UnitedHealth Group said it identified the source of the intrusion into Change Healthcare's system, which remains partially non-operational following a cyberattack that's impaired services nationwide. "A thorough forensic analysis is well underway," the company said in a Wednesday update. "Through this analysis, we have identified the source of the intrusion and, with high confidence, have established a safe restore point." READ MORE...
SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models. Embedded Subscriber Identity Modules (eSIMs) are digital cards stored on the chip of the mobile device and serve the same role and purpose as a physical SIM card but can be remotely reprogrammed and provisioned, deactivated, swapped, deleted. READ MORE...
Alabama has been grappling with network disruptions, following cyber incidents targeting both state and city governments, and days later, they still appear to be struggling to recover. Alabama's governor, Kay Ivey, confirmed that a cyberattack on state systems began March 12, but added that neither networks nor system data were compromised, according to reports. Similarly, on March 6, the city of Birmingham reported a network issue impacted city systems. READ MORE...
Congress voted in favor of banning the popular social media app TikTok on Wednesday, following its passage last week by the House Energy Committee. The bill requires any company controlled by a "foreign adversary" to be divested within 180 days. Pressure against the app, owned by Chinese parent company ByteDance, has been mounting for years. Security concerns have focused on the app's capacity to spread misinformation and ByteDance's data management practices. READ MORE...
Fortinet has patched a critical remote code execution (RCE) vulnerability in its FortiClient Enterprise Management Server (EMS) for managing endpoint devices. The flaw, identified as CVE-2024-48788, stems from an SQL injection error in a direct-attached storage component of the server. It gives unauthenticated attackers a way to execute arbitrary code and commands with system admin privileges on affected systems, using specially crafted requests. READ MORE...
A LockBit ransomware kingpin has been sentenced to almost four years behind bars and ordered to pay more than CA$860,000 ($635,000, £500,000) in restitution to some of his victims by a Canadian court as he awaits extradition to the US. During a sentencing hearing this week, Justice Michelle Fuerst said 34-year-old Mikhail Vasiliev was a cyber-terrorist who was "motivated by his own greed," according to CTV News. READ MORE...
A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools. StopCrypt, also known as STOP Djvu, is the most widely distributed ransomware in existence that you rarely hear about. While you constantly hear how big some ransomware operations are, such as LockBit, BlackCat, and Clop, you rarely hear security researchers discussing STOP. READ MORE...
In mid-December, election officers from across Arizona trooped into a bland hotel ballroom for a training session and were greeted by the most routine of messages: brief remarks and a PowerPoint presentation from Arizona Secretary of State Adrian Fontes. But the election workers had been duped. Fontes' remarks had been generated by AI, and it required serious prompting by the organizers for those in the audience to realize that the video they had just seen was fake. READ MORE...
Our lives are increasingly lived in the digital world. And while this comes with a host of benefits, it also exposes us to the threat of data theft. Whether it's sensitive personal, medical or financial information, anything the bad guys get their hands on could be used in follow-on fraud or even blackmail. In short, failing to share your most sensitive files securely could have major consequences. READ MORE...
12.8 million new secrets occurrences were leaked publicly on GitHub in 2023, +28% compared to 2022, according to GitGuardian. Remarkably, the incidence of publicly exposed secrets has quadrupled since the company started reporting in 2021. The growing number of code repositories on GitHub, with 50 million new repositories added in the past year (+22%), increases the risk of both accidental and deliberate exposure of sensitive information. READ MORE...
While the threat landscape continues to shift and evolve, attackers' motivations do not, according to a Red Canary report. The classic tools and techniques adversaries deploy remain consistent-with some notable exceptions. The report tracked MITRE ATT&CK techniques that adversaries abuse most frequently throughout the year, and two new and notable entries soared to the top 10 in 2023: email forwarding rule and cloud accounts. READ MORE...