A sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software from GitHub and NPM, researchers said. The campaign, first reported three weeks ago by security firm Checkmarx and again on Friday by Datadog Security Labs, uses multiple avenues to infect the devices of researchers in security and other technical fields. READ MORE...
SRP Federal Credit Union is notifying over 240,000 people that their personal information was stolen in a recent cyberattack. According to the credit union, a threat actor had access to its systems from at least September 5, 2024, until November 4, 2024, and "potentially acquired certain files from our network during that time". After securing its systems and notifying law enforcement, SRP Federal Credit Union reviewed the compromised files and discovered that they contained personal information. READ MORE...
ConnectOnCall is notifying more than 900,000 individuals that their personal information and medical information was compromised in a data breach earlier this year. A digital, on-call answering solution, ConnectOnCall enables healthcare providers to manage after-hour calls and simplify patient communication and care coordination. The newly disclosed incident, the company says, was discovered on May 12. READ MORE...
Your main business is healthcare, so your excuse when you get hacked is that you didn't have the budget to secure your network. Am I right? So, in order to prevent a ransomware gang from infiltrating your network, you could just give them what they want-all your data. The seemingly preferred method to accomplish this is to leave the information unprotected and unencrypted in an exposed Amazon S3 bucket. READ MORE...
An Iranian government-linked cybercriminal crew used custom malware called IOCONTROL to attack and remotely control US and Israel-based water and fuel management systems, according to security researchers. While IOCONTROL is a custom-built backdoor for hijacking IoT devices, it also has a "direct impact" on operational technology (OT) including fuel pumps used in gas stations, according to Claroty's Team82. READ MORE...
Germany's Federal Office for Information Security (BSI) has disrupted the BadBox malware operation pre-loaded in over 30,000 Android IoT devices sold in the country. The types of impacted devices include digital picture frames, media players and streamers, and potentially smartphones and tablets. BadBox is an Android malware that comes pre-installed in an internet-connected device's firmware that is used to steal data, install additional malware. READ MORE...
Serbian police and intelligence authorities have combined phone-cracking technology with spyware to eavesdrop on activists and journalists there, Amnesty International revealed in a report Monday, in what the human rights group says could be a disturbing preview of a future era of digital surveillance. Amnesty International's 87-page document surveys the broader picture of digital spying on civil society in Serbia. READ MORE...
Exploitation of critical vulnerabilities in Cleo file-transfer software continued Friday as security researchers began to raise concerns over the lack of a CVE designation for a second flaw disclosed earlier this week. Cleo on Thursday urged users to immediately upgrade to the latest versions of Harmony, VLTrader and LexiCom software after Huntress researchers alerted the company that hackers could still get around a patch issued in October. READ MORE...
Researchers have demonstrated how to recreate a neural network using the electromagnetic (EM) signals emanating from the chip it runs on. The method, called "TPUXtract," comes courtesy of North Carolina State University's Department of Electrical and Computer Engineering. Using many thousands of dollars worth of equipment and a novel technique called "online template-building," a team of four managed to infer the hyperparameters of a convolutional neural network (CNN) with 99.91% accuracy. READ MORE...