Midnight Blizzard (aka APT29), a group of Russian hackers tied to the country's Foreign Intelligence Service (SVR), has leveraged information stolen from Microsoft corporate email systems to burrow into the company's source code repositories and internal systems. "It is apparent that Midnight Blizzard is attempting to use secrets of different types it has found. Some of these secrets were shared between customers and Microsoft in email," the company's Security Response Center shared on Friday. READ MORE...
Change Healthcare systems are expected to come back online starting in mid-March, about a month after a cyberattack disabled the technology firm, parent company UnitedHealth Group said Thursday. Electronic payments will be available beginning March 15, and electronic prescribing is fully functional as of Thursday. Change will start testing its claims network and software on March 18, with plans to restore service through that week. READ MORE...
Fidelity Investments Life Insurance Co. said the personal data of more than 28,000 customers was accessed through a hack at Infosys McCamish Systems, a third-party service provider, according to a notification filed with the Maine Attorney General's office. Infosys McCamish notified Fidelity Investments in early November about the incident, where an unauthorized third party gained access to some of Infosys McCamish's systems between Oct. 29 and Nov. 2, 2023, according to the notification letter. READ MORE...
There's yet another group of miscreants out there hijacking insecure Ivanti devices: A new, financially motivated gang dubbed Magnet Goblin has emerged from the shadowy digital depths with a knack for rapidly exploiting newly disclosed vulnerabilities before vendors have issued a fix. The cybercrime crew has targeted US medical, manufacturing, and energy-sector organizations, according to Check Point, which said it spotted Magnet Goblin abusing security holes in Ivanti's code. READ MORE...
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. The Taiwanese Network Attached Storage (NAS) device maker disclosed three vulnerabilities that can lead to an authentication bypass, command injection, and SQL injection. While the last two require the attackers to be authenticated on the target system, which significantly lessens the risk. READ MORE...
Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. America's Cyber Defense Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it to its Known Exploited Vulnerabilities (KEV) catalog. READ MORE...
Fresh proof-of-concept (PoC) exploits are circulating in the wild for a widely targeted Atlassian Confluence Data Center and Confluence Server flaw. The new attack vectors could enable a malicious actor to stealthily execute arbitrary code within Confluence's memory without touching the file system. Researchers at VulnCheck have been tracking the exploits for the CVE-2023-22527 remote code execution (RCE) vulnerability, which was disclosed in January. READ MORE...
When you step inside Cloudflare's San Francisco office, the first thing you notice is a wall of lava lamps. Visitors often stop to take selfies, but the peculiar installation is more than an artistic statement, it's an ingenious security tool. The changing patterns created by the lamps' floating blobs of wax help Cloudflare encrypt Internet traffic. The idea was hatched in 2013, when company CEO Matthew Prince and CTO John Graham-Cumming were discussing ways to generate random numbers. READ MORE...