Electronic Warfare Associates (EWA), a US defense contractor, has confirmed a data breach in which attackers exfiltrated files containing personal information. The breach began with a phishing attack that had "some limited impact" on EWA email accounts, officials report in a notification letter. Their investigation determined an attacker broke into EWA email accounts on Aug. 2, 2021, the organization learned of the attack when the intruder attempted wire fraud. READ MORE...
Cybersecurity firm Palo Alto Networks warned over the weekend of an ongoing hacking campaign that has already resulted in the compromise of at least nine organizations worldwide from critical sectors, including defense, healthcare, energy, technology, and education. To breach the orgs networks, the threat actors behind this cyberespionage campaign exploited a critical vulnerability (CVE-2021-40539) in Zoho's enterprise password management solution known as ManageEngine ADSelfService Plus. READ MORE...
Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off with victims' Microsoft Office 365 and Google email credentials. According to researchers at Armorblox, they spotted one such campaign lobbed at an unnamed global communications company, with nearly a thousand employees targeted just within that one organization. "The email claimed to contain a secure file sent via Proofpoint as a link," they explained in a posting on Thursday. READ MORE...
Ransomware groups have made millions off attacks on native tribal casinos in the U.S., just over the past few months. A notification issued by the Federal Bureau of Investigation (FBI) cybercrime unit, according to a new report from Bleeping Computer, said that ransomware attacks on tribal casinos date back to 2016 - but a recent uptick has raised the alarm. The alert reportedly identified notorious ransomware groups which have launched successful attacks on casinos, shutting down operations and stealing data. READ MORE...
A thirty-month international law enforcement operation codenamed 'Operation Cyclone' targeted the Clop ransomware gang, leading to the previously reported arrests of six members in Ukraine. In June, BleepingComputer reported that Ukrainian law enforcement arrested members of the Clop ransomware gang involved in laundering ransom payments. This Friday, new information came to light regarding how the operation was conducted and the law enforcement agencies involved. READ MORE...
A newly observed Babuk ransomware campaign is targeting ProxyShell vulnerabilities in Microsoft Exchange Server, according to security researchers at Cisco Talos. The researchers spotted signs that the attackers are leveraging a China Chopper web shell for the initial compromise, and then use that for the deployment of Babuk. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the issues were addressed in April and May, with technical details made public in August. READ MORE...
The Philips Tasy EMR, used by hundreds of hospitals as a medical record solution and healthcare management system, is vulnerable to two critical SQL injection flaws. The vulnerabilities are tracked as CVE-2021-39375 and CVE-2021-39376, and both have a severity score of 8.8 in CVSS v3. These are SQL injection flaws via two parameters, relying on the improper escaping of special characters in SQL commands. The affected versions of the product are Tasy EMR HTML5 3.06.1803 and prior. READ MORE...
The United States Cybersecurity and Infrastructure Security Agency (CISA) this week warned on proof-of-concept (PoC) code for the BrakTooth Bluetooth vulnerabilities now being publicly available. BrakTooth is the name researchers with the Singapore University of Technology and Design gave to a set of roughly two dozen vulnerabilities in commercial Bluetooth Classic (BT) stacks and which affect system-on-chips (SoCs) running Bluetooth 3.0 + HS to Bluetooth 5.2. READ MORE...