HACKRead
IoT Cameras Exposed by Chainable Exploits, Millions Affected
The Internet of Things (IoT) promises a world of interconnected devices, but with this connectivity comes a dark side such as security vulnerabilities.
SecurityWeek
BreachForums Shut Down in Apparent Law Enforcement Operation
The hacking forum BreachForums is displaying a notice claiming that the website is under the control of the FBI.
Security Magazine
Meta is the second most spoofed brand for credential phishing
A sophisticated phishing campaign is bypassing multi-factor authentication in order to target Meta business accounts.
The Cyber Express
The Cybersecurity Guardians: Meet the Top 30 cybersecurity Influencers to Follow in 2024
The ever-evolving landscape of cybersecurity is shaped by a dedicated group of individuals. These pioneers, through their research, entrepreneurship, and
CSO
Singing River ransomware attack now thought to have affected over 895,000
The health care provider has dramatically increased its estimate of the number of patients affected by the August 2023 attack.
SecurityWeek
900k Impacted by Data Breach at Mississippi Healthcare Provider
Singing River Health System says the personal information of roughly 900,000 individuals was stolen in an August 2023 ransomware attack.
Bleeping Computer
Singing River Health System: Data of 895,000 stolen in ransomware attack
The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023.
Infosecurity News
Data Breaches in US Schools Exposed 37.6M Records
Comparitech said 2023 was a record year for breaches with 954 reported, up from 139 in 2022 and 783 in 2021
Ars Technica
Apple, SpaceX, Microsoft return-to-office mandates drove senior talent away
"It’s easier to manage a team that’s happy.”
CyberSecurity Dive
How a CISA proposal could impact K-12 cyber incident reporting
Overall, the nonprofit K12 Security Information Exchange backed the requirement for schools, but it asked for clarification on how the sector should report cyber incidents students initiate.
The Record
Civil society under increasing threats from ‘malicious’ state cyber actors, US
State-linked hackers from Russia, China, Iran and North Korea are setting their sights set their sights on NGOs, think tanks, human rights activists and journalists, the advisory warned.
Ars Technica
Black Basta ransomware group is imperiling critical infrastructure, groups warn
Threat group has targeted 500 organizations. One is currently struggling to cope.
Cyber Security News
Hackers Exploiting MS-SQL Severs To Deploy Mallox Ransomware
Information such as financial records, customer information, and intellectual property that may be sold on the black web markets is what
SecurityWeek
Black Basta Ransomware Hit Over 500 Organizations
The US government warns of Black Basta ransomware attacks targeting critical infrastructure organizations.
.webp)
Cyber Security News
Ascension Healthcare Systems Hacked, Hospitals Diverting Emergency Service
Ascension is one of the most extensive charity healthcare systems in the US. It has been hit hard by a ransomware attack.
SC Magazine
Ascension ‘making progress’ to restore systems after ransomware attack
Black Basta, the gang reportedly responsible for the attack against the large health system, is described as prolific and sophisticated by federal agencies.
The Cyber Express
The Top 10 Cybersecurity Unicorns in The World
The ever-evolving digital landscape presents a constant challenge for businesses and individuals alike: staying secure in the face of increasingly
Bleeping Computer
The Week in Ransomware - May 10th 2024 - Chipping away at LockBit
After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation.
Bleeping Computer
Ascension redirects ambulances after suspected ransomware attack
Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday.
DarkReading
Ascension Healthcare Suffers Major Cyberattack
The attack cut off access to electronic healthcare records (EHRs) and ordering systems, plunging the organization and its health services into chaos.
CyberSecurity Dive
Some Ascension hospitals diverting emergency care after cybersecurity incident
The health system’s electronic health records, MyChart patient portal and several systems for ordering tests and medications are unavailable, Ascension said.
The Cyber Express
Ascension Healthcare Hit by Cyberattack: Patients Wait Hours, Chaos Ensues
Ascension, one of the largest nonprofit healthcare systems in the United States, is facing disruptions in clinical operations due to
CyberSecurity Dive
Ascension hit by cybersecurity incident disrupting clinical operations
The major nonprofit health system detected “unusual activity” on some network systems Wednesday.
CyberNews
Ascension Catholic hospitals in midst of possible cyberattack
Non-profit Ascension health systems tells business partners to disconnect from its networks after a suspected cyberattack disrupts operations at facilities across the US.
The Record
Federal agencies assisting Catholic health network amid cyberattack
Deputy National Security Advisor Anne Neuberger said the incident is an example of the need for more to be done to protect critical infrastructure.
SC Magazine
Cybersecurity incident impacts operations at Ascension hospitals
Large Catholic nonprofit hired Mandiant to investigate what’s now an unspecified cybersecurity incident that has reportedly forced hospitals in at least Maryland, Michigan, Kansas, and Wisconsin to shut down its systems.
The Record
In interview, LockBItSupp says authorities outed the wrong guy
LockBitSupp, head of the LockBit cybercrime operation, tells the Click Here podcast team that he is not Russian national Dmitry Khoroshev, as claimed by the U.S., U.K. and Australia.
Bleeping Computer
Ascension healthcare takes systems offline after cyberattack
Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a "cyber security event."
Infosecurity News
10,000 Customers’ Data Exposed in UK Government Breaches
The findings come from Apricorn, based on annual Freedom of Information (FOI) responses from 2023
Infosecurity News
A Third of Tech CISOs Are Unhappy With Their Income
New IANS Research data finds many tech CISOs are concerned about their compensation as salaries stagnate
The Cyber Express
Brandywine Realty Trust Confirms Data Breach After Ransomware Attack
Brandywine Realty Trust issued a recent filing to the US Securities And Exchange Commission (SEC), where it confirmed that an
The Record
Former NSA head Paul Nakasone to helm national security institute at Vanderbilt
The former U.S. Cyber Command and National Security Agency chief will be the founding director of a national security-focused hub at the Nashville-based campus.
The Record
Catholic health system Ascension warns of disruptions following cyberattack
The nonprofit health provider published a notice saying it discovered unusual activity on network systems and immediately began an investigation.
CyberNews
TikTok and ByteDance file lawsuit to block US divest-or-ban bill
TikTok and Chinese parent company ByteDance filed suit in US federal court seeking to block a law that would force the company to divest from TikTok or face a ban.
CyberNews
LockBit gang leader exposed in FBI ransomware breakthrough
The leadership identity of the LockBit ransomware group is unveiled by the US Department of Justice (DoJ), UK’s National Crime Agency (NCA), and Europol.
The Hacker News
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion
MITRE, a renowned research firm, has revealed alarming details about a recent cyber attack that dates back to late 2023.
HACKRead
Hackers Leak COVID-19 Data of 820K Dominicans, Including Vaccination Info
A massive data leak of 820,000 Dominican Republic individuals' PII on Breach Forums, including their COVID-19 vaccination status, has been identified by Resecurity.
SecurityWeek
From Warnings to Action: Preparing America’s Infrastructure for Imminent Cyber Threats
As cyber threats grow more sophisticated, America can't afford complacency. The time for decisive action and enhanced cyber resilience is now.
SecurityWeek
MITRE Hack: China-Linked Group Breached Systems in December 2023
MITRE has shared more details on the recent hack, including the new malware and a timeline of the attacker’s activities.
The Record
Scattered Spider group a unique challenge for cyber cops, FBI leader says
“It's very difficult to dismantle large organizations like this," said Brett Leatherman, deputy assistant director of the FBI’s cyber division.
Bleeping Computer
Lockbit's seized site comes alive to tease new police announcements
The NCA, FBI, and Europol have revived a seized LockBit ransomware data leak site to hint at new information being revealed by law enforcement this Tuesday.
The Cyber Express
This Week on TCE Cyberwatch: AI Rise, Government Crackdowns, and Global Cybercrime
The digital world continues to spin at breakneck speed, and this week's TCE Cyberwatch brings you the latest updates on
Ars Technica
Counterfeit Cisco gear ended up in US military bases, used in combat operations
"One of the largest counterfeit-trafficking operations ever."
Cyber Security News
Florida Man Arrested For Selling Fake Cisco Device To U.S. Military
Onur Aksoy, a forty-year-old resident of Florida and dual citizen of Turkey and the United States, was found guilty of running a large
Bleeping Computer
CEO who sold fake Cisco devices to US military gets 6 years in prison
Onur Aksoy, the CEO of a group of companies controlling multiple online storefronts, was sentenced to six and a half years in prison for selling $100 million worth of counterfeit Cisco network equipment to government, health, education, and military organizations worldwide.
The Cyber Express
Outabox Data Breach Exposes PII of more than 1 Million Australian Club Visitors
Over a million Australians who frequented pubs and clubs have likely had their critical information exposed in Outabox data breach,
DarkReading
Shadow APIs: An Overlooked Cyber-Risk for Orgs
Unmanaged and unknown Web services endpoints are just some of the challenges organizations must address to improve API security.
Infosecurity News
Lawsuits and Company Devaluations Await For Breached Firms
New report from Netwrix reveals unplanned expenses impact half of breached firms, including a surge in lawsuits
Ars Technica
US government auctions 5.34-petaflop Cheyenne supercomputer
145,152-core supercomputer was 20th most powerful in the world in 2016.
DarkReading
To Damage OT Systems, Hackers Tap USBs, Old Bugs & Malware
USBs have something the newest, hottest attack techniques lack: the ability to bridge air gaps.
Infosecurity News
Ransom Payments Surge by 500% to an Average of $2m
Sophos found that the average ransom payment was $2m in 2023, with 63% of ransom demands $1m or more
The Cyber Express
Ransomware Group LockBit Claims Responsibility for Cannes Hospital Cyberattack
The LockBit ransomware group has allegedly claimed responsibility for an earlier Cannes Hospital cyberattack impacting the Cannes Simone Veil Hospital
The Record
Hacker who blackmailed psychotherapy patients sentenced to six years in prison
Aleksanteri Kivimäki, formerly known by the first name Julius and the hacker handle Zeekill, was convicted on all charges relating to the hack of Helsinki-based Vastaamo.
DarkReading
Okta: Credential-Stuffing Attacks Spike via Proxy Networks
Okta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks.
Ars Technica
Account compromise of “unprecedented scale” uses everyday home devices
Credential-stuffing attack uses proxies to hide bad behavior.
SecurityWeek
How TikTok Grew From a Fun App for Teens Into a Potential National Security Threat
History of TikTok and how it many view it as a national security threat based on connections to China.
SecurityWeek
Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies
Okta warns of an increase in credential stuffing attacks leveraging anonymizing services such as DataImpulse, Luminati, and NSocks.
Infosecurity News
Okta Warns Customers of Credential Stuffing Barrage
Okta has issues customers with new advice on how to block mounting credential stuffing attacks
CyberSecurity Dive
FTC broadens health breach notification rule
Regulators have been pursuing more enforcement actions against health applications sharing consumers’ data. Friday’s final rule should give those actions more heft.
Security Affairs
The Los Angeles County Department of Health Services disclosed a data breach
Los Angeles County Department of Health Services reported a data breach that exposed thousands of patients' personal and health information.
Security Affairs
Multiple Brocade SANnav SAN Management SW flaws allow device compromise
Multiple flaws in Brocade SANnav storage area network (SAN) management application can allow to compromise impacted appliances.
Security Affairs
Okta warns of unprecedented scale in credential stuffing attacks on online services
Identity and access management services provider Okta warned of a spike in credential stuffing attacks aimed at online services.
The Hacker News
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
Okta is sounding the alarm on an unprecedented spike in credential stuffing attacks targeting online services.
SecurityWeek
Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day
More than 1,400 CrushFTP servers remain vulnerable to an actively exploited zero-day for which PoC has been published.
SecurityWeek
In Other News: China Hacked Volkswagen, DDoS Service Shutdown, Rubrik IPO
Noteworthy stories that might have slipped under the radar: Volkswagen hacked by Chinese threat group, DDoS service shut down, Rubrik IPO.
The Cyber Express
Thoma Bravo Acquires UK Cybersecurity Leader Darktrace in $5.3 Billion Deal
American private equity firm Thoma Bravo has inked an agreement to acquire British cybersecurity giant Darktrace for $4.6bn. This all-cash
Security Affairs
+1,400 CrushFTP servers vulnerable to CVE-2024-4040
Over 1,400 CrushFTP internet-facing servers are vulnerable to attacks exploiting recently disclosed CVE-2024-4040 vulnerability.
Security Affairs
CISA adds Cisco ASA and FTD and CrushFTP VFS flaws to its Known Exploited Vulnerabilities catalog
CISA adds Cisco ASA and FTD and CrushFTP VFS vulnerabilities to its Known Exploited Vulnerabilities catalog.
Bleeping Computer
LA County Health Services: Patients' data exposed in phishing attack
The L.A. County's Department of Health Services, the second-largest public health care system in the United States, disclosed a data breach after patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees.
Bleeping Computer
LA County Health Services: Patients' data exposed in phishing attack
The Los Angeles County Department of Health Services disclosed a data breach after thousands of patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees.
Bleeping Computer
Reddit down in major outage blocking access to web, mobile apps
Reddit is investigating a major outage blocking users worldwide from accessing the social network's websites and mobile apps.
SecurityWeek
Predictive Security Startup BforeAI Raises $15 Million
Predictive attack intelligence and risk protection startup BforeAI has raised $15 million in a Series A funding round led by SYN Ventures.
Infosecurity News
11% of Cybersecurity Teams Have Zero Women
A new ISC2 study highlights the lack of diversity in cybersecurity with only 4% of teams having a majority of women, while 11% have none at all
Infosecurity News
BEC and Fund Transfer Fraud Top Insurance Claims
Email-borne fraud accounted for more insurance claims than any other category in 2023, says Coalition
SecurityWeek
Cisco Systems Joins Microsoft, IBM in Vatican Pledge to Ensure Ethical Use and Development of AI
Cisco Systems joined Microsoft and IBM in signing onto a Vatican-sponsored pledge to ensure AI is developed and used ethically.
SC Magazine
After a 19-month saga, Broadcom finally patches Brocade SANnav bugs
Security pros say given the complexity of SAN management tools, it’s understandable the patches took so long.
Bleeping Computer
Maximum severity Flowmon bug has a public exploit, patch now
Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility.
DarkReading
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs
An exploit for the vulnerability allows attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.
Infosecurity News
Leeds Talent Pool Attracts BlueVoyant’s First UK SOC
The proximity of organizations’ headquarters, like Asda’s and NHS England’s, prompted BlueVoyant to choose Leeds as the location for its first UK SOC
.webp)
Cyber Security News
Proton Mail Unveils Dark Web Monitoring to Check for Credentials Leaks
Proton’s Dark Web Monitoring operates by scanning various hubs on the dark web, such as hacking forums and marketplaces.
SecurityWeek
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor
The LockBit ransomware gang leaks 1 Gb of data allegedly stolen from government contractor Tyler Technologies.
Security Affairs
A cyber attack paralyzed operations at Synlab Italia
A cyber attack has been disrupting operations at Synlab Italy, a leading provider of medical diagnosis services, since April 18.
DarkReading
Nations Require Licensure of Cybersecurity Pros
Malaysia, Singapore, and Ghana are among first countries to mandate licenses for cybersecurity firms to do business, but concerns remain.
SecurityWeek
CrushFTP Patches Exploited Zero-Day Vulnerability
CrushFTP patches a zero-day vulnerability allowing unauthenticated attackers to escape the VFS and retrieve system files.
Infosecurity News
CrushFTP File Transfer Vulnerability Lets Attackers Download System Fi
CrushFTP is urging customers to download v11 of its file transfer platform, with attackers actively exploiting a vulnerability that allows them to download system files
SecurityWeek
Thousands of Palo Alto Firewalls Potentially Impacted by Exploited Vulnerability
Shadowserver has identified roughly 6,000 internet-accessible Palo Alto Networks firewalls potentially vulnerable to CVE-2024-3400.
The Cyber Express
Alleged Luxor Data Breach: Sensitive Information from Indian Stationery Giant Leaked
A dark web user has allegedly claimed a breach involving Luxor International Private Limited, a prominent Indian manufacturer of stationery
The Cyber Express
The 2024 India Elections Cyber Crisis: AI, Deepfakes, and Democratic Integrity
India is currently hosting its general elections, spanning from April 19 to June 1, 2024, across seven phases to elect
The Record
CrushFTP urges customers to patch file transfer tool ‘ASAP’
Two of the biggest cybersecurity incidents in 2023 revolved around zero-day vulnerabilities in file transfer tools.
The Record
HHS strengthens privacy protections for reproductive health patients and providers
The rules will bar doctors, insurers and other health-care groups from making health information available to state officials investigating, prosecuting, or filing a lawsuit against a patient or provider.
SC Magazine
Authorities investigate LabHost users after phishing service shut down
The alleged creator of the phishing-as-a-service malware was among those apprehended in the international operation.
Security Affairs
Critical CrushFTP zero-day exploited in attacks in the wild
Threat actors exploited a critical zero-day vulnerability in the CrushFTP enterprise in targeted attacks, Crowdstrike experts warn.
The Cyber Express
MITRE Hit in Massive Supply Chain Attack: State-Backed Hackers Exploit Zero-Days
The MITRE Corporation revealed on April 19 that it was one of over 1700 organizations compromised by a state-backed hacking
The Hacker News
Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack
A critical vulnerability (CVE-2024-3400) in Palo Alto Networks PAN-OS is being actively exploited by threat actors.
Bleeping Computer
MITRE says state hackers breached its network via Ivanti zero-days
The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.
Security Affairs
Law enforcement operation dismantled phishing-as-a-service platform LabHost
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.
DarkReading
Break Security Burnout: Combining Leadership With Neuroscience
Industry leaders aim to solve the threat to both the mental health of workers and security of organizations with solutions that recognize the enormous pressures facing cybersecurity professionals.
SecurityWeek
Phishing Platform LabHost Shut Down by Law Enforcement
LabHost, a major phishing-as-a-service platform, has been shut down as part of a major law enforcement operation.
The Hacker News
Global Police Operation Disrupts 'LabHost' Phishing Service, Over 30 Arrested Worldwide
An international law enforcement operation has busted LabHost, a notorious cybercrime service used for phishing attacks.
Bleeping Computer
LabHost phishing service with 40,000 domains disrupted, 37 arrested
The LabHost phishing-as-a-service (PhaaS) platform has been disrupted in a year-long global law enforcement operation that compromised the infrastructure and arrested 37 suspects, among them the original developer.
Loading more articles....