The Colorado Department of Health Care Policy & Financing (HCPF) has suffered a cyberattack by the Cl0p ransomware group, resulting in the theft of personal health data belonging to approximately 4 million members of state health programs. The attack targeted the MOVEit Managed File Transfer platform, which is used by IBM, a third-party contractor with HCPF. The breach exposed personally identifiable information (PII) and personal health data, highlighting the need for organizations to protect sensitive data managed by third-party contractors.
Interpol, along with law enforcement agencies and cybersecurity firms, has shut down the notorious phishing-as-a-service platform ’16shops’ after a global investigation. The platform sold phishing kits to criminals, which were used in attacks against 70,000 victims in 43 countries. Three individuals in Indonesia and Japan were arrested in connection with the platform, highlighting the growing threat of phishing attacks and the need for international collaboration in combating cybercrime.
A new remote access trojan (RAT) called QwixxRAT is being advertised for sale on Telegram and Discord. The RAT stealthily collects sensitive data from Windows machines and sends it to the attacker’s Telegram bot, providing unauthorized access to the victim’s information. QwixxRAT has anti-analysis features and a clipper that accesses sensitive information from the device’s clipboard for illicit fund transfers.
The US Department of Justice (DOJ) has seized the web domain LolekHosted.net, which was allegedly involved in a range of crimeware-as-a-service activities. The DOJ has charged a Polish man named Artur Karol Grabowski in connection with running the service, but he is currently a fugitive. The site was a bulletproof host that facilitated cybercrime activities such as ransomware attacks, brute force attacks, and phishing.
Chinese military hackers compromised classified defense networks in Japan in 2020, gaining deep and persistent access to sensitive computer systems. The breach, one of the most damaging in Japan’s modern history, has raised concerns about cybersecurity and intelligence-sharing between the US and Japan. The Japanese government has since taken steps to strengthen its networks and boost its cybersecurity capabilities, but work remains to be done to ensure the security of critical services and military operations.
Germany’s Federal Office for the Protection of the Constitution (BfV) has warned of cyber attacks targeting Iranian dissidents since the end of 2022. The attacks, attributed to Charming Kitten, involve elaborate social engineering and phishing techniques. The threat actor impersonates journalists and NGO employees to build rapport with victims and steal their credentials.
Researchers have discovered a new financial malware called JanelaRAT that specifically targets users in Latin America. The malware is capable of capturing sensitive information from compromised Windows systems and primarily focuses on financial and cryptocurrency data from Latin American banks and financial institutions. JanelaRAT uses DLL side-loading techniques to evade detection and has the ability to capture windows titles, track mouse inputs, log keystrokes, take screenshots, and harvest system metadata.
Multiple security vulnerabilities have been discovered in CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU), which could allow unauthenticated access and potentially catastrophic damage. The vulnerabilities, ranging from authentication bypass to remote code execution, could be exploited to shut down data centers, compromise data, and launch large-scale attacks. These flaws have been addressed in the latest software and firmware updates, but the researchers warn that a single vulnerability could lead to a complete compromise of the internal network and enable attacks on connected cloud infrastructure.
Multiple security vulnerabilities have been discovered in AudioCodes desk phones and Zoom’s Zero Touch Provisioning (ZTP) that could allow attackers to gain remote control of the devices. This access could be used to eavesdrop on rooms or phone calls, attack corporate networks, and create a botnet. The vulnerabilities are related to the lack of client-side authentication in the provisioning process and improper authentication in the cryptographic routines of AudioCodes VoIP desk phones.
A high-severity security flaw has been disclosed in the Python URL parsing function that could be exploited to bypass domain or protocol filtering methods, resulting in arbitrary file reads and command execution. The flaw, assigned the identifier CVE-2023-24329, arises from a lack of input validation and can be used to bypass blocklisting methods by supplying a URL that starts with blank characters. This vulnerability has been addressed in Python versions >= 3.12, 3.8.x >= 3.8.17, and 3.7.x >= 3.7.17.
Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.