October 2, 2024 at 10:20AM Cyber attackers are exploiting a Zimbra email server vulnerability (CVE-2024-45519) using specially crafted emails to trigger remote code execution. Proofpoint detected this “mass-exploitation,” as malicious emails spoofing Gmail deploy fake addresses and harmful code in the CC field. Installation of the webshell via the exploit provides full access to the … Read more
September 24, 2024 at 02:21PM The Centers for Medicare & Medicaid Services (CMS) revealed that over three million health plan beneficiaries had their health and personal information exposed in a ransomware attack on Wisconsin Physicians Service. The breach affected individuals with Medicare, compromising sensitive data such as Social Security numbers and mailing addresses. Impacted individuals … Read more
September 23, 2024 at 02:51AM Attackers are using a new post-exploitation tool called Splinter to infiltrate and disrupt victims’ IT environments. The malicious tool can execute Windows commands, steal files, collect cloud service account info, and download additional malware. Unlike Cobalt Strike, Splinter poses a potential threat to organizations and remains undetected on victims’ networks. … Read more
September 15, 2024 at 02:18PM A new malware campaign locks users in their browser’s kiosk mode to prompt them for Google credentials, which are then stolen by information-stealing malware. This uncommon method serves to frustrate and deceive users into entering sensitive information. Based on the meeting notes, it appears that a malware campaign has been … Read more
August 22, 2024 at 02:21PM US oil giant Halliburton confirmed a cyberattack on its Houston offices, engaging external experts to investigate and mitigate the threat. The breach, with ransomware hallmarks, impacted the north Houston campus and global networks. The oil industry remains a lucrative target for ransomware, as seen with Colonial Pipeline’s $4.4 million ransom … Read more
August 20, 2024 at 11:22AM Unicoin’s Google Workspace was hacked, with the hacker changing passwords for all employees, locking them out for four days. The company reported the incident to SEC, stating that the threat actor accessed and manipulated confidential information, including personal data discrepancies, compromised communications, and identity forgery. Unicoin believes the event won’t … Read more
August 13, 2024 at 04:42PM Russian and Kazakh individuals, Pavel Kublitskii and Alexandr Khodyrev, faced charges for trafficking unauthorized access devices. After arriving in the US and obtaining asylum, they led a lavish lifestyle, prompting an FBI investigation. The pair was involved in cybercriminal activities on Dark Web platforms, with apparent ties to site administrators. … Read more
August 12, 2024 at 01:24PM Law enforcement in the U.S. has arrested Matthew Isaac Knoot for running a “laptop farm” helping North Korean IT workers secure remote jobs at American companies. Knoot faces a maximum penalty of 20 years in prison. This follows an admission by KnowBe4 of hiring a North Korean who attempted to … Read more
August 8, 2024 at 01:57PM Open source security firm Oligo Security discovered a vulnerability called “0.0.0.0 Day” that allows attackers to remotely execute code on various web browsers, putting users at risk for data theft and other malicious activities. This flaw exploits the 0.0.0.0 IP address and bypasses browser security to interact with services within … Read more
July 31, 2024 at 09:08AM Microsoft’s response to a DDoS attack caused outages for Azure services affecting numerous customers. The 10-hour outage impacted various organizations, including water utilities and banks. Microsoft attributed the issue to an unexpected usage spike and an implementation bug in its defense mechanisms. The company has committed to publishing a review … Read more