• MCNA Dental data breach impacts 8.9 million people after ransomware attack

    May 29, 2023

    Managed Care of North America (MCNA) Dental has published a data breach notification on its website, informing almost 9 million patients that their personal data were compromised. MCNA Dental is one of the largest government-sponsored (Medicaid and CHIP) dental care and oral health insurance providers in the U.S. Read more… Source: Bleeping Computer  

  • New York county still dealing with ransomware eight months after attack

    May 29, 2023

    The fallout from an eight-month-old cyber attack on a county in Long Island, New York has devolved into mud-slinging as leaders try to figure out just what is going on. Suffolk County was hit with a ransomware attack in early September 2022, which led county executive Steve Bellone to issue nine separate emergency declarations, Long ...

  • Lazarus hackers target Windows IIS web servers for initial access

    May 29, 2023

    The notorious North Korean state-backed hackers, known as the Lazarus Group, are now targeting vulnerable Windows Internet Information Services (IIS) web servers to gain initial access to corporate networks. Lazarus is primarily financially motivated, with many analysts believing that the hackers’ malicious activities help fund North Korea’s weapons development programs. However, the group has also been ...

  • Hot Pixels attack checks CPU temp, power changes to steal data

    May 27, 2023

    A team of researchers at Georgia Tech, the University of Michigan, and Ruhr University Bochum have developed a novel attack called “Hot Pixels,” which can retrieve pixels from the content displayed in the target’s browser and infer the navigation history. The attack exploits data-dependent computation times on modern system-on-a-chip (SoCs) and graphics processing units (GPUs) and ...

  • US govt pushes spyware to other countries? Senator Wyden would like a word

    May 26, 2023

    The US International Trade Administration (ITA) has admitted it promotes the sale of American-approved commercial spyware to foreign governments, and won’t answer questions about it, according to US Senator Ron Wyden (D-OR). Wyden, in a letter to US Commerce Secretary Gina Raimondo, has demanded answers about the surveillance and policing tech that ITA – a US ...

  • CISA Adds One Known Exploited Vulnerability to Catalog

    May 26, 2023

    CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-2868 Barracuda Networks ESG Appliance Improper Input Validation Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Releases ...

  • US govt contractor ABB confirms ransomware attack, data theft

    May 26, 2023

    Swiss tech multinational and U.S. government contractor ABB has confirmed that some of its systems were impacted by a ransomware attack, previously described by the company as “an IT security incident.” It also revealed that the attackers had stolen data from compromised devices and that it would notify affected individuals if their information was impacted in ...

  • Mercenary mayhem: A technical analysis of Intellexa’s PREDATOR spyware

    May 25, 2023

    Commercial spyware use is on the rise, with actors leveraging these sophisticated tools to conduct surveillance operations against a growing number of targets. Cisco Talos has new details of a commercial spyware product sold by the spyware firm Intellexa (formerly known as Cytrox). Cisco Talos research specifically looks at two components of this mobile spyware suite ...

  • Volt Typhoon targets US critical infrastructure with living-off-the-land techniques

    May 24, 2023

    Microsoft has uncovered stealthy and targeted malicious activity focused on post-compromise credential access and network system discovery aimed at critical infrastructure organizations in the United States. The attack is carried out by Volt Typhoon, a state-sponsored actor based in China that typically focuses on espionage and information gathering. Microsoft assesses with moderate confidence that this Volt ...

  • New PowerExchange malware backdoors Microsoft Exchange servers

    May 24, 2023

    A new PowerShell-based malware dubbed PowerExchange was used in attacks linked to APT34 Iranian state hackers to backdoor on-premise Microsoft Exchange servers. After infiltrating the mail server via a phishing email containing an archived malicious executable, the threat actors deployed a web shell named ExchangeLeech (first observed by the Digital14 Incident Response team in 2020) that ...

  • IT security analyst admits hijacking cyber attack to pocket ransom payments

    May 24, 2023

    A former IT security analyst at Oxford Biomedica has admitted, five years after the fact, to turning to the dark side – by hijacking a cyber attack against his own company in an attempt to divert any ransom payments to himself. Ashley Liles, of Letchworth Garden City, Hertfordshire, pleaded guilty at Reading Crown Court to blackmail ...

  • Arms maker Rheinmetall confirms BlackBasta ransomware attack

    May 23, 2023

    German automotive and arms manufacturer Rheinmetall AG confirms that it suffered a BlackBasta ransomware attack that impacted its civilian business. On Saturday, May 20th, 2023, BlackBasta posted Rheinmetall on its extortion site along with samples of the data the hackers claimed to have stolen from the German company. Read more… Source: Bleeping Computer  

  • CISA and Partners Update the #StopRansomware Guide

    May 23, 2023

    Today, CISA, the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC) published an updated version of the #StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initial release in 2020. The update incorporates lessons learned from the past two years and ...

  • Apria Healthcare says potentially 2M people caught up in IT security breach

    May 23, 2023

    Personal and financial data describing almost 1.9 million Apria Healthcare patients and employees may have been accessed by crooks who breached the company’s networks over a series of months in 2019 and 2021. The home healthcare equipment provider, which says it serves about two million patients from 280 locations across America, said it discovered the intrusion ...

  • Meet the GoldenJackal APT group. Don’t expect any howls

    May 23, 2023

    GoldenJackal is an APT group, active since 2019, that usually targets government and diplomatic entities in the Middle East and South Asia. Despite the fact that they began their activities years ago, this group is generally unknown and, as far as Kaspersky understands, has not been publicly described. Their researchers started monitoring the group in mid-2020 ...

  • Dish confirms 300,000 people’s data was exposed in February’s attack

    May 23, 2023

    Dish Network has admitted that a February cybersecurity incident and associated multi-day outage led to the extraction of data on nearly 300,000 people, while also appearing to indirectly admit it may have paid cybercriminals to delete said data. Dish customers can rest easy, at the very least, as the company said in a sample letter posted ...

  • Ireland’s cyber security agency has been providing ‘non-lethal aid’ to Ukraine

    May 23, 2023

    Ireland’s National Cyber Security Centre (NCSC) has been providing “non-lethal aid” to Ukraine amid the ongoing Russian invasion, TDs and Senators have been told. Dr Richard Browne, the director of the NCSC, said the assistance has been given in “significant volumes” and “helping Ukraine helps us better protect the people of Ireland.” Read more… Source: The Irish Times  

  • CISA Releases Four Industrial Control Systems Advisories

    May 23, 2023

    CISA released four Industrial Control Systems (ICS) advisories on May 23, 2023. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-23-143-01 Hitachi Energy AFS65x, AFS67x, AFR67x and AFF66x Products ICSA-23-143-02 Hitachi Energy RTU500 Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency Related story: CISA Adds Three Known Exploited Vulnerabilities to Catalog   

  • Dorchester school IT system held to ransom in cyber attack

    May 23, 2023

    A school has been left unable to use email or accept payments following a cyber attack. Thomas Hardye School in Dorchester said its screens and systems had been locked since being targeted on Sunday. It said the attack was accompanied by a ransom demand, payable on the dark web. Read more… Source: BBC News  

  • Don’t @ Me: URL Obfuscation Through Schema Abuse

    May 22, 2023

    A technique is being used in the distribution of multiple families of malware that obfuscates the end destination of a URL by abusing the URL schema. Mandiant tracks this adversary methodology as “URL Schema Obfuscation”. The technique could increase the likelihood of a successful phishing attack, and could cause domain extraction errors in logging or security ...