Rhysida pwns two US healthcare orgs, extracts over 300K patients' data
Break-ins to systems hosting the data of two US healthcare organizations led to thieves making off with the personal and medical data of more than 300,000 patients. Kansas-based Sunflower Medical Group and Rhode Island's Community Care Alliance (CCA) both disclosed separate attacks. Sunflower said in a letter to affected individuals that intruders on its network weren't detected for nearly a month. READ MORE...
X hit by 'massive cyberattack' amid Dark Storm's DDoS claims
The Dark Storm hacktivist group claims to be behind DDoS attacks causing multiple X worldwide outages on Monday, leading the company to enable DDoS protections from Cloudflare. While X owner Elon Musk did not specifically state that DDoS attacks were behind the outages, he did confirm that it was caused by a "massive cyberattack.". Dark Storm is a pro-Palestinian hacktivist group that launched in 2023 and has previously targeted organizations in Israel, Europe, and the US. READ MORE...
'SideWinder' Intensifies Attacks on Maritime Sector
SideWinder, a likely India-based cyber-espionage group that's been active since at least 2012, recently ramped up attacks on organizations in the maritime and logistic sectors in Africa and Asia. In many of the attacks, the threat group has used variously themed phishing emails to lure targets into clicking on a malicious document. The document contains an exploit for CVE-2017-11882, a memory corruption vulnerability in Microsoft Office that SideWinder has used for years in its campaigns. READ MORE...
SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver
Enterprise software maker SAP on Tuesday announced the release of 21 new and three updated security notes on its March 2025 security patch day. The company included five high-priority security notes in its advisory, namely three new notes that address vulnerabilities in Commerce, NetWeaver, and Commerce Cloud, and two updated notes that resolve flaws in Approuter and PDCE. The NetWeaver vulnerability was discovered in the transaction SA38, and allows access to restricted functionality. READ MORE...
1,600 Victims Hit by South American APT's Malware
A South American cyberespionage group has delivered malware to over 1,600 victims in Colombia in a recent campaign, Check Point reports. Tracked as Blind Eagle and APT-C-36, and active since 2018, the advanced persistent threat (APT) actor is known for targeting government, financial, and critical infrastructure organizations in Colombia and Ecuador. The threat actor mainly relies on phishing emails containing malicious attachments or URLs to deliver remote access trojans. READ MORE...
GitHub-Hosted Malware Infects 1M Windows Users
A broad malvertising campaign used a combination of illegal streaming websites and GitHub to impact nearly 1 million Windows PCs with data-stealing malware. The campaign, identified by Microsoft, targeted both consumer and enterprise devices across a wide range of industries and organizations. Microsoft Threat Intelligence (MTI) in December detected the attack, originated from illegal streaming websites embedded with malvertising redirectors. READ MORE...
Developer convicted for "kill switch" code activated upon his termination
A 55-year-old software developer faces up to 10 years in prison for deploying malicious code that sabotaged his former employer's network, allegedly costing hundreds of thousands of dollars in losses. The US Department of Justice announced Friday that Davis Lu was convicted by a jury after "causing intentional damage to protected computers" reportedly owned by the Ohio- and Dublin-based power management company Eaton Corp. READ MORE...
Former NSA cyber director warns drastic job cuts threaten national security
A retired top cybersecurity official from the National Security Agency warned a key House panel that widespread cuts to federal probationary workers could severely harm the U.S.'s ability to counter threats from China and other cyber adversaries. "I want to raise my grave concerns that the aggressive threats to cut U.S. government probationary employees will have a devastating effect," Rob Joyce, former director of cybersecurity at the NSA, said in testimony Wednesday READ MORE...
Multiple vulnerabilities found in ICONICS industrial SCADA software
Apopular set of SCADA software systems used in critical infrastructure around the world suffered from at least five known vulnerabilities that could have allowed for privilege escalation, DLL hijacking and the ability to modify critical files. The vulnerabilities were found within a suite of software made by ICONICS, which claims on its website that its SCADA software is embedded in "hundreds of thousands of installations running in over 100 countries worldwide." READ MORE...
Quantum leap: Passwords in the new era of computing security
Last August, the National Institute of Standards and Technology (NIST) released its first three finalized post-quantum encryption standards, designed to withstand attacks from quantum computers. It was the latest sign of a changing security world - but what does it all mean for passwords? It's easy to see why there's such excitement about quantum computing. By harnessing the properties of the quantum world, computers can make calculations that simply wouldn't be possible with 'normal' systems. READ MORE...
- ...in 1818, author Mary Wollstonecraft Shelley publishes "Frankenstein; Or, The Modern Prometheus", widely considered to be the first work of science fiction.
- ...in 1985, Mikhail Gorbachev is elected as General Secretary of the Soviet Union, becoming the USSR's final head of state.
- ...in 1997, former Beatle Paul McCartney is officially knighted by Queen Elizabeth II.
- ...in 2020, the World Health Organization officially declares the COVID-19 outbreak as a pandemic.
