Apache RocketMQ Vulnerability Actively Exploited by Multiple Threat Actors
A critical vulnerability in the Apache RocketMQ distributed messaging and streaming platform is being exploited by multiple threat actors. The vulnerability is tracked as CVE-2023-33246 and affects RocketMQ versions 5.1.0 and earlier. The command injection vulnerability can be exploited without authentication and has a CVSS v 3.1 severity score of 9.8. The vulnerability can be exploited by using the update configuration function to...
HijackLoader Malware Loader Proving Popular with Cybercriminals
Security researchers at Zscaler ThreatLabz have identified a new malware loader called HijackLoader which is proving popular within the cybercriminal community. The malware is being used to infect devices with several different malware payloads, including DanaBot, SystemBC, and the RedLine Stealer. The Zscaler ThreatLabz team has yet to establish which initial access vectors are used to distribute the malware. HijackLoader is a...
QakBot Botnet Dismantled and 700,000 Infected Devices Cleaned
The U.S. Federal Bureau of Investigation (FBI) and the U.S. Department of Justice have recently announced that the QakBot malware network has been successfully dismantled and around 700,000 computers that had been infected with the malware have been cleaned. QakBot (aka QBot/Quackbot/Pinkslipbot) is a second-stage modular malware that was initially a banking Trojan and an information stealer, to which backdoor and self-propagation...
HHS Data, Hackers and Medical Records
HHS data relating to hackers and medical records is not always the best source of information on which to base decisions about how to assign security resources. However, proposals for Cyber Incident Reporting for the Critical Infrastructure Act (CIRCIA) could significantly improve the quality of data available to security professionals in the healthcare industry. Why the concern about hackers and medical records? How many medical...
Pros and Cons of HIPAA
HIPAA compliance offers benefits such as safeguarding sensitive data, empowering patients with rights, ensuring data security and confidentiality, fostering standardized healthcare transactions, and maintaining insurance coverage portability, but its implementation involves administrative burdens, costs, potential hindrance to innovation and research, complexities in patient communication, legal consequences for violations,...