The LockBit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow. Capital Health is a primary healthcare service provider in New Jersey and parts of Pennsylvania, operating two major hospitals and several satellite and specialty clinics. Last November, the organization experienced an IT systems outage following a cyberattack on its network. READ MORE...
Web3 security outfit CertiK has fallen foul of scammers, who managed to hijack its Twitter account to share a malicious link to a fake version of the Revoke.cash project. Security-auditing company CertiK, which boasts over 340,000 followers on its main Twitter account, posted a warning that its tweets should not currently be trusted. In a later tweet, CertiK shared details of what it believed had happened. READ MORE...
Security researchers have put out an updated decryptor for the Babuk ransomware family, providing a free solution for victims of the Tortilla variant. A collaboration between Cisco Talos, Avast, and the Netherlands police led to the development of the new decryptor and the arrest of the criminals behind the variant. According to Cisco Talos, the Amsterdam police force arrested the individual behind Babuk Tortilla, and the Dutch Public Prosecution Office prosecuted them. READ MORE...
A report from the Netherlands claims that a Dutch man played a key role in the notorious Stuxnet worm attack against an Iranian nuclear facility, which then accidentally escaped into the wider world. It's not news that the US and Israel are widely believed to be the creators of the sophisticated Stuxnet malware, which exploited zero-day flaws to sabotage Iran's uranium enrichment facilities at Natanz, or that the US is believed to have later tried to use a version of Stuxnet against North Korea's nuclear weapons program. READ MORE...
Merck reached a settlement with its insurance providers in the closely watched dispute in a New Jersey Supreme Court case over $1.4 billion in claims stemming from the NotPetya cyberattack. The pharmaceutical company reached a last-minute agreement with insurance providers just prior to oral arguments, Bloomberg Law reported, citing stipulations filed with the court Wednesday. Terms of the settlement were not disclosed. READ MORE...
Vulnerabilities found in Bosch Rexroth nutrunners used in the automotive industry could be exploited by hackers seeking direct financial gain or threat actors looking to cause disruption or reputational damage to the targeted organization, according to OT cybersecurity firm Nozomi Networks. Nozomi researchers found security holes in Bosch Rexroth's NXA015S-36V-B product, a cordless, handheld pneumatic torque wrench (also known as a nutrunner) designed for safety-critical tightening operations. READ MORE...
SonicWall says it has observed thousands of daily attempts to exploit an Apache OFBiz zero-day for nearly a fortnight. The near-maximum severity zero-day vuln in OFBiz, an open source ERP system with what researchers described as a surprisingly wide install base, was first disclosed on December 26. Since then, attackers have gone for it with large numbers of exploitation attempts. READ MORE...
A critical vulnerability in the Cacti Web-based open source framework for monitoring network performance gives attackers a way to disclose Cacti's entire database contents - presenting a prickly risk for organizations. Thousands of websites use Cacti to collect network performance information such as that related to bandwidth utilization, CPU and memory usage, and disk I/O from devices such as routers, switches, and servers. READ MORE...