June 21, 2024 at 05:11PM Los Angeles Unified School District confirmed a data breach from its Snowflake account, with student and employee data stolen by threat actors. After investigations by Snowflake, Mandiant, and CrowdStrike, it was revealed that at least 165 organizations were targeted due to lack of multi-factor authentication. Multiple threat actors put the … Read more
June 19, 2024 at 07:00AM Cybersecurity firm Trend Micro discovered a new threat group targeting Chinese-speaking users with a campaign dubbed Void Arachne. The attack employs malicious Windows Installer files for VPNs to distribute the Winos 4.0 command-and-control framework. The campaign involves social media and messaging platforms and promotes compromised files with deepfake and AI … Read more
June 17, 2024 at 10:14AM Submit clever cybersecurity-related captions for a chance to win a $25 Amazon gift card by emailing [email protected] with the subject line “Dark Reading June Toon,” or via X, Facebook, and LinkedIn. Last month’s winner, James N., received the prize for the caption “Buzz Kill.” Submission deadline: July 10, 2024. Thanks … Read more
June 4, 2024 at 11:44AM Debt collection agency FBCS reports a data breach affecting over 3.2 million people, including compromised personal information like SSN, date of birth, and account details. Notice recipients will receive instructions for free credit monitoring and are advised to be wary of potential risks. FBCS assures stronger security measures moving forward. … Read more
May 30, 2024 at 12:09PM Summary: A new cyber espionage threat actor called LilacSquid has been conducting targeted attacks in the US, Europe, and Asia since 2021, aiming to steal data from various sectors. The actor deploys a mix of open-source tools and custom malware, including a distinctive variant of Quasar RAT codenamed PurpleInk. This … Read more
May 15, 2024 at 11:21AM Recorded Future warned of a malicious campaign leveraging a genuine GitHub profile to distribute malware such as Atomic macOS Stealer, Vidar, and Octo. Russian-speaking threat actors operating in the Commonwealth of Independent States were implicated. The campaign used a singular command-and-control infrastructure and impersonated legitimate applications. Organizations were urged to … Read more
May 10, 2024 at 12:47PM Ascension, a healthcare provider operating 140 hospitals, suffered a cyberattack affecting essential systems like electronic health records and patient communication platforms. The organization has paused non-emergency procedures and is diverting some emergency services. Incident response help has been sought, and patient data exposure is being investigated. The attack highlights healthcare’s … Read more
May 7, 2024 at 03:44PM Recent breach in UK Ministry of Defence’s system by threat actor raises concerns. Personal data of military personnel compromised. However, MoD assured no major impact on payments and pensions. Investigation ongoing to determine the extent of the breach. Suspected foreign state involvement, possibly China, reported by media. Veterans and personnel … Read more
May 2, 2024 at 06:08AM Nation-state espionage is increasingly using Microsoft’s services for their command-and-control needs, finding it more economical and effective than maintaining their own infrastructure. For example, Symantec discovered “BirdyClient,” a malware leveraging Microsoft Graph to operate through OneDrive. Multiple groups, including APT37 and Cozy Bear, have used this technique, requiring organizations to … Read more
May 1, 2024 at 07:12AM The ZLoader malware, resurfaced after a two-year hiatus, has evolved with new anti-analysis features that make it harder to detect and analyze. It now restricts execution to the infected machine and employs techniques to avoid running on different hosts. Additionally, threat actors are utilizing fraudulent websites to spread malware through … Read more