- Grubhub confirms data breach, both drivers and customers are affected
February 4, 2025
Grubhub, the food delivery service, has been hacked. On Monday, the company confirmed a data breach that affects both its drivers and customers. According to Grubhub, the malicious actor was able to gain entry into its systems via a third-party vendor that provides services for Grubhub’s support team. The hacker was able to access private information connected ...
- Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst
February 4, 2025
ELF/Sshdinjector.A!tr is a collection of malware that can be injected into the SSH daemon. Samples of this malware collection surfaced around mid-November 2024. While Fortinet researchers have a good amount of threat intelligence on them (e.g., they are attributed to the DaggerFly espionage group and were used during the Lunar Peek campaign against network appliances), nobody ...
- Spyware maker Paragon confirms US government is a customer
February 4, 2025
Israeli spyware maker Paragon Solutions confirmed to TechCrunch that it sells its products to the U.S. government and other unspecified allied countries. Paragon’s executive chairman John Fleming said in a statement to TechCrunch on Tuesday that “Paragon licenses its technology to a select group of global democracies — principally, the United States and its allies.” Fleming ...
- Deloitte to provide Rhode Island $5 million toward data breach aftermath expense
February 4, 2025
Deloitte will provide Rhode Island with $5 million to go toward paying expenses related to the RIBridges data breach that took place in December of 2024. Separately, Deloitte will also cover the cost of the data breach call center, credit monitoring for affected Rhode Islanders and identity protection, according to a statement from Rhode Island Governor ...
- CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks
February 4, 2025
In September, 2024 the Zero Day Initiative (ZDI) Threat Hunting team identified the exploitation of a 7-Zip zero-day vulnerability used in a SmokeLoader malware campaign targeting Ukrainian entities. The vulnerability, CVE-2025-0411, was disclosed to 7-Zip creator Igor Pavlov, leading to the release of a patch in version 24.09 on November 30, 2024. CVE-2025-0411 allows the bypassing ...
- Funksec Ransomware Teams Up with Another Ransomware Group to Double Down on Targets
February 3, 2025
FunkSec is a relatively new but highly active ransomware group that, as of this writing, has targeted several dozen victims across industries like government, banking, communications, and education. In a recent blog post, the group announced a partnership with another ransomware outfit, FSociety, aiming to carry out attacks more efficiently. This week, SonicWall Capture Labs research ...
- Gov. Abbott looks to combat cyber attacks with Texas Cyber Command
February 3, 2025
Gov. Greg Abbott announced plans to create a Texas Cyber Command to be headquartered in San Antonio during his annual State of the State address Sunday evening. The Texas Cyber Command would create a strategy for the state to address cyber security concerns. Abbott said in his address Sunday that with increases in cyber attacks nationwide, ...
- Malicious packages deepseeek and deepseekai published in Python Package Index
February 2, 2025
As part of their research and monitoring efforts, the Supply Chain Security team of the Threat Intelligence department of the Positive Technologies Expert Security Center (PT ESC) detected and prevented a malicious campaign in the Python Package Index (PyPI) package repository. The attack targeted developers, ML engineers, and ordinary AI enthusiasts who might be interested in ...
- USAID security leaders removed after refusing Elon Musk’s DOGE employees access to secure systems
February 2, 2025
The U.S. Agency for International Development’s director of security and his deputy were placed on administrative leave Saturday after they tried to prevent employees from the Department of Government Efficiency from accessing secure USAID systems, five sources familiar with the events told NBC News. The USAID systems the DOGE team tried to access included personnel files ...
- Potential Backdoor Embedded in Contec Health CMS8000 Patient Monitor Firmware
January 31, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published a medical product advisory for the Contec Health CMS8000 Patient Monitor to address one critical and two high severity vulnerabilities. The Contec CMS8000 is a patient monitor used to display real-time information such as the vital signs of a patient, including temperature, heartbeat, and blood pressure. ...