February 19, 2024 at 08:38AM A serious vulnerability named KeyTrap in the DNSSEC feature could be exploited to deny internet access to applications for an extended period. Tracked as CVE-2023-50387, KeyTrap is a design issue in DNSSEC impacting DNS implementations. Researchers from ATHENE and partners discovered and addressed the issue, working with DNS service providers. … Read more
February 14, 2024 at 01:41PM A ransomware infection targeted around 100 hospitals in Romania, originating from the Hipocrate Information System (HIS) sold by Romanian Soft Company (RSC). The attack, starting on Feb. 10, led to demands for 3.5 BTC or 157,000 euro. Fortunately, most hospitals had relatively recent data backups, enabling easier restoration of services … Read more
February 8, 2024 at 03:21PM Hyundai Motor Europe experienced a Black Basta ransomware attack, potentially compromising three terabytes of data. Initially reported as IT issues, Hyundai later confirmed the cyberattack, involving unauthorized network access. The attack affected various company departments, and it is linked to Black Basta, known for double-extortion attacks and ties to the … Read more
February 5, 2024 at 01:34PM AnyDesk acknowledged an IT security incident where criminals breached its systems. Though not related to ransomware, the intrusion compromised the code signing certificate, posing a threat of distributing malware as legitimate software. The company has taken steps to address the situation, including revoking security certificates, recommending password changes, and hiring … Read more
January 24, 2024 at 05:06AM The US, UK, and Australia have sanctioned Russian national Alexander Ermakov for his alleged involvement in the 2022 ransomware attack on Australia’s Medibank. Ermakov was linked to the cyberattack and targeted for the first time under Australian cyber sanction powers. The US and UK followed suit, imposing similar sanctions in … Read more
January 22, 2024 at 08:45AM Security researchers detect exploitation attempts for the critical CVE-2023-22527 vulnerability affecting older Atlassian Confluence servers, potentially exposing them to remote code execution. Atlassian provides fixes for affected versions and reports multiple attempts to exploit the flaw, mainly from Russian IP addresses. Server administrators are advised to update to a secure … Read more
January 19, 2024 at 03:28PM Many Payoneer users in Argentina woke up to find their 2FA-protected accounts hacked, with funds stolen after receiving SMS OTP codes while sleeping. Suspected hacking methods include a potential Movistar data leak or a breached SMS provider. Payoneer has not provided specific answers but acknowledged the fraud and advised users … Read more
January 17, 2024 at 10:10AM The Border0 security researchers have identified a malicious extortion bot targeting publicly exposed PostgreSQL and MySQL databases with weak passwords. This bot autonomously wipes out vulnerable databases and leaves a ransom note, claiming to back up the data when in reality it only saves a small portion. It has managed … Read more
January 10, 2024 at 01:59PM Ivanti has disclosed two zero-day vulnerabilities in its Connect Secure (ICS) and Policy Secure products. The CVE-2023-46805 flaw bypasses authentication, while CVE-2024-21887 allows arbitrary command execution. Chaining the two enables attackers to run commands without authentication. Ivanti is working on patches, with mitigation available until then. The company reports limited … Read more
January 3, 2024 at 05:52PM Today, Mandiant’s Twitter account was hijacked by threat actors, who impersonated the Phantom crypto wallet and shared a fraudulent cryptocurrency scam. Mandiant is aware of the incident and is working to resolve it. The attackers rebranded the account and promoted a fake website, posing a phishing threat. The original Mandiant … Read more