December 20, 2023 at 05:13PM A data breach at ESO Solutions has affected 2.7 million patients, compromising their sensitive personal data, including Social Security numbers and medical information. The breach resulted from a ransomware attack in September 2023. Victims are advised to take precautions and consider legal action. Console & Associates, P.C. is offering assistance … Read more
December 20, 2023 at 04:33PM Cybercriminals are targeting hotel staff by sending emails that exploit their emotions and urgency to download password-stealing malware. Examples include false complaints, requests for assistance, and emotional scenarios. The ultimate goal is to steal hotel management credentials, which have been used in attacks against Booking.com customers. This has led to … Read more
December 20, 2023 at 11:22AM Cybercriminals can exploit weak passwords to wreak havoc on businesses, as evidenced by the prevalence of password-based cyber attacks. Notable breaches in 2023 included 23andMe, Norton, and Freecycle, exposing millions of users’ data. Recovering from such compromises requires effective incident response, including password resets and information disclosure. Businesses should prioritize … Read more
December 19, 2023 at 07:19PM Approximately 35 million consumers are being informed of a data breach compromising their confidential information, caused by a Citrix software vulnerability used by Xfinity. Console & Associates, P.C. is investigating and informing affected individuals of their rights. Victims should take steps to protect themselves and consider legal representation for potential … Read more
December 18, 2023 at 11:29AM The FBI, CISA, and ASD’s ACSC jointly warn that the Play ransomware gang has targeted approximately 300 organizations globally between June 2022 and October 2023, impacting critical infrastructure. The group employs unconventional tactics, including stealing sensitive data and using a custom VSS Copying Tool. Organizations are urged to address vulnerabilities … Read more
December 17, 2023 at 08:16PM ASPI uncovered the Shadow Play campaign on YouTube, involving 30 channels spreading pro-China and anti-US narratives. An AI-generated avatar was used. CFO Nilanjan Roy resigned from Infosys, the fourth exec departure in 2023. China proposed quick data breach reporting. Indonesia supports TikTok’s partnership with GoTo. China’s C919 and ARJ21 jets … Read more
December 17, 2023 at 04:52PM The Rhadamanthys information-stealing malware has recently released two major versions with added improvements, such as new stealing capabilities, enhanced evasion, and a new plugin system for customization. These updates indicate a shift towards a more modular and customizable framework, making it a more formidable tool for cybercriminals. From the meeting … Read more
December 17, 2023 at 04:48PM Database company MongoDB reported a hack of its corporate systems, disclosing that customer account metadata and contact information were part of the stolen data. The company detected suspicious activity on December 13th and confirmed later that hackers had access to its systems before discovery. MongoDB recommended customer vigilance against potential … Read more
December 17, 2023 at 04:44PM Summary: Receiving an unprompted one-time passcode (OTP) in an email or text suggests stolen credentials, highlighting the theft of legitimate corporate network access. Cyberattacks exploit these credentials for data theft, espionage, ransomware, and financial fraud. Multi-factor authentication (MFA) enhances security, reducing successful breaches but caution is advised with SMS and … Read more
December 16, 2023 at 02:48AM China’s Ministry of Industry and Information Technology unveils a draft proposal for a color-coded system to address data security events. The proposal categorizes incidents into four tiers based on harm level and requires affected companies to assess and report incidents to the local industry supervision department. Public comments are open … Read more