Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. The company says that the cyberattack impacted only customers who made purchases from the Samsung UK online store between July 1, 2019, and June 30, 2020. Samsung discovered the data breach two days ago, on November 13, and determined that it was the result of a hacker exploiting a vulnerability in a third-party application the company used. READ MORE...
PJ&A (Perry Johnson & Associates) is warning that a cyberattack in March 2023 exposed the personal information of almost nine million patients. PJ&A provides medical transcription services to healthcare organizations in the United States. The company said the threat actors breached their network and had access between March 27 and May 2, 2023. Its investigation revealed that information had been exposed to the threat actors, including Social Security numbers and insurance information. READ MORE...
The US Justice Department announced on Wednesday that a man who admitted being an administrator of a now-defunct cybercrime forum named Darkode has been sentenced to prison. Thomas Kennedy McCormick, aka 'Fubar', a 30-year-old from Cambridge, Massachusetts, has been sentenced to 18 years in prison for his role in running Darkode. The sentence also includes three years of supervised release. READ MORE...
An alarm system company that allows those in need to ask for help at the touch of a button has suffered a cyberattack, causing serious disruption. Tunstall Netherlands says the attack left the control room struggling to receive distress calls from clients on Sunday November 12, 2023. Tunstall, among others, provides services and systems to allow smart monitoring in various healthcare settings. READ MORE...
Affiliates of the ALPHV/BlackCat ransomware-as-a-service operation are turning to malvertising campaigns to establish an initial foothold in their victims' systems. Paid adverts for popular business software such as Slack and Cisco AnyConnect are being used to lure corporate victims into downloading malware that in turn leads to ransomware deployment. Rather than downloading the legitimate software, victims are instead infected with Nitrogen malware. READ MORE...
The FBI is warning that fraudsters are using the war in Gaza to solicit cryptocurrencies from the sympathetic. On Nov. 14, and Nov. 6, different branches of the FBI published alerts that cybercriminals are masquerading as fundraisers and charities, using emails, social media, cold calls, and crowdfunding websites to convince victims that their money will go to either Palestinian or Israeli victims of the conflict. READ MORE...
Attackers are actively exploiting a quintet of vulnerabilities in Juniper Junos OS devices, the Cybersecurity and Infrastructure Security Agency warned in a Thursday alert. The vendor warned the vulnerabilities can be chained to remotely execute code. Juniper disclosed and patched four of the vulnerabilities in mid August, including one with a critical severity CVSS rating of 9.8 out of 10, and reported the fifth vulnerability in late September. READ MORE...
Novel weaknesses in Google Workspace have been exposed by researchers, with exploits potentially leading to ransomware attacks, data exfiltration, and password decryption. Researchers at Bitdefender say the methods could also be used to access Google Cloud Platform (GCP) with custom permissions and could move from machine to machine. The infoseccers say Google told them the weaknesses would not be addressed and won't receive any security fixes since they fall outside the company's threat model. READ MORE...