March 11, 2024 at 12:30AM Microsoft took six months to patch a rootkit vulnerability in Windows discovered by North Korean hackers Lazarus Group. Avast researchers notified Microsoft of an admin-to-kernel exploit, but Microsoft did not prioritize the matter, waiting until February’s patch Tuesday to fix the issue. Critical vulnerabilities were also found in recent Apple … Read more
March 10, 2024 at 08:02PM Japanese cybersecurity officials issued a warning about North Korea’s Lazarus Group targeting the PyPI software repository with tainted Python packages, infecting Windows machines with the Comebacker Trojan. Gartner’s Dale Gardner describes Comebacker as a general purpose Trojan. The attack is a form of typosquatting and may disproportionately impact developers in … Read more
March 10, 2024 at 11:42AM Magnet Goblin, a financially motivated hacking group, exploits 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. They target devices and services like Ivanti Connect Secure, Apache ActiveMQ, ConnectWise ScreenConnect, Qlik Sense, and Magento. Check Point analysts emphasize the importance of timely patching and … Read more
March 8, 2024 at 06:40PM The BlackCat/ALPHV ransomware gang has shut down after scamming an affiliate for $22 million, amidst increasing calls for a federal ban on ransom payments. Other ransomware activity includes various new variants identified by PCrisk and coordinated attacks by GhostSec and Stormous groups. The impact spans sectors from healthcare to beer … Read more
March 8, 2024 at 06:01PM Cybercrime gang Magnet Goblin swiftly exploits vulnerabilities in Ivanti devices to breach networks of US organizations in the medical, manufacturing, and energy sectors. CISA confirms Ivanti attacks, urging organizations to review Ivanti advisory. Magnet Goblin deploys remote-control and data-stealing malware, leveraging one-day vulnerabilities, posing a significant threat to global digital … Read more
March 8, 2024 at 05:29PM The BlackCat/ALPHV ransomware gang, after targeting critical infrastructure and stealing millions through an exit scam, has shut down. It caused widespread disruption, including $22M stolen from Optum’s Change Healthcare. Other ransomware attacks emerged, leading to concerns about the rise in cybercrime and discussions of a federal ban on ransom payments. … Read more
March 8, 2024 at 04:51PM A new trend in cybersecurity sees professionals turning to the Dark Web for extra income, posing challenges for enterprises and raising concerns about insider threats. With layoffs and economic uncertainty driving this shift, industry experts stress the need for improved employment, training, and support to address the skills gap and … Read more
March 8, 2024 at 03:42PM Around 150,000 Fortinet FortiOS and FortiProxy systems worldwide are vulnerable to CVE-2024-21762, enabling code execution without authentication. The Cyber Defense Agency confirmed active exploitation of the flaw, with the majority of vulnerable devices in the United States. Fortunately, a simple Python script is available to check for vulnerability. It looks … Read more
March 8, 2024 at 02:33PM Russian government-backed hackers breached Microsoft corporate network, stole source code, and are still attempting unauthorized access using exfiltrated email information. No evidence of customer-facing system compromise. Group may be targeting shared secrets. Increased attack volume noted. Hacking group was previously caught spying on executives and involved in SolarWinds supply chain … Read more
March 8, 2024 at 12:57PM Change Healthcare, a subsidiary of United Health Group, is recovering from a BlackCat ransomware attack causing widespread disruptions to the US healthcare system. Electronic prescription systems are now back online, and payment transmission is available. However, the system’s full restoration is still in progress, with an interim solution managing 90% … Read more