- HHS puts $50M toward hospitals’ ransomware fight
May 20, 2024
A new agency within the National Institutes of Health is launching a $50 million initiative to develop tools for hospital IT teams that enhance their cybersecurity measures and resources to combat ransomware. On May 20, the Advanced Research Projects Agency for Health introduced its Universal PatchinG and Remediation for Autonomous DEfense, or UPGRADE, program. “What if ...
- Medusa announced attack on John R. Wood Christie’s International Real Estate group
May 20, 2024
No patron information was compromised in a recent ransomware attack against John R. Wood Christie’s International Real Estate by a cyber gang known as Medusa, according to the company. Medusa announced the attack on its site, claiming it had stolen more than 1 terabyte of Wood data. The gang demanded $2 million from the real estate ...
- Healthcare company WebTPA discloses breach affecting 2.5 million people
May 17, 2024
A Texas-based company that provides health insurance and benefit plans disclosed a data breach affecting almost 2.5 million people, some of whom had their Social Security number stolen. WebTPA said in a data breach notice published earlier this month that the company detected “evidence of suspicious activity” on December 28, 2023, which prompted the company to ...
- Positive Technologies detects a series of attacks via Microsoft Exchange Server
May 17, 2024
While responding to an incident, the Incident Response team of Positive Technologies Expert Security Center (PT ESC) discovered an unknown keylogger embedded in the main Microsoft Exchange Server page of one of our customers. This keylogger was collecting account credentials into a file accessible via a special path from the internet. The team identified over 30 ...
- Two Santa Cruz students uncover security bug that could let millions do their laundry for free
May 17, 2024
A pair of university students say they found and reported earlier this year a security flaw allowing anyone to avoid paying for laundry provided by over a million internet-connected laundry machines in residences and college campuses around the world. Months later, the vulnerability remains open after CSC ServiceWorks repeatedly ignored requests to fix the flaw. Read more… Source: ...
- Springtail: New Linux Backdoor Added to Toolkit
May 16, 2024
Symantec’s Threat Hunter Team has uncovered a new Linux backdoor developed by the North Korean Springtail espionage group (aka Kimsuky) that is linked to malware used in a recent campaign against organizations in South Korea. The backdoor (Linux.Gomir) appears to be a Linux version of the GoBear backdoor, which was used in a recent Springtail campaign ...
- Tracking the Progression of Earth Hundun’s Cyberespionage Campaign in 2024
May 16, 2024
In their previous report, Trend Micro researchers introduced the sophisticated cyberespionage campaign orchestrated by Earth Hundun, a threat actor known for targeting the Asia-Pacific region using the Waterbear malware and its latest iteration, Deuterbear. We first observed Deuterbear being used by Earth Hundun in October 2022, and it has since been part of the group’s ...
- Deleted iPhone photos show up again after iOS update
May 16, 2024
iPhone owners are reporting that photos they’d deleted are now back on their phones, after updating to iOS 17.5. With so many users reporting similar oddities, it would seem something went wrong, or at least different than to be expected. When you delete a photo from an iPhone or iPad, it goes into a “Recently deleted” ...
- Payload Trends in Malicious OneNote Samples
May 16, 2024
In this post, Unt 42 researchers look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our analysis of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme where attackers use one or more images to lure people into clicking or interacting with OneNote ...
- Scammers can easily phish your multi-factor authentication codes – here’s how to avoid it
May 16, 2024
More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That’s a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. ...
- Why and how TikTok was banned in New Caledonia
May 16, 2024
Speaking in Paris on the evening of Wednesday, May 15, French Prime Minister Gabriel Attal announced that the high commissioner for the French Pacific territory of New Caledonia had “banned TikTok” across the entire archipelago, in addition to a series of measures aimed at restoring order, including deploying military personnel to protect strategic sites. For the ...