The FBI has issued an alert to warn US-based companies and law enforcement agencies that threat actors are sending fake emergency data requests with the goal of harvesting personally identifiable information (PII). An emergency data request enables law enforcement agencies to obtain information from online service providers in emergency situations, when there is no time to get a subpoena. READ MORE...
The information of over 300,000 Presbyterian Healthcare Services patients was compromised as a result of a data breach at law firm Thompson Coburn. In a recent data security incident notice, Thompson Coburn said it had detected unauthorized activity on its network on May 29. An investigation showed that files containing protected health information belonging to patients of its client, Presbyterian Healthcare Services, had been viewed or taken. READ MORE...
Debt relief solutions provider Forth (Set Forth) is notifying 1.5 million individuals that their personal information was compromised in a May 2024 data breach. The incident, the company revealed in a Friday announcement, was discovered on May 21 and prompted the activation of incident response protocols. On July 1, Forth determined that the attackers accessed certain documents on its systems, including files containing personal information. READ MORE...
Hackers are targeting Windows machines using the ZIP file concatenation technique to deliver malicious payloads in compressed archives without security solutions detecting them. The technique exploits the different methods ZIP parsers and archive managers handle concatenated ZIP files. This new trend was spotted by Perception Point, who discovered a a concatentated ZIP archive hiding a trojan while analyzing a phishing attack that lured users with a fake shipping notice. READ MORE...
Halliburton CEO Jeff Miller said an August cyberattack and storms in the Gulf of Mexico resulted in a 2 cents a share impact on its adjusted earnings due to lost or delayed revenue, during a quarterly conference call with Wall Street analysts. The company reported $35 million in charges directly due to the attack. The attack impacted free cash flow during the quarter due to delayed billing and collections, Miller said. READ MORE...
On October 28th, 2024, the Dutch National police, alongside the FBI, Eurojust, and several other law enforcement organizations, performed a takedown of the infamous RedLine Stealer malware-as-a-service operation, and its clone called META Stealer. This global effort, named Operation Magnus, resulted in the takedown of three servers in the Netherlands, the seizure of two domains, two people being taken into custody in Belgium, and the unsealing of charges against one of the alleged perpetrators. READ MORE...
Newpark Resources, a Texas-based oil drilling fluids system and composite matting systems provider, announced in a filing with the Securities and Exchange Commission (SEC) that it is dealing with the fallout of a ransomware attack it faced earlier this week. The company has not shared details as to how the attackers gained access to its network, nor who the threat actors are or why they may have targeted Newpark. READ MORE...
The operator of the longest-running money laundering machine in dark web history, Bitcoin Fog, has been sentenced to 12 years and six months in US prison. Roman Sterlingov, 36, a Russian-Swedish national, was also ordered to repay more than half a billion dollars accrued from the cryptocurrency mixing service that he ran for a decade between 2011 and 2021. Bitcoin Fog was assessed to have processed 1.2 million Bitcoin during that time, worth roughly $400 million at the time it was shuttered. READ MORE...
Attackers are actively exploiting a critical vulnerability in Palo Alto Networks Expedition, the security vendor's tool for migrating customers over from other vendors. The Cybersecurity and Infrastructure Security Agency added CVE-2024-5910 to its known exploited vulnerabilities catalog on Thursday. Palo Alto Networks alerted customers to the vulnerability in a July 10 security advisory and issued a patch via a software update. READ MORE...
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. The flaw, tracked as CVE-2024-10914, has a critical 9.2 severity score and is present in the 'cgi_user_add' command where the name parameter is insufficiently sanitized. An unauthenticated attacker could exploit it to inject arbitrary shell commands by sending specially crafted HTTP GET requests to the devices. READ MORE...