Over 20 hospitals in Bucharest have reportedly been impacted by a ransomware attack after cybercriminals targeted an IT service provider. As a consequence medical staff have been forced to use pen-and-paper rather than computer systems. Romania's National Cybersecurity Directorate (DNSC) said in a statement that the attackers encrypted hospital data using the Backmydata ransomware - a variant of Phobos. READ MORE...
Bank of America is warning customers of a data breach exposing their personal information after Infosys McCamish Systems (IMS), one of its service providers, was hacked last year. Customer personally identifiable information (PII) exposed in the security breach includes the affected individuals' names, addresses, social security numbers, dates of birth, and financial information, including account and credit card numbers, according to details shared with the Attorney General of Texas. READ MORE...
Security researchers recently uncovered a stealthy espionage campaign targeting an Islamic charitable nonprofit organization in Saudi Arabia. The long-term campaign - apparently active since March 2021 - relies on a previously unreported custom backdoor, dubbed Zardoor, researchers at Cisco Talos reported. The malware exfiltrates data from the victim organization - which Cisco did not identify - approximately twice a month. READ MORE...
With more voters than ever in history heading to the polls in 2024, Resecurity has identified a growing trend of malicious cyber-activity targeting sovereign elections globally. In an era of unprecedented geopolitical volatility, this trend is particularly concerning, as Time Magazine notes that 64 countries (plus the European Union) are set to hold national elections this year. According to Time Magazine, "2024 is not just an election year. It's perhaps the election year." READ MORE...
Siemens has published 15 new advisories that describe - based on SecurityWeek's analysis - a whopping total of 270 unique vulnerabilities found in the company's products. The advisory covering more than half of them describes vulnerabilities in Scalance XCM-/XRM-300 switches. The flaws impact third-party components and most of them were discovered in 2022 and 2023. A majority of these issues have severity ratings of 'critical' or 'high.' READ MORE...
The Cybersecurity & Infrastructure Security Agency (CISA) has added a vulnerability in Roundcube Webmail to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. This means that Federal Civilian Executive Branch (FCEB) agencies need to remediate this vulnerability by March 4, 2024, in order to protect their devices against active threats. We urge other Roundcube Webmail users to take this seriously too. READ MORE...
The Raspberry Robin worm is incorporating one-day exploits almost as soon as they're developed, in order to improve on its privilege escalation capabilities. Researchers from Check Point suspect that the developers behind the initial access tool are contracting with Dark Web exploit traffickers, allowing them to quickly incorporate new exploits for obtaining system-level privileges before such exploits are disclosed to the public. READ MORE...
A recently patched zero-day vulnerability in Ivanti enterprise VPNs has been exploited in attacks deploying a backdoor named 'DSLog', security services provider Orange Cyberdefense reports. The issue, tracked as CVE-2024-21893, is a server-side request forgery (SSRF) bug identified in the SAML component of Ivanti Connect Secure, Policy Secure, and Neurons for ZTA that could be exploited without authentication to leak sensitive information. READ MORE...
Last week, a video by security researcher StackSmashing demonstrated an exploit that could break Microsoft's BitLocker drive encryption in "less than 50 seconds" using a custom PCB and a Raspberry Pi Pico. The exploit works by using the Pi to monitor communication between an external TPM chip and the rest of the laptop, a second-generation ThinkPad X1 Carbon from roughly 2014. READ MORE...