Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents. Norton Healthcare serves adult and pediatric patients in more than 40 clinics and hospitals across Greater Louisville, Southern Indiana, and the Commonwealth of Kentucky. Norton Healthcare is Louisville's second-largest employer, with more than 140 locations throughout Greater Louisville and Southern Indiana. READ MORE...
Human trafficking for the purposes of populating cyber scam call centers is expanding beyond southeast Asia, where the crime was previously isolated. Interpol revealed this week that an ongoing investigation has discovered evidence of abuse emanating from South America and also the Middle East. Cambodia, Laos, and Myanmar have typically been the hotspots of this type of crime since 2021 when it was first tracked by Interpol. READ MORE...
The Spanish police have arrested one of the alleged leaders of the 'Kelvin Security' hacking group, which is believed to be responsible for 300 cyberattacks against organizations in 90 countries since 2020. News of the arrest of a leader of the financial component of the group was posted to the Spanish National Police's Telegram channel Sunday morning, stating that the threat actors are linked to attacks on government institutions across Spain, Germany, Italy, Argentina, Chile, Japan, and the United States. READ MORE...
Cyberattacks and data breaches are exposing personal data at an ever-growing rate, according to an Apple-commissioned study conducted by Stuart Madnick, professor of IT at Massachusetts Institute of Technology, published Thursday. More than 2.6 billion personal records were compromised in 2021 and 2022, and the number of records breached jumped 36% in 2022 to 1.5 billion, the report said. READ MORE...
The Apache Software Foundation over the weekend announced security updates that address a critical-severity file upload vulnerability in the Struts 2 open source development framework, warning that it could be exploited to execute arbitrary code remotely. The issue, tracked as CVE-2023-50164, is described as a flaw in the file upload logic, which could allow an "attacker to enable paths with traversals". No technical details have been published. READ MORE...
The Tor-based BlackCat/Alphv leak site has been inaccessible since December 7. Threat intelligence company RedSense reported the following day that the website was taken down by law enforcement. In an update on Sunday, the company said, "RedSense Chief Research Officer Yelisey Bohuslavkiy confirms that the threat actors, including BlackCat's affiliates and initial access brokers, are convinced that the shutdown was caused by a law enforcement action." READ MORE...
Stealthy and multifunctional Linux malware that has been infecting telecommunications companies went largely unnoticed for two years until being documented for the first time by researchers on Thursday. Researchers from security firm Group-IB have named the remote access trojan "Krasue," after a nocturnal spirit depicted in Southeast Asian folklore. The researchers chose the name because evidence to date shows it almost exclusively targets victims in Thailand. READ MORE...
Security teams are busier than ever, so it's no surprise that practitioners are leaning heavily on podcasts to keep up to date with cybersecurity news, ideas, and tools. The data backs this up - according to the 2023 Voice of the SOC report, 83% of security pros listen to at least one cybersecurity podcast. So which podcasts are security professionals listening to? READ MORE...
Two years after the Log4j vulnerability was revealed, North Korean hackers are continuing to use the flaw in a ubiquitous piece of open source software to carry out attacks as part of a hacking campaign targeting manufacturing, agricultural and physical security entities, according to research released Monday. Carried out over the course of 2023, the campaign employed at least three new malware families and relied, in part, on the Log4Shell exploit. READ MORE...
An espionage group linked to the Russian military continues to use a zero-click vulnerability in Microsoft Outlook in attempts to compromise systems and gather intelligence from government agencies in NATO countries, as well as the United Arab Emirates (UAE) and Jordan in the Middle East. A spate of recent attacks in September and October by the Fighting Ursa group is the third wave to use the dangerous Outlook privilege-escalation vulnerability, tracked as CVE-2023-23397. READ MORE...