- 1.9m patient records exposed in healthcare debt collector ransomware attack
July 13, 2022
Professional Finance Company, a Colorado-based debt collector whose customers include hundreds of US hospitals, medical clinics, and dental groups, recently disclosed that private data – including names, addresses, social security numbers, and health records – for more than 1.9 million people was exposed during a ransomware infection. In a notice posted on its website, PFC ...
- How America’s Cargo Ports Defend Against Cyberthreats
July 13, 2022
America’s ports move approximately $5.4 trillion in goods annually, making them a unique target for cybercriminals. Protecting these transportation hubs is essential to preserving the supply chain and keeping the U.S. economy running. More than 500 cyberattacks occurred in the marine industry in 2020, according to the U.S. Coast Guard. These exploits are aimed at both ...
- From cookie theft to BEC: Attackers use AiTM phishing sites as entry point to further financial fraud
July 12, 2022
A large-scale phishing campaign that used adversary-in-the-middle (AiTM) phishing sites stole passwords, hijacked a user’s sign-in session, and skipped the authentication process even if the user had enabled multifactor authentication (MFA). The attackers then used the stolen credentials and session cookies to access affected users’ mailboxes and perform follow-on business email compromise (BEC) campaigns against ...
- New 0mega ransomware targets businesses in double-extortion attacks
July 8, 2022
A new ransomware operation named ‘0mega’ targets organizations worldwide in double-extortion attacks and demands millions of dollars in ransoms. 0mega (spelled with a zero) is a new ransomware operation launched in May 2022 and has attacked numerous victims since then. A ransomware sample for the 0mega operation hasn’t yet been found, therefore there’s not much information on ...
- Free decryptor released for AstraLocker, Yashma ransomware victims
July 8, 2022
New Zealand-based cybersecurity firm Emsisoft has released a free decryption tool to help AstraLocker and Yashma ransomware victims recover their files without paying a ransom. The free tool is available for download from Emsisoft’s servers, and it allows you to recover encrypted files using easy-to-follow instructions available in this usage guide . “Be sure to quarantine the ...
- Quantum ransomware attack affects 657 healthcare orgs
July 7, 2022
Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations. Founded in 1904, PFC helps thousands of healthcare, government, and utility organizations across the U.S. ensure that customers pay their invoices on time. The company started notifying the ...
- Brand-New HavanaCrypt Ransomware Poses as Google Software Update App, Uses Microsoft Hosting Service IP Address as C&C Server
July 6, 2022
Recently, Trend Micro researchers found a brand-new ransomware family that employs a similar scheme: It disguises itself as a legitimate Google Software Update application and uses a Microsoft web hosting service IP address as its command-and-control (C&C) server to circumvent detection. Their investigation also shows that this ransomware uses the QueueUserWorkItem function, a .NET System.Threading ...
- To stop quantum hackers, the US just chose these four quantum-resistant encryption algorithms
July 6, 2022
The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has selected four quantum-resistant cryptographic algorithms for general encryption and digital signatures. NIST, a US standards setting body and research organization within the Department of Commerce, announced the four algorithms after a six-year period assessing potential quantum-resistant (QR) alternatives to today’s cryptographic algorithms for ...
- North Korean State-Sponsored Cyber Actors Use Maui Ransomware to Target the Healthcare and Public Health Sector
July 6, 2022
The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury (Treasury) are releasing this joint Cybersecurity Advisory (CSA) to provide information on Maui ransomware, which has been used by North Korean state-sponsored cyber actors since at least May 2021 to target Healthcare and Public Health (HPH) Sector ...
- Ransomware, hacking groups move from Cobalt Strike to Brute Ratel
July 6, 2022
Hacking groups and ransomware operations are moving away from Cobalt Strike to the newer Brute Ratel post-exploitation toolkit to evade detection by EDR and antivirus solutions. Corporate cybersecurity teams commonly consist of employees who attempt to breach corporate networks (red team) and those who actively defend against them (blue team). Both teams then share notes after ...