US cyber safety board to analyze Microsoft Exchange hack of govt emails
The Department of Homeland Security's Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud...
cybersecurity
The Week in Ransomware – August 11th 2023 – Targeting Healthcare
While some ransomware operations claim not to target hospitals, one relatively new ransomware gang named Rhysida doesn't seem to care....
Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws
Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS...
DroxiDat-Cobalt Strike Duo Targets Power Generator Network
A new variant of the SystemBC malware, paired with Cobalt Strike beacons, has been identified in a recent cyber-attack targeting...
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router
Fortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the...
Dell Compellent hardcoded key exposes VMware vCenter admin creds
An unfixed hardcoded encryption key flaw in Dell's Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter...
MoustachedBouncer hackers use AiTM attacks to spy on diplomats
Image: Midjourney A cyberespionage group named 'MoustachedBouncer' has been observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies...
Safeguarding Against Silent Cyber Threats: Exploring the Stealer Log Lifecycle
The first seven months of 2023 have seen a continued rapid evolution of the cybercrime ecosystem. Ransomware data exfiltration attacks,...
CISA: New Whirlpool backdoor used in Barracuda ESG hacks
Image: Midjourney The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor malware named 'Whirlpool' used in...
EvilProxy phishing campaign targets 120,000 Microsoft 365 users
EvilProxy is becoming one of the more popular phishing platforms to target MFA-protected accounts, with researchers seeing 120,000 phishing emails...
Hackers use open source Merlin post-exploitation toolkit in attacks
Ukraine is warning of a wave of attacks targeting state organizations using 'Merlin,' an open-source post-exploitation and command and control...
Missouri warns that health info was stolen in IBM MOVEit data breach
Missouri's Department of Social Services warns that protected Medicaid healthcare information was exposed in a data breach after IBM suffered...
Popular open source project Moq criticized for quietly collecting data
Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Distributed...
Preventative medicine for securing IoT tech in healthcare organizations
The widespread adoption of a digital transformation workspace and the shift to web applications has led to a global rise...
Rhysida ransomware behind recent attacks on healthcare
The Rhysida ransomware operation is making a name for itself after a wave of attacks on healthcare organizations has forced...
Colorado Department of Higher Education warns of massive data breach
The Colorado Department of Higher Education (CDHE) discloses a massive data breach impacting students, past students, and teachers after suffering...
New acoustic attack steals data from keystrokes with 95% accuracy
A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes...
Clop ransomware now uses torrents to leak data and evade takedowns
The Clop ransomware gang has once again altered extortion tactics and is now using torrents to leak data stolen in...
Google Play apps with 2.5M installs load ads when screen’s off
The Google Play store was infiltrated by 43 Android applications with 2.5 million installs that secretly displayed advertisements while a...
North Korean hackers ‘ScarCruft’ breached Russian missile maker
The North Korean state-sponsored hacking group ScarCruft has been linked to a cyberattack on the IT infrastructure and email server...
UK Electoral Commission data breach exposes 8 years of voter data
The UK Electoral Commission disclosed a massive data breach exposing the personal information of anyone who registered to vote in...
Tesla infotainment jailbreak unlocks paid features, extracts secrets
Researchers from the Technical University of Berlin have developed a method to jailbreak the AMD-based infotainment systems used in all...
Hackers increasingly abuse Cloudflare Tunnels for stealthy connections
Hackers are increasingly abusing the legitimate Cloudflare Tunnels feature to create stealthy HTTPS connections from compromised devices, bypass firewalls, and...
Microsoft Office update breaks actively exploited RCE attack chain
Microsoft today released a defense-in-depth update for Microsoft Office that prevents exploitation of a remote code execution (RCE) vulnerability tracked...
