Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news

ComplianceJunction HIPAA Training Course Receives AHIMA Accreditation
Jun26

ComplianceJunction HIPAA Training Course Receives AHIMA Accreditation

The Health Insurance Portability and Accountability Act (HIPAA) applies to healthcare providers health plans, healthcare clearinghouses, and their business associates. HIPAA has important privacy and security provisions that restrict the uses and disclosures of healthcare data – termed protected health information (PHI) – and require PHI to be safeguarded at all times. HIPAA requires covered entities to implement policies and...

Read More
CISA and NSA Issue Guidance Sheets on Best Practices for Cloud Security
Mar25

CISA and NSA Issue Guidance Sheets on Best Practices for Cloud Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have jointly issued a series of five cybersecurity information sheets following increasing cyber threats targeting cloud environments. These resources are designed to assist organizations in strengthening the security posture of their cloud environments, providing invaluable guidance on best practices and recommended...

Read More
LockBit Ransomware Operation Disrupted by Law Enforcement; Decryptor Released
Feb20

LockBit Ransomware Operation Disrupted by Law Enforcement; Decryptor Released

The world’s most harmful cybercrime group – LockBit – has had its infrastructure seized in a global law enforcement operation. Law enforcement agencies from 10 countries participated in Operation Chronos, which was led by the UK National Crime Agency (NCA) and was coordinated by Europol and Eurojust. Up until the takedown, Lockbit was the most prolific ransomware group in operation. The group has been active for 4 years...

Read More
Half the Population of France Affected by Data Breaches at Healthcare Payment Processors
Feb14

Half the Population of France Affected by Data Breaches at Healthcare Payment Processors

The French Data Protection Agency, CNIL, is investigating two data breaches at healthcare payment processors that have affected around 33 million individuals –almost half the population of the country.  Viamedis and Almerys provide technological solutions for managing third-party payments for many health insurance and mutual insurance providers. The solutions provided by the firms streamline payments in France’s complex insurance...

Read More
February 2024 Patch Tuesday: Microsoft Patches 73 Flaws; 2 0Days
Feb14

February 2024 Patch Tuesday: Microsoft Patches 73 Flaws; 2 0Days

Microsoft has released patches to fix 73 flaws across its product suite on February 2024 Patch Tuesday, including 2 zero-day bugs that are being actively exploited in the wild. 5 of the vulnerabilities are rated critical, 65 are rated important, and three are rated moderate severity. Microsoft releases patches for its Chromium-based Edge browser separately and has issued 24 patches to fix vulnerabilities since January 2024 Patch...

Read More
Critical FortiOS SSL VPN Vulnerability Likely Being Exploited in Attacks
Feb09

Critical FortiOS SSL VPN Vulnerability Likely Being Exploited in Attacks

Fortinet has disclosed a new critical flaw in the FortiOS SSL VPN which is most likely already being exploited in the wild. The out-of-bounds write vulnerability – CVE-2024-21762 – in FortiOS can be exploited to execute arbitrary commands and code via specially crafted HTTPS requests and has a CVSS score of 9.6. The vulnerability is not present in FortiOS 7.6, but does affect the following versions: Version Affected Mitigations...

Read More
PRC Hackers Inside U.S. Critical Infrastructure Systems in Preparation for Devastating Cyberattacks
Feb08

PRC Hackers Inside U.S. Critical Infrastructure Systems in Preparation for Devastating Cyberattacks

The Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the Federal Bureau of Investigation (FBI) have issued an alert to all Federal agencies confirming that the People’s Republic of China (PRC) state-sponsored hacking actor Volt Typhoon has compromised multiple critical infrastructure providers in the United States and U.S. territories such as Guam. Other Chinese hacking groups also...

Read More
Ivanti Connect Secure and Policy Secure Vulnerability Under Mass Exploitation
Feb06

Ivanti Connect Secure and Policy Secure Vulnerability Under Mass Exploitation

A zero day vulnerability affecting Ivanti Connect Secure and Ivanti Policy Secure that was disclosed by Ivanti on January 31, 2023, is now under mass exploitation by multiple threat actors. The vulnerability is tracked as CVE-2024-21893 and is a server-side request forgery (SSRF) flaw that allows remote attackers to bypass authentication and access restricted resources on vulnerable devices. The vulnerability affects versions 9.x and...

Read More
AnyDesk Confirms Cyberattack and Breach of Production Environment
Feb05

AnyDesk Confirms Cyberattack and Breach of Production Environment

AnyDesk, one of the most popular remote desktop software providers with more than 170,000 customers globally, has recently confirmed it fell victim to a cyberattack. Hackers gained access to its production environment and stole source code and private code-signing keys. Suspicious activity was detected on their production servers and a security audit was initiated that confirmed the unauthorized access. Assisted by CrowdStrike,...

Read More
Is Intuit QuickBooks HIPAA Compliant?
Jan29

Is Intuit QuickBooks HIPAA Compliant?

Intuit QuickBooks is not HIPAA compliant unless the downloadable version of the software is deployed in a HIPAA compliant hosting service that prevents Intuit from accessing Protected Health Information (PHI) used in accounting and management activities. As this option is rarely cost-effective, it is recommended healthcare providers that want to use PHI with accounting and management software look for a QuickBooks HIPAA compliant...

Read More
The Mother of All Breaches: Exposed Database Contains 26 Billion Records
Jan23

The Mother of All Breaches: Exposed Database Contains 26 Billion Records

Cybersecurity researcher Bob Diachenko of Security Discovery and the team at CyberNews have uncovered what is thought to be the largest-ever collection of stolen data, consisting of more than 26 billion records. The database they identified on an open storage instance contains an astonishing 12 TB of data, and while there are likely to be duplicates in the database it is still thought to be the biggest collection of stolen data ever...

Read More
74% of Organizations Punish Employees for Phishing Failures
Jan23

74% of Organizations Punish Employees for Phishing Failures

Many cybersecurity threats keep cybersecurity professionals awake at night but phishing attacks top of the list. According to a recent survey of cybersecurity professionals by the email security software company Egress, 95% of security professionals are stressed about email security, and for good reason. The study revealed 94% of organizations have suffered phishing attacks in the past 12 months, up 2% from last year, and 91% said...

Read More
Mass Exploitation of Ivanti VPN and NAC Zero-Day Vulnerabilities Detected
Jan16

Mass Exploitation of Ivanti VPN and NAC Zero-Day Vulnerabilities Detected

On January 10, 2024, Ivanti disclosed two zero day vulnerabilities in Ivanti Connect Secure VPN and Policy Secure NAC appliances that have been actively exploited since December. The vulnerabilities were identified by security researchers at Volexity. According to the researchers, the vulnerabilities were exploited to deliver custom malware tools for espionage purposes. At the time, Ivanti said only a small number of customers had...

Read More
Popular Password Manager Starts Enforcing 12-Character Master Passwords
Jan08

Popular Password Manager Starts Enforcing 12-Character Master Passwords

While there are different schools of thought on password complexity, security experts agree that when it comes to making passwords difficult to guess, the longer the password is the better. Regardless of what the password consists of, the longer the password is, the longer it will take a hacker to crack it. LastPass, one of the most popular password manager providers, has long recommended that users set long and complex passwords for...

Read More
Black Basta Ransomware Decryptor Developed
Jan03

Black Basta Ransomware Decryptor Developed

Researchers at Security Research (SR) Labs have recently announced that they identified a weakness in the encryption algorithm used by Black Basta ransomware which can allow certain victims to recover their files for free. The researchers have released a suite of Black Basta Buster decryptor tools, that can be used for free. Black Basta ransomware uses intermittent encryption, which makes the encryption process more efficient and...

Read More
Ivanti Patches 13 Critical Avalanche Mobile Device Management Vulnerabilities
Dec21

Ivanti Patches 13 Critical Avalanche Mobile Device Management Vulnerabilities

Ivanti has released 22 patches to fix vulnerabilities in the Avalanche mobile device management solution, 13 of which are rated critical. Ivanti Avalanche is an enterprise MDM solution that can be used to manage more than 100,000 mobile devices, including tablets and warehouse scanners to keep them secured, available, and accessible. This week, Ivanti released Avalanche version 6.4.2 which addresses 22 flaws and hardens security. The...

Read More
Google Patches Actively Exploited Zero-Day Bug in Chrome
Dec21

Google Patches Actively Exploited Zero-Day Bug in Chrome

A high-severity zero day vulnerability in the Google Chrome browser is being actively exploited in the wild. The vulnerability is tracked as CVE-2023-7024 and is a heap buffer overflow in the WebRTC framework. The open source WebRTC framework is used by many web browsers to give them real-time communication capabilities. The vulnerability was identified by Clément Lecigne and Vlad Stolyarov of Google’s Threat Analysis Group...

Read More
FBI Seizes BlackCat Infrastructure – ALPHV Responds by Removing Restrictions for Affiliates
Dec20

FBI Seizes BlackCat Infrastructure – ALPHV Responds by Removing Restrictions for Affiliates

An international law enforcement operation has successfully disrupted the APHV/Blackcat ransomware operation. The Federal Bureau of Investigation (FBI) was able to gain access to the ransomware group’s servers and obtain decryption keys, which allowed the FBI to develop a decryption tool to help victims recover their files without paying the ransom. According to an announcement by the U.S. Department of Justice, the FBI was able to...

Read More
Microsoft Patches 34 Vulnerabilities and One 0Day on December Patch Tuesday
Dec13

Microsoft Patches 34 Vulnerabilities and One 0Day on December Patch Tuesday

December 2023 Patch Tuesday was light on fixes for vulnerabilities, with patches released for just 34 CVEs, including one zero-day vulnerability. The 34 vulnerabilities include four critical flaws, with the remainder rated important. These are in addition to several patches to fix flaws in Microsoft Edge that have been issued since November Patch Tuesday. The zero-day vulnerability was publicly disclosed in August 2023. The...

Read More
23andMe Confirms Hacker Stole Data of 6.9 Million Users
Dec05

23andMe Confirms Hacker Stole Data of 6.9 Million Users

On Friday, the direct-to-consumer genetic testing company, 23andMe, confirmed that hackers gained access to the personal information of approximately 6.9 million customers in an October 2023 cyberattack. The incident came to light when a hacker posted on an online forum claiming they had obtained the profile information of millions of users and offered the data for sale. 23andMe investigated to determine the validity of the claims and...

Read More
Ardent Health System Ransomware Attack Affects Hospitals in Multiple States
Nov29

Ardent Health System Ransomware Attack Affects Hospitals in Multiple States

A U.S. healthcare provider that operates hospitals in 6 states suffered a ransomware attack that has caused outages at several of its hospitals. Ardent Health Services said it first identified an intrusion on the morning of November 23, 2023, and launched an investigation that later revealed it was a ransomware attack. On Thanksgiving Day, several of the hospitals in its network reported network outages. Without access to critical IT...

Read More
Max Severity OwnCloud Flaw Actively Exploited in the Wild
Nov28

Max Severity OwnCloud Flaw Actively Exploited in the Wild

A critical vulnerability in OwnCloud, a popular open-source self-hosted file synchronization and sharing solution, has started to be exploited by cyber actors. The vulnerability affects the Graphapi app, which relies on a third-party GetPhpinfo.php library that provides a URL. When the URL is accessed, it reveals the configuration of the PHP environment, which includes all of the environment variables of the webserver. In a...

Read More
COO of Cybersecurity Company Pleads Guilty to Attack on Georgia Hospitals to Drum up Business
Nov21

COO of Cybersecurity Company Pleads Guilty to Attack on Georgia Hospitals to Drum up Business

The former chief operating officer (COO) of a cybersecurity firm who hacked two hospitals in an attempt to win business has changed his plea to guilty in an attempt to avoid a lengthy jail term. On September 27, 2018, two hospitals that are part of Gwinnett Medical Center (GMC) in Georgia suffered cyberattacks that disrupted their phone systems and printers. Access was gained to the phone system and a command was sent that disabled...

Read More
CISA Publishes Healthcare Cybersecurity Mitigation Guide
Nov20

CISA Publishes Healthcare Cybersecurity Mitigation Guide

In New York state, the healthcare industry was the most targeted critical infrastructure sector in 2022 and attacks in the first half of 2023 have more than doubled. The HHS’ Office for Civil Rights reports that hacking incidents now account for 77% of all healthcare data breaches of 500 or more records nationwide and there has been a 278% increase in ransomware attacks in the past 4 years. So far in 2023, more than 102 million...

Read More
Microsoft Patches 5 Zero-Days on November 2023 Patch Tuesday
Nov15

Microsoft Patches 5 Zero-Days on November 2023 Patch Tuesday

On November 2023 Patch Tuesday, Microsoft released patches to fix 63 vulnerabilities across its product suite, including 5 zero-day flaws, 3 of which are known to be actively exploited in the wild. Only 3 of the vulnerabilities have been rated critical, with 56 rated important, and four rated moderate severity. Microsoft has also released patches to fix 35 vulnerabilities in the Microsoft Edge browser since October 2023 Path Tuesday....

Read More
Feds Warn of Potential Rebrand of Royal Ransomware Group
Nov14

Feds Warn of Potential Rebrand of Royal Ransomware Group

A joint Cybersecurity Advisory> has been issued by the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) that includes updated information on the tactics, techniques, and procedures (TTPs) and Indicators of Compromise (IoCs) associated with the Royal ransomware group. Royal ransomware has been active since at least September 2022, and over the past 14 months is known to have...

Read More
American Hospital Association Files Lawsuit Against HHS Over Tracking Technology Guidance
Nov07

American Hospital Association Files Lawsuit Against HHS Over Tracking Technology Guidance

In December 2022, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued guidance for entities regulated by the Health Insurance Portability and Accountability Act (HIPAA) on the use of pixels and other website tracking technologies. According to the guidance, these technologies were essentially banned, as they allowed individually identifiable health information to be captured on websites and apps with...

Read More
Critical Atlassian Confluence Data Center and Server Vulnerability Exploited by Ransomware Gangs
Nov07

Critical Atlassian Confluence Data Center and Server Vulnerability Exploited by Ransomware Gangs

On October 31, 2023, Atlassian issued a security advisory about a critical vulnerability that affected all versions of Confluence Data Center and Server. The improper authorization vulnerability is tracked as CVE-2023-22518 and was assigned a CVSS severity score of 9.1 out of 10.  Successful exploitation of the vulnerability allows an unauthenticated attacker to reset Confluence and create a Confluence instance administrator account....

Read More

Four Zero-Day MS Exchange Flaws Identified that Allow RCE and Data Theft

Four zero-day vulnerabilities have been identified in Microsoft Exchange that can lead to the disclosure of sensitive information and even remote code execution. The flaws were discovered by security researchers at Trend Micro’s Zero Day Initiative (ZDI) and were reported to Microsoft on September 7th and September 8th, 2023. Despite knowing about the flaws for two months, patches have yet to be released to fix the flaws, as Microsoft...

Read More
25 LastPass Users Had $4.4 in Million in Crypto Stolen on October 25
Oct31

25 LastPass Users Had $4.4 in Million in Crypto Stolen on October 25

Cryptocurrency totaling $4.4 million was stolen from 25 individuals on October 25, 2023, who all had one thing in common – They were users of the LastPass password manager. LastPass suffered two data breaches in 2022, in which the hackers obtained source code and customer data. Password vaults were stolen that contained encrypted and plaintext information of more than 25 million users. At the time, LastPass CEO, Karim Toubba,...

Read More
1Password Says Okta Environment Compromised Using Stolen Session Cookie
Oct25

1Password Says Okta Environment Compromised Using Stolen Session Cookie

The password manager provider 1Password has announced it has been affected by the recent data breach at the San Francisco-based identity and access management company Okta. Okta was contacted by its client, BeyondTrust, on October 2, 2023, after its security team identified suspicious activity that it believed may have stemmed from a data breach at Okta. On October 11, 2023, Okta confirmed that an unauthorized individual had gained...

Read More
Cisco Warns of Actively Exploited Zero-Day IOS XE Vulnerability
Oct17

Cisco Warns of Actively Exploited Zero-Day IOS XE Vulnerability

Cisco has issued a security alert about an actively exploited critical zero-day vulnerability in its IOS XE software and is urging all customers to take immediate action to prevent exploitation of the flaw. The vulnerability is tracked as CVE-2023-20198 and has a maximum CVSS severity score of 10. According to Cisco, the privilege escalation vulnerability resides in the Web User Interface of Cisco IOS XE software when exposed to the...

Read More
The Role of the HIPAA Technical Safeguards
Oct13

The Role of the HIPAA Technical Safeguards

The HIPAA Technical Safeguards play an important role in HIPAA compliance inasmuch as they are designed to protect and control access to electronic Protected Health Information (ePHI). The safeguards and the standards within them provide a framework for covered entities and business associates to help ensure the confidentiality, integrity, and availability of ePHI. Although they were published more than twenty years ago, the HIPAA...

Read More
Vulnerability in HTTP/2 Protocol Exploited in Record-Breaking DDoS Attacks
Oct11

Vulnerability in HTTP/2 Protocol Exploited in Record-Breaking DDoS Attacks

A zero-day vulnerability in the HTTP/2 protocol is being actively exploited by threat actors to launch massive DDoS attacks. Google, Cloudflare and Amazon Web Services (AWS) have all reported attacks exploiting the vulnerability and have recently issued security advisories. The DDoS attacks are the largest ever seen, with Google reporting an attack that peaked at 398 million requests per second (rps), which smashed the previous record...

Read More
October 2023 Patch Tuesday: 103 Flaws Fixed, including 3 Actively Exploited 0Days
Oct10

October 2023 Patch Tuesday: 103 Flaws Fixed, including 3 Actively Exploited 0Days

Microsoft released patches to fix 103 vulnerabilities across its product suite on October 2023 Patch Tuesday, including 3 zero-day vulnerabilities that are being actively exploited in the wild and 12 critical remote code execution flaws. An actively exploited information disclosure vulnerability in WordPad – CVE-2023-36563 – has been fixed. The vulnerability can be exploited to steal NTLM hashes when opening a document in...

Read More
LastPass Employees and Customers Targeted in Phishing Campaign
Oct04

LastPass Employees and Customers Targeted in Phishing Campaign

A widespread phishing campaign has been detected that is targeting LastPass employees and customers. The campaign was first detected in mid-September, and a second wave of phishing emails was sent at the end of the month. The aim of the campaign is to obtain LastPass credentials. If the credentials are obtained, the attackers will have access to users’ password vaults. LastPass offers users multifactor authentication; however, this...

Read More
ZenRAT Password Stealer Masquerades as Bitwarden Password Manager Installer
Oct04

ZenRAT Password Stealer Masquerades as Bitwarden Password Manager Installer

Password managers can greatly improve security and are one of the measures currently being promoted during Cybersecurity Awareness Month; however, care must be taken when installing password managers. Just like any software solution downloaded from the Internet, it is important to verify the authenticity of the website and installer. Cybercriminals may impersonate password manager providers to deliver malware. Password managers are...

Read More
Four Behaviors to Focus on During Cybersecurity Awareness Month
Oct02

Four Behaviors to Focus on During Cybersecurity Awareness Month

October is Cybersecurity Awareness Month – A month dedicated to raising awareness of the importance of cybersecurity and sharing some of the easy steps that everyone can take to improve privacy and security. Jen Easterly, Director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA), is encouraging all Americans to stop and think before taking any action, whether online or in response to unsolicited text messages,...

Read More
Canadian Pregnancy and Newborn Care Agency Reports 3.4 Million-Record MOVEit Data Breach
Sep26

Canadian Pregnancy and Newborn Care Agency Reports 3.4 Million-Record MOVEit Data Breach

BORN (Better Outcomes Registry & Network) in Canada has recently confirmed that the personal and health information of 3.4 million patients was stolen by the Clop ransomware group in an attack that exploited a zero-day vulnerability (CVE-2023-34362) in Progress Software’s MOVEit Transfer file transfer solution in late May 2023. BORN is a Ministry of Health-funded agency that collects data on pregnancies and births in Ontario and...

Read More
One in Three Americans Now Use a Password Manager
Sep26

One in Three Americans Now Use a Password Manager

Password manager usage has grown by 60% in the past year as Americans are now starting to appreciate the benefits that these tools provide. According to security.org survey data, in 2021, 22% of Americans said they used a password manager, but in 2023, the percentage increased to 34% with a further 10% of users saying they use a security passkey or other physical password device. While usage of password managers is growing, 56% of...

Read More
Apple Releases Emergency Patches to Fix 3 Actively Exploited Zero-Day Vulnerabilities
Sep22

Apple Releases Emergency Patches to Fix 3 Actively Exploited Zero-Day Vulnerabilities

Apple has released emergency patches to address three zero-day vulnerabilities that are being actively exploited in the wild in attacks on iPhone and Mac users. A vulnerability – CVE-2023-41991 – in the Apple security framework could be exploited to allow a malicious app to bypass signature validation. A vulnerability has been identified in the WebKit browser engine – CVE-2023-41993 – that could be exploited via a...

Read More
Publicly Shared SAS Token for Storage Account Causes 38 TB Data Leak at Microsoft
Sep19

Publicly Shared SAS Token for Storage Account Causes 38 TB Data Leak at Microsoft

Security researchers at Wiz have identified a major leak of internal data at Microsoft. The breach occurred three years ago in 2020 when an employee shared a URL for a blob store in a public GitHub repository while contributing to open source AI learning models. Wiz reported the data leak to the Microsoft Security Response Center (MSRC) in June, and on Monday, MSRC issued an advisory confirming this was an internal data leak involving...

Read More
TikTok Slapped with €345 Million Fine for Child Privacy Violations
Sep18

TikTok Slapped with €345 Million Fine for Child Privacy Violations

The Data Protection Commission (DPC) in Ireland has fined TikTok €345 million ($368 million) for multiple violations of the General Data Protection Regulation (GDPR) related to the processing of children’s personal information and other child privacy issues. The DPC initiated an investigation of TikTok to determine if the company was fulfilling its obligations under the GDPR to protect the privacy of child users of the platform. The...

Read More
Google Releases Emergency Chrome Patch for Actively Exploited Zero Day Vulnerability
Sep13

Google Releases Emergency Chrome Patch for Actively Exploited Zero Day Vulnerability

Google has released an emergency patch to fix an actively exploited vulnerability in its Chrome browser. The vulnerability, tracked as CVE-2023-4863, is a heap buffer overflow issue in the WebP code library. This type of vulnerability results in more data being written for a memory buffer than the buffer is able to hold, which can result in an application crashing or code execution. While Google has confirmed that there is an exploit...

Read More
Microsoft Patches 2 Actively Exploited Vulnerabilities on September 2023 Patch Tuesday
Sep13

Microsoft Patches 2 Actively Exploited Vulnerabilities on September 2023 Patch Tuesday

September 2023 Patch Tuesday has seen Microsoft release patches to fix 59 vulnerabilities across its product suite, including two actively exploited vulnerabilities. 5 flaws are rated critical, 55 are rated important, 1 is rated moderate, and the severity of 5 is unknown. The actively exploited vulnerabilities are: CVE-2023-36802 – Microsoft Streaming Service Proxy elevation of privilege vulnerability that allows attackers to gain...

Read More
Apache RocketMQ Vulnerability Actively Exploited by Multiple Threat Actors
Sep11

Apache RocketMQ Vulnerability Actively Exploited by Multiple Threat Actors

A critical vulnerability in the Apache RocketMQ distributed messaging and streaming platform is being exploited by multiple threat actors. The vulnerability is tracked as CVE-2023-33246 and affects RocketMQ versions 5.1.0 and earlier. The command injection vulnerability can be exploited without authentication and has a CVSS v 3.1 severity score of 9.8. The vulnerability can be exploited by using the update configuration function to...

Read More
HijackLoader Malware Loader Proving Popular with Cybercriminals
Sep11

HijackLoader Malware Loader Proving Popular with Cybercriminals

Security researchers at Zscaler ThreatLabz have identified a new malware loader called HijackLoader which is proving popular within the cybercriminal community. The malware is being used to infect devices with several different malware payloads, including DanaBot, SystemBC, and the RedLine Stealer. The Zscaler ThreatLabz team has yet to establish which initial access vectors are used to distribute the malware. HijackLoader is a...

Read More
QakBot Botnet Dismantled and 700,000 Infected Devices Cleaned
Sep04

QakBot Botnet Dismantled and 700,000 Infected Devices Cleaned

The U.S. Federal Bureau of Investigation (FBI) and the U.S. Department of Justice have recently announced that the QakBot malware network has been successfully dismantled and around 700,000 computers that had been infected with the malware have been cleaned. QakBot (aka QBot/Quackbot/Pinkslipbot) is a second-stage modular malware that was initially a banking Trojan and an information stealer, to which backdoor and self-propagation...

Read More
HHS Data, Hackers and Medical Records
Aug28

HHS Data, Hackers and Medical Records

HHS data relating to hackers and medical records is not always the best source of information on which to base decisions about how to assign security resources. However, proposals for Cyber Incident Reporting for the Critical Infrastructure Act (CIRCIA) could significantly improve the quality of data available to security professionals in the healthcare industry. Why the concern about hackers and medical records? How many medical...

Read More
WinRAR Vulnerability Can Be Exploited to Achieve RCE
Aug22

WinRAR Vulnerability Can Be Exploited to Achieve RCE

A high-severity WinRAR vulnerability has been identified that can be exploited to achieve remote code execution on Windows systems. The vulnerability is tracked as CVE-2023-40477 and has a CVSS severity score of 7.8 out of 10 since user interaction is required for the vulnerability to be exploited. The vulnerability is due to improper validation of user-supplied data, which can cause memory access beyond the end of an allocated...

Read More
Critical Ivanti Sentry Vulnerability Under Active Exploitation
Aug22

Critical Ivanti Sentry Vulnerability Under Active Exploitation

A critical vulnerability in Ivanti Sentry (MobileIron Sentry) is being actively exploited in the wild. The vulnerability is an authentication bypass issue and is tracked as CVE-2023-38035. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 out of 10 and affects version 9.18 and earlier versions. The endpoint management product is used to manage, encrypt, and secure traffic between mobile devices and back-end enterprise...

Read More
4 Million Colorado Residents Have Health Data Stoen in MOVEit Hack
Aug15

4 Million Colorado Residents Have Health Data Stoen in MOVEit Hack

The Colorado Department of Health Care Policy & Financing (HCPF), which administers the Colorado Medicaid program, Child Health Plan Plus, and other health care programs, has recently announced a data breach involving the records of up to 4,091,794 individuals. On May 31, 2023, Progress Software identified a zero day vulnerability in its MOVEit Transfer file transfer solution that had been exploited by the Clop ransomware group to...

Read More
Bulletproof Hosting Service Utilized by Ransomware Gangs Seized by Authorities
Aug14

Bulletproof Hosting Service Utilized by Ransomware Gangs Seized by Authorities

A ‘Bulletproof’ hosting service that was utilized by ransomware gangs and other cybercriminals has been seized by law enforcement, five individuals have been arrested, and its founder has been indicted in federal court. The LolekHosted.net domain was registered by Polish national, Artur Karol Grabowski, 36, in 2014. The LolekHosted service was billed as bulletproof, offering a hosting service with 100% privacy. The owner and operator...

Read More
Microsoft Fixes 70+ Flaws and 2 Actively Exploited 0Day Bugs
Aug09

Microsoft Fixes 70+ Flaws and 2 Actively Exploited 0Day Bugs

August 2023 Patch Tuesday has seen Microsoft release patches for more than 70 vulnerabilities, including two zero-day bugs that are being actively exploited in the wild. These vulnerabilities are in addition to the vulnerabilities in Microsoft Edge (Chromium) that were patched earlier this month. The latest patches include fixes for 6 critical flaws, 68 important flaws, and one rated moderate. Both of the zero-day bugs are being...

Read More
Patch Released for Another Critical Flaw in PaperCut MF/NG
Aug07

Patch Released for Another Critical Flaw in PaperCut MF/NG

Another zero-day vulnerability has been identified in PaperCut MF/NG print management software. The vulnerability is tracked as CVE-2023-39143 and has been rated critical with a CVSS v3.1 base score of 9.8/10. Successful exploitation of the flaw would allow an unauthenticated attacker to read/write arbitrary files, and depending on the configuration, achieve remote code execution. Most configurations have this setting enabled and are...

Read More
Five Eyes Cybersecurity Agencies Reveal Top Vulnerabilities Exploited in 2022
Aug04

Five Eyes Cybersecurity Agencies Reveal Top Vulnerabilities Exploited in 2022

The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and their international cybersecurity partners in Australia, Canada, New Zealand, and the United Kingdom have issued a joint cybersecurity advisory about the top Common Vulnerabilities and Exposures (CVEs) that were exploited by malicious actors in 2022. One takeaway from the list is that while recently...

Read More
Russian Threat Actor Conducting Convincing Phishing Campaign via Microsoft Teams
Aug03

Russian Threat Actor Conducting Convincing Phishing Campaign via Microsoft Teams

The Russian cyber threat actor Midnight Blizzard (Nobelium, APT29, UNC2452, Cozy Bear) is conducting a highly targeted phishing and social engineering campaign via Microsoft Teams to gain persistent access to Microsoft 365 environments. The United States and the United Kingdom believe Midnight Blizzard to be part of the Foreign Intelligence Service of the Russian Federation (SVR). The threat actor seeks persistent access to networks...

Read More
High Severity Vulnerabilities Identified in Ninja Forms WordPress Plugin
Jul28

High Severity Vulnerabilities Identified in Ninja Forms WordPress Plugin

Three high-severity vulnerabilities have been identified in a popular form builder plugin for WordPress – Ninja Forms – with over 900,000 active installations.  The vulnerabilities were identified by researchers at Patchstack who disclosed the vulnerabilities to the plugin developer – Saturday Drive – on June 22, 2023. Saturday Drive released an updated version of the plugin – v3.6.26 – on July 4, 2023, which...

Read More
Data Breach Costs Reach Record High of $9.48 Million in the United States
Jul25

Data Breach Costs Reach Record High of $9.48 Million in the United States

Data breach costs have increased to record levels, with the average cost of a data breach now $4.45 million globally – a 2% increase from last year and a 15% increase since 2020. U.S. data breaches cost an average of $9.48 million and healthcare data breaches are the most expensive, costing an average of $10.93 million. This is the thirteenth consecutive year that healthcare data breaches have topped the list as the most expensive...

Read More
TitanHQ Announces Security Awareness Training, Web Filtering and Email Security Product Updates
Jul23

TitanHQ Announces Security Awareness Training, Web Filtering and Email Security Product Updates

The Irish cybersecurity company, TitanHQ, has recently improved its cybersecurity solutions, adding several new MSP-focused features to the WebTitan web filter and SafeTitan security awareness training solutions to improve usability and drive operational efficiency, with updates due imminently for its SpamTitan email security solution. TitanHQ’s WebTitan, SpamTitan, and SafeTitan cybersecurity solutions provide multi-layered security...

Read More

Patch Released for Actively Exploited Flaw in Citrix/NetScaler ADC and Gateway

Patches have been released to fix three vulnerabilities in NetScaler Application Delivery Controller (ADC) and Gateway (Citrix ADC and Citrix Gateway), including one critical vulnerability that is being actively exploited in the wild. The actively exploited vulnerability is tracked as CVE-2023-3519 and has a CVSS v3.1 severity score of 9.8/10. The flaw can be exploited remotely by an unauthenticated attacker to execute arbitrary code...

Read More
Cloud Transition Security Guidance Issued by CISA
Jul18

Cloud Transition Security Guidance Issued by CISA

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a factsheet to help organizations securely transition from on-premises to cloud and hybrid environments and ensure data and critical assets are properly secured. The factsheet can be used by network defenders, analysis, and incident responders and suggests several open source tools that complement those provided by cloud service platforms and providers (CSPs)....

Read More
Critical Zimbra Zero-Day Flaw Actively Exploited in Targeted Attacks
Jul14

Critical Zimbra Zero-Day Flaw Actively Exploited in Targeted Attacks

Zimbra has urged all users of the Zimbra Collaboration Suite to take immediate action to address a critical vulnerability that is being actively exploited in targeted attacks. Around 200,000 businesses currently use the email and collaboration platform and are at risk until the patch is applied or the recommended mitigations have been implemented. Version 8.8.15 of the Zimbra Collaboration Suite has a vulnerability that impacts the...

Read More
Urgent Patching Required to Fix Critical and High-Severity SonicWall GMS/Analytics Flaws
Jul13

Urgent Patching Required to Fix Critical and High-Severity SonicWall GMS/Analytics Flaws

SonicWall has released patches to fix 15 vulnerabilities in its Global Management System (GMS) firewall management and Analytics solutions, including 4 critical and 4 high-severity flaws. The critical flaws could be exploited by a malicious actor to bypass authentication, which would permit access to any information the application is permitted to access, including sensitive data belonging to other users. An attacker could modify,...

Read More
Major HCA Healthcare Data Breach Affects 11 Million Patients
Jul12

Major HCA Healthcare Data Breach Affects 11 Million Patients

A major HCA Healthcare data breach has been reported this week after the discovery that a hacker stole the data of an estimated 11 million patients, then offered the data for sale when HCA Healthcare failed to meet the hacker’s demands. HCA Healthcare is one of the largest health systems in the United States, operating 182 hospitals and more than 2,300 care sites. HCA Healthcare announced the data breach on July 10, 2023, on the...

Read More
Microsoft Addresses 132 Vulnerabilities on July 2023 Patch Tuesday
Jul11

Microsoft Addresses 132 Vulnerabilities on July 2023 Patch Tuesday

It’s been a busy month for Microsoft with 132 vulnerabilities addressed on July 2023 Patch Tuesday. This month’s haul includes 9 CVEs that are rated critical, 122 rated important, and 6 zero-day flaws. 37 of the vulnerabilities are remote code execution flaws and 33 are privilege escalation flaws. Microsoft also released a batch of 8 patches to address vulnerabilities in Microsoft Edge late last month but has yet to release any...

Read More

TrueBot Malware Campaign Uses Phishing and Netwrix Auditor Exploit for Malware Delivery

Organizations in the United States and Canada are being targeted in a TrueBot malware campaign that uses phishing emails with malicious hyperlinks and a remote code execution vulnerability in Netwrix Auditor for distributing the malware – CVE-2022-31199. TrueBot malware is known to be used by the FIN11 threat group for gaining initial access to victims’ networks. Once a foothold has been established through the installation of...

Read More
Meduza Stealer Malware Targets Password Managers and Crypto Wallets
Jul04

Meduza Stealer Malware Targets Password Managers and Crypto Wallets

Meduza stealer is a new information stealer that is being heavily marketed on dark web hacking forums and Telegram channels. The malware, which is being offered for a 1-month, 3-month, or lifetime plan, has comprehensive capabilities and is under active development. The malware targets Windows systems and is capable of stealing a wide range of data, including system information, login credentials, browsing histories, cookies, and...

Read More
Critical FortiNAC RCE Vulnerability Patched by Fortinet
Jun27

Critical FortiNAC RCE Vulnerability Patched by Fortinet

A critical vulnerability in FortiNAC network access control solutions has been patched by Fortinet. Successful exploitation of the flaw would allow an attacker to remotely execute arbitrary code. The vulnerability is tracked as CVE-2023-33299 and has a CVSS severity score of 9.6/10. Fortinet’s FortiNAC is a zero-trust access solution that is used to view devices and users on the network, giving admins granular control over network...

Read More
CISA Warns Critical Zyxel NAS Vulnerability is Being Actively Exploited
Jun27

CISA Warns Critical Zyxel NAS Vulnerability is Being Actively Exploited

A critical vulnerability in Zyxel network-attached storage (NAS) devices is being exploited in attacks, according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability is tracked as CVE-2023-27992 and affects Zyxel NAS326, NAS540, and NAS542 devices running firmware version 5.21 and earlier versions. The vulnerability has been assigned a CVSS v3.1 base score of 9.8 out of 10. Successful exploitation of...

Read More
NSA Publishes BlackLotus Mitigation Guide
Jun26

NSA Publishes BlackLotus Mitigation Guide

The U.S. National Security Agency (NSA) has published a mitigation guide for BlackLotus malware. BlackLotus is a UEFI bootkit that is planted in the firmware of an infected device. Bootkits load at the initial stage of the boot process, before operating systems are loaded, and are not typically identified by security solutions. Further, the developer claims that security software cannot detect and kill the bootkit since it runs under...

Read More

BlackCat Ransomware Group Threatens to Leak Data Stolen in Reddit Cyberattack

The BlackCat ransomware group, aka ALPHV, claims it stole 80GB of data in a Reddit cyberattack in February 2023, and is now threatening to leak the stolen data if Reddit doesn’t pay up. The attack in question, according to a February 9, 2023, announcement by Reddit, started with a phishing attempt on an employee that allowed the group to steal credentials that provided access to sensitive data. Reddit said the stolen data includes...

Read More
U.S. State Department Offers $10 Million Reward for Information on Clop Ransomware Group
Jun19

U.S. State Department Offers $10 Million Reward for Information on Clop Ransomware Group

The U.S. Department of State is offering a reward of up to $10 million for information that links the recent attacks by the Clop ransomware group to a foreign government. The reward is also being offered for information about any other malicious cyber actors that are targeting US critical infrastructure that links their attacks to a foreign government. The Clop ransomware group is a Russian-speaking organized criminal group that has...

Read More
Progress Software Urges Immediate Patching of New MOVEit Transfer Vulnerability
Jun16

Progress Software Urges Immediate Patching of New MOVEit Transfer Vulnerability

Progress Software has issued a security advisory about another zero-day bug in its MOVEit Transfer file transfer solution that requires immediate mitigation. The flaw can be exploited to escalate privileges and potentially allow access to customers’ environments. Progress Software released a patch to fix the vulnerability, tracked as CVE-2023-35708, on June 15, 2023; however, patches for two previous zero-day vulnerabilities should be...

Read More
June 2023 Patch Tuesday: Microsoft Patches 78 Flaws; 6 Critical
Jun13

June 2023 Patch Tuesday: Microsoft Patches 78 Flaws; 6 Critical

Microsoft has fixed 78 vulnerabilities on June 2023 Patch Tuesday bringing the month’s total up to 94 including the 16 vulnerabilities in Chromium-based browsers that were patched on June 2, 2023. None of this month’s patches address vulnerabilities that are currently being exploited in the wild nor are any fixes included for zero-day bugs. This month’s updates address 6 flaws that have been rated critical and 70 vulnerabilities that...

Read More

Patch Released for Critical Fortinet FortiGate SSL-VPN RCE Vulnerability

Fortinet has released a patch to fix a critical remote code execution vulnerability in its FortiGate SSL-VPN devices. The vulnerability can be exploited pre-authentication, allowing a remote attacker to interfere with the VPN. The flaw can be exploited even if multi-factor authentication is activated, according to the French cybersecurity firm, Olympe Cyberdefense. If the remote web interface is exposed and the firmware is not updated...

Read More
Verizon 2023 DBIR: DoS Attacks Dominate 2022 Cyberattacks and BEC Attacks Double
Jun08

Verizon 2023 DBIR: DoS Attacks Dominate 2022 Cyberattacks and BEC Attacks Double

The recently published Verizon 2023 Data Breach Investigations Report provides insights into the tactics, techniques, and procedures that cyber actors are using to gain access to networks to achieve their objectives. The data for the report comes from security incidents and data breaches between Nov. 1, 2021, to Oct. 31, 2022, which this year includes 953,894 security incidents and 254,968 confirmed breaches, including more than...

Read More

Security Agencies Issue Warning About North Korean Spear Phishing Campaigns

Intelligence and law enforcement agencies in the United States and South Korea have issued a warning about the North Korean state-sponsored hacking group Kimsuky (aka APT43, Thallium, and Velvet Chollima), which has been targeting individuals in research centers, think tanks, academic institutions, and news media organizations in spear phishing campaigns, often posing as journalists, academics, and other individuals with credible...

Read More
Harvard Pilgrim Health Care: 2.5 Million Members Affected by Ransomware Attack
Jun02

Harvard Pilgrim Health Care: 2.5 Million Members Affected by Ransomware Attack

Harvard Pilgrim Health Care, a Canton, Massachusetts-based nonprofit health services provider, has confirmed that it was the victim of a ransomware attack in April 2023. The threat actor behind the attack stole sensitive data from its systems, including the personal and HIPAA-protected information of 2,550,922 individuals. The forensic investigation confirmed that the hackers first gained access to its systems on March 28, 2023, and...

Read More
Advanced Phishing Attacks Increased by 356% in 2022
May31

Advanced Phishing Attacks Increased by 356% in 2022

An analysis of by the cybersecurity firm Perception Point shows there was a major increase in advanced phishing attacks in 2022, which increased by 356% from 2021. Phishing accounted for 67.4% of cyberattacks in 2022, and there was an 83% increase in business email compromise (BEC) attacks. In total, cyberattacks increased by 87% from the previous year. While BEC attacks only account for a small percentage of attacks, the losses to...

Read More
MCNA Dental Reports 8.9 Million Record Data Breach
May30

MCNA Dental Reports 8.9 Million Record Data Breach

The LockBit ransomware group has claimed responsibility for an attack on MCNA Dental, one of the largest Medicaid and CHIP dental care and oral health insurance providers in the United States. More than 8.9 million individuals have been affected and had their sensitive data stolen. The LockBit gang issued a ransom demand of $10 million to prevent the release of the stolen data, then proceeded to leak the data when the ransom was not...

Read More
Barracuda Email Security Gateway Flaw Exploited in Limited Attacks
May25

Barracuda Email Security Gateway Flaw Exploited in Limited Attacks

A zero-day vulnerability in Barracuda’s Email Security Gateway (ESG) appliances has been targeted by hackers, resulting in some customers’ appliances being compromised. The vulnerability was identified by Barracuda on May 19, 2023, and patches were rapidly developed to fix the issue, which were released on May 20 and May 21. Barracuda said only the vulnerability was only exploited on a subset of ESG appliances, and not all users have...

Read More
KeePass Vulnerability Allows Master Passwords to be Obtained from the Memory
May23

KeePass Vulnerability Allows Master Passwords to be Obtained from the Memory

A vulnerability has been identified in KeePass password management solution that allows an attacker to recover the cleartext master password from the memory if the password is typed in using the keyboard. The password cannot be obtained if it is copied from the clipboard. The vulnerability has been assigned the Common Vulnerability and Exposure code, CVE-2023-32784. KeePass has yet to issue a patch to address the flaw but is expected...

Read More
Russian National Charged for Babuk, Hive, and LockBit Ransomware Attacks
May18

Russian National Charged for Babuk, Hive, and LockBit Ransomware Attacks

The federal government in the United States has formally charged a Russian national that is alleged to have been a key member of the Babuk ransomware-as-a-service operation – The group responsible for an attack on the Washington, D.C. Metropolitan Police Department in 2021 shortly before the group was disbanded. Mikhail Pavlovich Matveev, 31, also known as Wazawaka, m1x, Boriselcin, and Uhodiransomwar, has been charged in a four-count...

Read More
New Ransomware Actor Targeting Critical Infrastructure Firms
May17

New Ransomware Actor Targeting Critical Infrastructure Firms

A new ransomware gang has emerged that has been conducting attacks on critical infrastructure organizations in the United States and South Korea. RA Group has been operating since late April 2023 and uses a new ransomware based on Babuk ransomware source code that was leaked on a Russian hacking forum in 2021. The attacks conducted by the group used an executable file that was named after the victim, and each of the attacks involved a...

Read More
University Alert System Hijacked by Ransomware Gang and Used to Aid Extortion
May10

University Alert System Hijacked by Ransomware Gang and Used to Aid Extortion

A ransomware gang has hijacked an alert system used by a university and used it to issue threats to staff and students to pressure the university into paying the ransom. The attack was conducted by the Avos ransomware gang on Bluefield University in Virginia. Like many universities, Bluefield has an emergency alert system that sends SMS messages and emails to staff and students to warn them about emergencies and threats, such as...

Read More
North Korean Threat Group Using ReconShark Malware in Spear Phishing Campaign
May08

North Korean Threat Group Using ReconShark Malware in Spear Phishing Campaign

A North Korean advanced persistent threat (APT) actor is using a new malware called ReconShark in a global spear phishing campaign. The malware is capable of collecting and exfiltrating sensitive information to its command-and-control server and downloading executable files on targeted systems. The information gathered by the group is believed to be used for conducting precision follow on attacks on targeted individuals. The malware...

Read More
World Password Day – A Reminder to Improve Password Hygiene
May03

World Password Day – A Reminder to Improve Password Hygiene

The first Thursday of May is World Password Day, a day dedicated to raising awareness of the importance of password security and the promotion of password best practices. The idea of a Password Day came from the security researcher Mark Burnett, who suggested in 2005 in his Perfect Passwords book that everyone should have a password day where they took the time to update their passwords. In 2013, World Password Day became official and...

Read More
4 Out of 10 Medical Devices Have Unpatched Critical Vulnerabilities
Apr27

4 Out of 10 Medical Devices Have Unpatched Critical Vulnerabilities

A new report from the cybersecurity firm Armis has identified the riskiest connected medical devices used by hospitals in the United States. Connected medical devices are a security weak point, and each year many new vulnerabilities are detected. One of the main problems for healthcare organizations is keeping on top of patching, which can be a challenge for connected medical devices as they are constantly in use. One of the biggest...

Read More
Exploit Released for Critical PaperCut Vulnerability: Exploitation Detected
Apr26

Exploit Released for Critical PaperCut Vulnerability: Exploitation Detected

An exploit has been released for a critical vulnerability in the widely used print management software PaperCut, which is used by more than 700,000 organizations worldwide and has over 100 million installs. The vulnerability is tracked as CVE-2023–27350 and has a CVSS v3 severity score of 9.8 out of 10. The flaw can be exploited by a remote attacker to bypass authentication on affected installations of PaperCut and execute arbitrary...

Read More
How Long Does It Take a Hacker to Brute Force a Password in 2023
Apr24

How Long Does It Take a Hacker to Brute Force a Password in 2023

Organizations are increasingly adopting passwordless authentication; however, passwords are still the most common method of securing accounts. The problem with passwords is they can be guessed, and with modern GPUs, brute-force attempts to guess passwords can crack weak passwords incredibly quickly. Passwords of 6 characters, for instance, can be guessed instantly, regardless of the letters, numbers, and special characters used. Each...

Read More

HHS Publishes New Resources for Improving Healthcare Cybersecurity

The Health Sector Coordinating Council Cybersecurity Working Group and the HHS 405(d) Program have published three additional resources for the healthcare sector to help them manage cybersecurity risks. Hacking incidents at healthcare organizations have increased sharply in recent years and data breaches are being reported at extremely high levels. For the past two years, around 700 large data breaches have been reported by...

Read More
Concern Grows About Ease of Bypassing Bypass Security Controls of AI Chatbots
Apr17

Concern Grows About Ease of Bypassing Bypass Security Controls of AI Chatbots

Security researchers have demonstrated it is possible to hack the large language models that power AI-based chatbots such as ChatGPT to get around the security protections that have been put in place to prevent abuse, and by doing so get these chatbots to generate text about illegal activities and hate speech. These large language models have tremendous potential but there are growing fears that there is also considerable potential...

Read More
Android Privilege Escalation Bug Exploited to Spy on Chinese E-Commerce App Users
Apr17

Android Privilege Escalation Bug Exploited to Spy on Chinese E-Commerce App Users

A high-severity vulnerability in Android devices is being actively exploited to spy on users of a popular Chinese e-commerce app, according to a recent alert from the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The vulnerability is a privilege escalation bug in WorkSource, which affects Android-11, Android-12, Android-12L, Android-13, and Android ID: A-220302519. The flaw is tracked as CVE-2023-20963, has a CVSS v3...

Read More
Microsoft Fixes 97 Vulnerabilities Including an Actively Exploited Windows 0Day Bug
Apr12

Microsoft Fixes 97 Vulnerabilities Including an Actively Exploited Windows 0Day Bug

Microsoft released patches to fix 97 vulnerabilities on April 2023 Patch Tuesday including a Windows zero-day privilege execution vulnerability in the Windows Common Log File System (CLFS) driver. Seven of the month’s vulnerabilities have been rated critical, and the remaining 90 have been rated important. 17 flaws were also patched earlier this month for Microsoft Edge and Chromium-based browsers. The zero-day vulnerability is...

Read More
Apple Releases Patches for 2 Actively Exploited Zero-Day Flaws
Apr11

Apple Releases Patches for 2 Actively Exploited Zero-Day Flaws

Apple has released patches to fix two zero-day vulnerabilities that can be exploited to execute arbitrary code on unpatched iPhones, iPads, and Macs. Apple has received reports that indicate the vulnerabilities are being actively exploited in the wild. The first flaw is tracked as CVE-2023-28206 and is an out-of-bounds write vulnerability in the IOSurfaceAccelerator framework that is due to insufficient input validation. The...

Read More
IT Professionals are Pressured into Keeping Security Breaches Quiet
Apr07

IT Professionals are Pressured into Keeping Security Breaches Quiet

Malicious actors are increasingly using automation to conduct sophisticated attacks at scale and organizations are struggling to defend against attacks. IT teams are typically incredibly overworked and lack the resources they need to proactively improve defenses, instead they are bogged down reacting to threats and dealing with security incidents. Security teams are under pressure to prevent breaches, but when security breaches occur,...

Read More
Phishers Turn to Telegram to Market Their Kits and Services
Apr07

Phishers Turn to Telegram to Market Their Kits and Services

Cybercriminals are increasingly turning to Telegram to share tactics and market their services, especially threat actors specializing in phishing, according to Kaspersky. The phishing community on Telegram has grown substantially over the past year, as phishers flock to the platform an create Telegram channels for promoting phishing kits and bots for automating routine workflows, including for generating phishing pages and collecting...

Read More
U.S. Companies Warned About BEC Campaign Seeking Bulk Goods Purchases
Mar29

U.S. Companies Warned About BEC Campaign Seeking Bulk Goods Purchases

The Federal Bureau of Investigation (FBI) has recently issued a warning to vendors in the United States following an increase in a form of business email compromise attack that attempts to fraudulently obtain high-value goods. Business email compromise (BEC) is one of the most financially damaging forms of cybercrime. According to the FBI, its Internet Crime Complaint Center (IC3) received 21,832 complaints about BEC attacks in 2021,...

Read More
Critical IBM Aspera Faspex Vulnerability Being Exploited by Ransomware Gangs
Mar29

Critical IBM Aspera Faspex Vulnerability Being Exploited by Ransomware Gangs

Ransomware gangs are targeting a critical vulnerability in the IBM Aspera Faspex application to gain access to enterprise networks. Aspera is a file-exchange application used by enterprises to rapidly transfer large files or large volumes of files. The application is based on IBM’s Fast, Adaptive, and Secure Protocol (FASP), which intelligently uses available network bandwidth to transfer files to shared inboxes, workgroups, or...

Read More