bleeping Computer
Newer Conti ransomware source code leaked out of revenge
A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine.
Bleeping Computer
More Conti ransomware source code leaked on Twitter out of revenge
A Ukrainian security researcher has leaked newer malware source code from the Conti ransomware operation in revenge for the cybercriminals siding with Russia on the invasion of Ukraine.
Cyber Security News
Ukrainian Sites Saw a 10x Increase Attacks Since Russia Invaded Ukraine
Wordfence posted on their site that they found a massive number of systems owned by Ukrainian universities were compromised. This coincided with the attack of Russia on Ukraine.
Security Affairs
Ukrainian WordPress sites under massive complex attacks
Researchers observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country. Cyber attacks are an important component of the military strategy against Ukraine, experts observed a spike in the attacks against Ukrainian WordPress sites since the beginning of the military invasion of the country. The […]
DataBreaches
Aon hit by cyber attack
Luke Gallin reports: Global insurance and reinsurance broker Aon was hit by a cyber attack on February 25th, 2022, according to an 8-K filed with the...
DataBreaches
Why won’t law enforcement answer questions about RaidForums? Or have they just winked?
“Oh for f*** sake,” a February 25th message on Signal to me began. RaidForums had been seized, I was told. But had it been? A WHOIS lookup on the...
Bleeping Computer
Insurance giant AON hit by a cyberattack over the weekend
Professional services and insurance giant AON has suffered a cyberattack that impacted a "limited" number of systems.
Bleeping Computer
CISA tells agencies to patch actively exploited Chrome, Magento bugs
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.
Bleeping Computer
CISA tells federal agencies to patch actively exploited Chrome, Magento bugs
The US Cybersecurity and Infrastructure Security Agency (CISA) has added nine new flaws to its collection of actively exploited vulnerabilities, including two recently patched zero-days impacting Google Chrome and Adobe Commerce/Magento Open Source.
Bleeping Computer
CISA orders federal agencies to update iPhones until Feb 25th
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit remote code execution bug used to target iPhones, iPads, and Macs.
Bleeping Computer
CISA orders federal agencies to update iPhones, Macs until Feb 25th
The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new flaw to its catalog of vulnerabilities exploited in the wild, an Apple WebKit remote code execution bug used to target iPhones, iPads, and Macs.
Bleeping Computer
The Week in Ransomware - January 28th 2022 - Get NAS devices off the Internet
It's been a busy week with ransomware attacks tied to political protests, new attacks on NAS devices, amazing research released about tactics, REvil's history, and more.
Bleeping Computer
QNAP warns of new DeadBolt ransomware encrypting NAS devices
QNAP is warning customers again to secure their Internet-exposed Network Attached Storage (NAS) devices to defend against ongoing and widespread attacks targeting their data with the new DeadBolt ransomware strain.
Bleeping Computer
New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key
A new DeadBolt ransomware group is encrypting QNAP NAS devices worldwide using what they claim is a zero-day vulnerability in the device's software.
Bleeping Computer
Fintech firm hit by log4j hack refuses to pay $5 million ransom
One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort $5 million and threatened to publish the customer data should ONUS refuse to comply.
Bleeping Computer
The Week in Ransomware - December 3rd 2021 - Seizing Bitcoin
For this week's 'Week in Ransomware' article we have included the latest ransomware news over the past two weeks.
Bleeping Computer
The Week in Ransomware - October 29th 2021 - Making arrests
This week, international law enforcement operations went on the offensive, making arrests in numerous countries for ransomware-related activities.
Bleeping Computer
Bandwidth.com is latest victim of DDoS attacks against VoIP providers
Bandwidth.com has become the latest victim of distributed denial of service attacks targeting VoIP providers this month, leading to nationwide voice outages over the past few days.
Bleeping Computer
Microsoft Exchange Autodiscover bugs leak 100K Windows credentials
Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide.
Bleeping Computer
McDonald's leaks password for Monopoly VIP database to winners
ug in the McDonald's Monopoly VIP game in the United Kingdom caused the login names and passwords for the game's database to be sent to all winners.
Bleeping Computer
Atlassian Confluence flaw actively exploited to install cryptominers
Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released.
Bleeping Computer
The Week in Ransomware - July 30th 2021 - €1 billion saved
Ransomware continues to be active this week, with new threat actors releasing new features, No More Ransom turning five, and a veteran group rebrands.
Bleeping Computer
VirusTotal ordered to reveal private info of stolen HSE data downloaders
An Irish court has ordered VirusTotal to provide the information of subscribers who downloaded or uploaded confidential data stolen from Ireland's national health care service during a ransomware attack.
Bleeping Computer
The Week in Ransomware - June 25th 2021 - Back in Business
It has been relatively quiet this week, with few attacks revealed and few new ransomware variants released. However, some interesting information came out that we have summarized below.
Bleeping Computer
The Week in Ransomware - May 28th 2021 - The Decryptor Debate
With ransomware gangs facing increasing pressure from governments, law enforcement, and even hacking forums, it has been fairly quiet this week regarding ransomware.
Bleeping Computer
Google Chrome 91 released with new features, security improvements
Google has released Chrome 91 today, May 25th, 2021, to the Stable desktop channel, and it includes security improvements, the ability to copy and paste files into web pages, and new developer features.
Bleeping Computer
The Week in Ransomware - April 30th 2021 - Attacks Escalate
Ransomware gangs continue to target organizations large and small, including a brazen attack on the Washington DC police department.
Bleeping Computer
FBI shares 4 million email addresses used by Emotet with Have I Been Pwned
Millions of email addresses collected by Emotet botnet for malware distribution campaigns have been shared by the Federal Bureau of Investigation (FBI) as part of the agency's effort to clean infected computers.
Bleeping Computer
Emotet malware nukes itself today from all infected computers worldwide
Emotet, one of the most dangerous email spam botnets in recent history, is being uninstalled today from all infected devices with the help of a malware module delivered in January by law enforcement.