Month: April 2024
SUMMARY Note: This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Visit stopransomware.gov to…
Read More
Police have successfully infiltrated and disrupted the fraud platform “LabHost”, used by more than 2,000 criminals to defraud victims worldwide. A major international operation, led by the UK’s Metropolitan Police, has seized control of LabHost, which has been helping cybercriminals create phishing websites since 2021 to steal sensitive information like passwords, email addresses, and bank…
Read MoreCISA released three Industrial Control Systems (ICS) advisories on April 18, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. CISA encourages users and administrators to review the newly released ICS advisories for technical details and mitigations. Source link wse3 wse3 wse3 wse3 wse3 wse3 wse3 wse3 wse3 wse3…
Read More
The international hotel chain Omni Hotels & Resorts has confirmed that a cyberattack last month saw it shut down its systems, with hackers stealing personal information about its customers. In the aftermath of the attack, hotel guests reported that they had been forced to check in on paper, that room keys didn’t work, and all…
Read MoreChange Healthcare data for sale on dark web as fallout from ransomware attack spirals out of control
February’s crippling ransomware attack against Change Healthcare, which saw prescription orders delayed across the United States, continues to have serious consequences. The cybercriminal group RansomHub published a portion of what it claims to be the many millions of patient records it stole in the attack on the dark web, including medical information, insurance records, and…
Read More
Apr 18, 2024NewsroomIncident Response / Cyber Espionage Select Ukrainian government networks have remained infected with a malware called OfflRouter since 2015. Cisco Talos said its findings are based on an analysis of over 100 confidential documents that were infected with the VBA macro virus and uploaded to the VirusTotal malware scanning platform. “The documents contained…
Read MoreOracle released its quarterly Critical Patch Update Advisory for April 2024 to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Users and administrators are encouraged to review the following Critical Patch Update Advisory and apply the necessary updates: Source link…
Read More
Apr 18, 2024NewsroomCyber Attack / Malware The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak). “FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights,” the BlackBerry…
Read More
A severe vulnerability (CVE-2024-31497) has been discovered in PuTTY, a widely used SSH and Telnet client. This flaw could allow attackers to steal users’ NIST P-521 private keys, potentially granting them unauthorized access to servers protected by those keys. Vulnerability Details The vulnerability lies in PuTTY’s generation of electronic signatures using Elliptic Curve Digital Signature…
Read More
Extended BPF emerged in the last decade as a way to interact with the Linux kernel via a sandboxed runtime layer without needing to modify the kernel itself. Now widely adopted across the industry, eBPF makes it possible to see what’s happening at kernel level in real-time, critical to cloud monitoring and security in Kubernetes…
Read More