Google Chrome extensions targeted by hackers to steal user passwords

Cyberhaven has confirmed its Google Chrome extension was the subject of a Christmas Eve cyberattack, exposing sensitive customer data like passwords and session tokens. In a statement, the data loss prevention company noted the attack showed signs of being part Read More …

How the ransomware attack at Change Healthcare went down – a timeline

A ransomware attack earlier this year on UnitedHealth-owned health tech company Change Healthcare likely stands as one of the largest data breaches of U.S. health and medical data in history. Months after the February data breach, a “substantial proportion of Read More …

Hackers could take over your email account by stealing cookies, even if you have MFA

Most of us don’t think twice about checking the “Remember me” box when we log in. When you log in and the server has verified your authentication—straight away or after using MFA–the server creates a session and generates a unique Read More …

Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of Read More …

‘Two-factor authentication may have stopped Synnovis cyber attack’

The cyber attack on pathology provider Synnovis could have been prevented by two-factor authentication, according to Beverley Bryant, strategic advisor in the frontline digitisation team at NHS England. Speaking at the Health Excellence Through Technology (HETT) conference on 24 September Read More …

Optus and Medibank Data Breach Cases Allege Cyber Security Failures

2022 was a big year for cyber security breaches in Australia. Both telecommunications provider Optus and private health insurer Medibank suffered large-scale data breaches affecting tens of millions of Australians, leading to heightened regulatory and business focus on cyber security Read More …

‘RockYou2024’: Nearly 10 billion passwords leaked online

On a popular hacking form, a user has leaked a file that contains 9,948,575,739 unique plaintext passwords. The list appears to be a compilation of passwords that were obtained during several old and more recent data breaches. The list is Read More …

Twilio data breach gets a whole lot worse as it confirms hackers accessed Authy user phone numbers

The recent data breach affecting Twilio may have taken a rather unfortunate extra turn after new reports claim the hackers can single out Authy users from the archives. The infamous ShinyHunters hacking collective recently said it stole 33 million phone Read More …

Social Engineering Tactics Targeting Healthcare & Public Health Entities and Providers

Access to employees’ email accounts, and then pivoted to specifically target login information related to the processing of reimbursement payments to insurance companies, medicare, or similar entities. To gain initial access to victim networks, the threat actor acquired credentials through Read More …