Excelsior Orthopaedics Data Breach Impacts 357,000 People
Excelsior Orthopaedics is notifying approximately 357,000 people that their personal and health information was compromised in a data breach resulting from a ransomware attack that came to light in June 2024. Operating several clinics in Amherst, New York, including the Buffalo Surgery Center and Northtowns Orthopaedics, Excelsior Orthopaedics is a healthcare company that specializes in orthopaedical treatment care. READ MORE...
Medical Billing Firm Medusind Says Data Breach Impacts 360,000 People
Florida-based medical and dental billing and revenue cycle management company Medusind has revealed that a data breach discovered in December 2023 impacts over 360,000 individuals. The company, which serves thousands of healthcare providers, revealed in letters sent to affected individuals that it discovered an intrusion on December 29, 2023. Affected individuals are being offered two years of free identity monitoring services. READ MORE...
GroupGreeting e-card site attacked in "zqxq" campaign
Malwarebytes recently uncovered a widespread cyberattack-referred to here as the "zqxq" campaign as it closely mirrors NDSW/NDSX-style malware behavior-that compromised GroupGreeting[.]com, a popular platform used by major enterprises to send digital greeting cards. This attack is part of a broader malicious campaign that takes advantage of trusted websites with high traffic, especially those that could experience a spike in visitors during busy seasons like the winter holidays. READ MORE...
Hackers release files stolen in cyberattack on Rhode Island benefits system
Cybercriminals who launched a cyberattack last month on Rhode Island's system for health and benefits programs have released files to a site on the dark web, according to a news release from Gov. Dan McKee's office. The statement indicated that state officials had been expecting the hackers to publish the stolen files from RIBridges to the dark web - a hidden part of the internet that allows users to hide their identity and location - if their ransom demands were not met. READ MORE...
APT groups are increasingly deploying ransomware - and that's bad news for everyone
There was a time when the boundary between cybercrime and state-aligned threat activity was rather easy to discern. Cybercriminals were fuelled solely by the profit motive. And their counterparts in the government carried out mainly cyberespionage campaigns, plus the occasional destructive attack, to further their employers' geopolitical goals. However, in recent months, this line has begun to dissolve, including when it comes to ransomware, a trend also noted by ESET's latest Threat Report. READ MORE...
Here's how hucksters are manipulating Google to promote shady Chrome extensions
The people overseeing the security of Google's Chrome browser explicitly forbid third-party extension developers from trying to manipulate how the browser extensions they submit are presented in the Chrome Web Store. The policy specifically calls out search-manipulating techniques such as listing multiple extensions that provide the same experience or plastering extension descriptions with loosely related or unrelated keywords. READ MORE...
Security pros baited with fake Windows LDAP exploit traps
Security researchers are once again being lured into traps by attackers, this time with fake exploits of serious Microsoft security flaws. Trend Micro spotted what appears to be a fork of the legitimate proof-of-concept (PoC) exploit for LDAPNightmare, initially published by SafeBreach Labs on January 1. But the "forked" exploit PoC actually leads to the download and execution of information-stealing malware. READ MORE...
Ivanti warns of new Connect Secure flaw used in zero-day attacks
Ivanti is warning that hackers exploited a Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 in zero-day attacks to install malware on appliances. The company says it became aware of the vulnerabilities after the Ivanti Integrity Checker Tool (ICT) detected malicious activity on customers' appliances. Ivanti launched an investigation and confirmed that threat actors were actively exploiting CVE-2025-0282 as a zero-day. READ MORE...
Mitel 0-day, 5-year-old Oracle RCE bug under active exploit
Cybercriminals are actively exploiting two vulnerabilities in Mitel MiCollab, including a zero-day flaw - and a critical remote code execution vulnerability in Oracle WebLogic Server that has been abused for at least five years. Here are the three, all of which the US Cybersecurity and Infrastructure Security Agency (CISA) added to its Known Exploited Vulnerabilities Catalog based on evidence of active exploitation: READ MORE...
- ...in 1890, Czech author and playwright Karel Capek, who coined the word "robot" in his play "R.U.R.", is born in Austria-Hungary.
- ...in 1923, Spanish aviator Juan de la Cierva makes the first flight in his autogyro, a precursor to the modern helicopter.
- ...in 1955, character actor J.K. Simmons ("Whiplash", "Spider-Man") is born in Grosse Pointe, MI.
- ...in 2007, Apple CEO Steve Jobs introduces the first iPhone at a Macworld keynote in San Francisco.
