Cyber Security Threats
Stay informed about the ever-evolving landscape of cyber threats. Explore the latest developments in malware, ransomware, and zero-day vulnerabilities, and learn how to protect your digital assets from these risks.
How Sniper Dz Enables Over 140,000 Credential Theft Scams
In the past year, the phishing-as-a-service (PhaaS) platform known as Sniper Dz has facilitated over 140,000 cyberattacks. The free platform offers tools to help cybercriminals target user credentials, making phishing campaigns easier to launch even … Read more
Vulnerabilities in Linux CUPS Printing System Expose Network Risks
Linux systems have recently come under threat due to a set of Remote Code Execution (RCE) vulnerabilities identified in the Common Unix Printing System (CUPS). These vulnerabilities, classified as severe, have the potential to enable … Read more
Sparkling Pisces Unleashes New Malware: KLogEXE and FPSpy
Sparkling Pisces is a North Korean threat actor group recognized for its cyberespionage operations and spear-phishing campaigns. Unit 42 researchers recently identified two new malware variants linked to this group, named KLogEXE and FPSpy. These … Read more
Storm-0501 Threatens Hybrid Cloud Security with Ransomware Attacks
The financially motivated cybercriminal group known as Storm-0501 is targeting U.S. industries, including government, manufacturing, transportation, and law enforcement, through ransomware attacks on hybrid cloud environments. Microsoft has detailed how this group’s multi-stage attack campaigns … Read more
PondRAT Backdoor Hidden in Python Packages Hits Developers
Researchers at Unit 42 have uncovered a new campaign that involves the delivery of Linux and macOS backdoors through poisoned Python packages. These packages are uploaded to the popular PyPI repository, and have been linked … Read more
Europol Leads International Effort to Shut Down Phone Unlocking Phishing Scheme
An international criminal network responsible for a large-scale phishing scheme targeting mobile phone credentials has been dismantled in a coordinated operation led by Europol and law enforcement agencies across six countries. The operation, codenamed “Operation … Read more
The Resurgence of TeamTNT
Recent investigations suggest that the well-known threat group “TeamTNT”, may be back in operation. The group that is infamous for targeting cloud environments like Docker, Kubernetes, and Redis, has left traces in new attacks observed … Read more
New Phishing Attack Targeting Major Sectors
A new type of phishing attack is deceiving users into giving up sensitive login credentials. Researchers from Palo Alto Networks’ Unit 42 have found these phishing campaigns that use refresh entries in HTTP response headers … Read more
Russian GRU Unit 29155 Targeting Infrastructure Worldwide
In a recent advisory issued on September 5th, 2024, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) discuss the cyber activities of Russia’s GRU … Read more
The inside threat: Mitigation of the risks of deliberate data violations and corporate sabotage
It is well known most data breaches come from employee error, some 88% according to Stanford University Professor Jeff Hancock in fact. As difficult as a costly mistake may be for a business to accept, … Read more
Why RansomHub is a Growing Threat Across Sectors
Since its emergence in early 2024, RansomHub has quickly expanded its operations and now affects over 210 victims across various sectors. This ransomware-as-a-service (RaaS) variant has become a player in the world of cybercrime, targeting … Read more
The Rise of In-Memory Threat ‘PEAKLIGHT’
Recent cybersecurity research has uncovered an attack chain utilizing a memory-only malware downloader, known as PEAKLIGHT. This PowerShell-based downloader uses a multi-stage infection process, with a range of obfuscation techniques to evade detection and deliver … Read more
The Hidden Security Threat in Contactless Key Cards
A security flaw has been discovered in millions of contactless key cards used worldwide for office and hotel access. French cybersecurity firm Quarkslab has identified a hardware backdoor in chips manufactured by Shanghai Fudan Microelectronics … Read more
Radar/Dispossessor Ransomware Group Operations Disrupted by the FBI
The Federal Bureau of Investigation (FBI) spearheaded a global operation that successfully dismantled the infrastructure of the Radar/Dispossessor ransomware group, a criminal ransomware-as-a-service (RaaS) group led by someone known as ‘Brain’. The operation led to … Read more
SMS Phishing Tool Xeon Sender Abuses SaaS Platforms for Large-Scale Campaigns
Xeon Sender is a cloud-based tool that has cybersecurity experts increasingly concerned, due to its use by attackers to conduct large-scale SMS spam and phishing campaigns by exploiting legitimate software-as-a-service (SaaS) providers. The tool has … Read more
Blood Supplies Affected by Ransomware Attack on OneBlood
OneBlood, a nonprofit blood donation organization based in Florida, encountered a ransomware attack that is impacting its capability to supply blood to hospitals in the U.S. OneBlood supplies blood to about 250 hospitals in Alabama, … Read more
74% of Ransomware Victims Suffered Multiple Ransomware Attacks
A new study by the cybersecurity company Semperis showed that companies tend to be attacked by ransomware groups several times. 74% of organizations that encountered a ransomware attack reported experiencing multiple attacks. These attacks caused … Read more
The Cyber Espionage Campaign Threatening Japan
A newly discovered cyber espionage operation, referred to as “Cuckoo Spear,” has brought to light the ongoing activities of a state-backed Chinese hacking group that has been quietly infiltrating Japanese organizations. This covert campaign is … Read more
Phishing Attack on Memorial Sloan Kettering Cancer Center
Memorial Sloan Kettering Cancer Center (MSK) based in New York City has reported the compromise of the protected health information (PHI) of 12,274 people due to a phishing attack. On April 26, 2024, MSK discovered … Read more
$950,000 Paid by Heritage Valley Health System to Resolve Alleged HIPAA Violations
The 3-hospital health system has over 50 doctor clinics and numerous community satellite services in eastern Ohio, Pennsylvania, and the panhandle of West Virginia. In 2017, Heritage Valley was impacted by a worldwide malware attack. … Read more
Ransomware Group Exposes 300 Million Patients’ Data
The Qilin ransomware group, believed to be Russian, uploaded to its dark web leak site the information stolen during the attack on Synnovis because of non-payment of the $50 million ransom demand. On June 3, … Read more
Healthcare Cybersecurity Awareness Training Course Launched by ComplianceJunction
ComplianceJunction has created a new training course for healthcare organizations to allow them to raise employee awareness of the common cyber threats that provide hackers with access to healthcare networks and employee, patient, and client … Read more
How to Identify Phishing Emails
Investigations of cyberattacks and data breaches often reveal the initial access vector to be a phishing email. Phishing provides threat actors with a foothold from where they can achieve an organziation-wide compromise, so teaching employees … Read more
Liability for Cyber Incidents
The rapid digitisation of every aspect of our lives has led to an ever-increasing risk of cyber incidents for all types of business. Significant financial losses, disruptions to operations, damage to reputation, and legal consequences … Read more
BreachForums, Major Personal Data Sales Platform, Seized by the FBI
On May 15, 2024, the FBI, in collaboration with international law enforcement agencies, seized the notorious cybercrime forum BreachForums. This action marks a severe blow to a site that has been a major marketplace for … Read more
Rabotnik, a Ukrainian hacker affiliated with REvil Ransomware Group, sentenced to 13 years in prison
On May 1st, a Texas court sentenced Yaroslav Vasinskyi, also known as “Rabotnik,” to over 13 years in prison, marking a significant chapter in the global efforts to dismantle the REvil ransomware group. At just … Read more
LightSpy Malware: An Hidden Threat to iPhone Users
A sophisticated spyware attack has been uncovered, targeting certain iPhones. After Apple issued a warning, cybersecurity experts were able to trace the origins of the LightSpy malware, revealing a highly advanced spyware with potential links … Read more
Unite Here Data Breach And Lurie Children’s Hospital Cyberattack
791,000 People Affected by UNITE HERE Data Breach The labor Union, UNITE HERE, located in New York has 300,000 working individuals all over the United States and Canada. It recently filed a breach report to … Read more
Anonymous Leak Reveals China’s Cyber Operations
Documents purporting to have been stolen from a subcontractor of China’s Ministry of Public Security have been published on GitHub. These commercial documents (whose authenticity, impossible to confirm completely, is nevertheless highly probable, given their … Read more
A Global Offensive Neutralized The LockBit Ransomware Group
The LockBit ransomware group, identified as one of the most prolific cybercriminal organizations, has been neutralized through a coordinated international law enforcement effort. Emerging in 2020, LockBit quickly ascended to infamy by deploying a ransomware-as-a-service … Read more
US Federal Authorities Announced the Takedown of Warzone RAT Malware Service
The US Department of Justice (DoJ) recently announced the takedown of the Warzone RAT malware service as part of a coordinated international response to cybercrime. This malware, known for allowing unauthorized remote access to victims’ … Read more
FBI Targets Chinese KV Botnet in Cybersecurity Crackdown
FBI says a December 2023 court-authorized operation has successfully dismantled the KV Botnet, a network of infected routers controlled by the Chinese hacker group Volt Typhoon. This botnet was a critical tool for Volt Typhoon, … Read more
Patch for Fortra GoAnywhere Critical Vulnerability and Unauthorized Remote Access Using the ScreenConnect Tool
Fortra has announced a critical vulnerability identified in its GoAnywhere Managed File Transfer (MFT) solution and also issued a patch. Vulnerability CVE-2024-0204 is an authentication bypass bug caused by a path traversal weakness. An unauthenticated … Read more
A Cybersecurity Vulnerability in TeamViewer used for Ransomware Attacks
TeamViewer, the world famous remote access tool, has emerged as a significant vulnerability in the cybersecurity landscape. Recent investigations have highlighted its exploitation in deploying ransomware, particularly the notorious LockBit 3.0. These incidents underscore an … Read more
Unauthorized Use of Software and Cloud Services is a Major Security Risk
Many businesses concentrate on technical measures to protect them against cyberattacks. They invest in firewalls, multifactor authentication, advanced email security solutions, and web filters to block attacks at source, yet often neglect the human factor … Read more
Urgent Action Needed on Citrix Bleed Vulnerability as Ransomware Attacks Increase
Ransomware groups are exploiting a critical vulnerability identified in NetScaler ADS (earlier known as Citrix ADC) and NetScaler Gateway (Citrix Gateway) devices, referred to as Citrix Bleed. On October 10, 2023, Citrix released a security … Read more
Advisories on Critical ownCloud Vulnerabilities, Critical FortiSIEM Vulnerability and Emotet Malware Threat
HC3 Alerts HPH Sector Regarding Critical FortiSIEM Vulnerability and Ongoing Emotet Malware Threat The Health Sector Cybersecurity Coordination Center (HC3) has alerted healthcare companies that utilize Fortinet’s FortiSIEM platform to fix a critical vulnerability that … Read more
Malvertising Campaign Leads to Cactus Ransomware Attack
There are many ways that cybercriminals gain access to business networks, including phishing attacks and exploiting unpatched vulnerabilities. Many businesses now provide security awareness training to employees to improve phishing awareness, but it is also … Read more
Sentinel Event Alert and State of External Exposure Management
Joint Commission Issues Guidance on Ensuring Patient Safety After a Cyberattack The Joint Commission has published a Sentinel Event Alert offering guidance on keeping patient safety after a cyberattack. There has been an increase in … Read more
Email Sextortion Scams are on the Rise
Email is commonly used by threat actors for initial contact with victims and while most attacks attempt to steal credentials or distribute malware distribution, another type of scam has been steadily increasing. Sextortion scams have … Read more
Vulnerabilities Found in 1,900 Citrix NetScaler Devices and Limited Use of Generative AI by Malicious Actors
Malicious Actors Still Limit the Use of Generative AI It is feared that malicious actors will take advantage of generative AI to support their malicious pursuits; nevertheless, the use of generative AI by malicious actors … Read more
Cybercriminals Turn to Web Browsing to Deliver Ransomware
Ransomware attacks have increased significantly in 2023 and the file encrypting malware is now used in around 20% of cyberattacks. Ransomware is used to encrypt business-critical files to prevent access, and a ransom demand is … Read more
Top Industries Targeted by Cyber Threat Actors and 2022’s Most Often Exploited Vulnerabilities
Top Targets for Cyber Threat Actors According to Blackberry’s most recent Global Threat Intelligence Report, the two most attacked sectors are healthcare and financial services. The information for the report was gathered between March and … Read more
Search Engine Ads Abused to Gain Initial Access to Business Networks
Employees are being targeted in a new malvertising campaign that uses Google and Bing Ads offering a variety of trojanized installers for software solutions such as AnyDesk, Cisco AnyConnect VPN, and WinSCP. These campaigns deliver … Read more
New MOVEit Zero-Day Vulnerability, Critical Vulnerability in VMware Aria Operations for Networks, and CISCO AnyConnect Secure Vulnerability
Progress Software Alerts of New MOVEit Zero-Day Vulnerability – Quick Action Necessary Progress Software has released an alert concerning a new vulnerability identified in its MOVEit Transfer file transfer software program. It is an exploit … Read more
Malicious Ads and Phishing Emails Used to Distribute RomCom Malware
RomCom malware is being distributed via a range of websites that claim to offer downloads of popular software solutions such as AstraChat, GIMP, Go To Meeting, and ChatGPT, and traffic is being sent to those … Read more
Threat Actors Increasingly Using Google Ads for Malware Distribution
Malicious actors are abusing Google Ads to drive traffic to malicious websites where malware is downloaded, and abuse of Google Ads for malware distribution is increasing. Google places its Ad blocks at the top of … Read more
Major Phishing Campaign Targets Facebook Credentials
While many phishing scams target Microsoft 365 credentials due to the usefulness of the accounts and the data they hold, social media credentials are also highly prized. If a phisher is able to steal Facebook … Read more
Increase in Adversary-in-the-Middle Phishing Attacks That Allow MFA to be Bypassed
Security experts have long recommended that multi-factor authentication be implemented to protect against phishing attacks and for good reason. Single-factor authentication – a password – provides a degree of protection against unauthorized account access; however, … Read more
Data Breaches Reported by Dental Health Management Solutions, Nursing Rehab Centre, The Chautauqua Center, Northeast Surgical Group, and White Bird Clinic
Dental Health Management Solutions Alerted Patients About Historic Data Breach Dental Health Management Solutions (DHMS) based in Cedar Park, TX provides the military/government and private individuals with dental services. It recently reported the exposure of … Read more