There are indications that U.S. healthcare giant Change Healthcare has made a $22 million extortion payment to the infamous BlackCat ransomware group (a.k.a. "ALPHV") as the company struggles to bring services back online amid a cyberattack that has disrupted prescription drug services nationwide for weeks. However, the cybercriminal who claims to have given BlackCat access to Change's network says the crime gang cheated them out of their share of the ransom. READ MORE...
The proliferation of programmable logic controllers (PLCs) with embedded Web servers in them has given attackers a way to launch potentially catastrophic, remote attacks against operational technology (OT) for industrial control systems (ICS) in critical infrastructure sectors. To highlight the threat, a team of researchers has developed malware that an adversary could use to remotely access an embedded Web server within a PLC, and attack the underlying physical system. READ MORE...
Card issuer American Express notified cardholders this month that their personal information may have been compromised due to a merchant processor being hacked. "We became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system," the company wrote in a template notice to customers filed Feb. 27 with the Massachusetts Office of Consumer Affairs and Business Regulation. READ MORE...
Criminals have probably stolen nearly 30,000 Fidelity Investments Life Insurance customers' personal and financial information - including bank account and routing numbers, credit card numbers and security or access codes - after breaking into Infosys' IT systems in the fall. According to Fidelity, in documents filed with the Maine attorney general's office, miscreants "likely acquired" information about 28,268 people's life insurance policies after infiltrating Infosys. READ MORE...
Social engineering is present in 90% of phishing attacks today. However, business email compromise (BEC) attacks stand apart in the cybercrime industry for their emphasis on social engineering and the art of deception. Part of what makes social engineering such a prominent part of BEC and other types of phishing attacks is its ability to manipulate human levers to achieve a desired outcome. READ MORE...
The U.S. has imposed sanctions on two individuals and five entities linked to the development and distribution of the Predator commercial spyware used to target Americans, including government officials and journalists. "Today, the Department of the Treasury's Office of Foreign Assets Control (OFAC) designated two individuals and five entities associated with the Intellexa Consortium," reads a press release by the Office of Foreign Assets Control (OFAC). READ MORE...
Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. The malicious tools used in the campaign take advantage of the configuration weaknesses and exploit an old vulnerability in Atlassian Confluence to execute code on the machine. Researchers at cloud forensics and incident response company Cado Security discovered the campaign. READ MORE...
Security researchers are warning about two new authentication bypass vulnerabilities in the on-premises version of JetBrains TeamCity, including a critical flaw that can enable a remote, unauthenticated attacker to take control of a vulnerable server. JetBrains urged customers to upgrade their servers to the latest version or apply a security patch, in a blog post released Sunday. However, Rapid7 criticized the software firm for releasing the fixed version without proper coordination. READ MORE...
The US cybersecurity agency CISA on Tuesday added flaws impacting Pixel phones and Sunhillo software to its Known Exploited Vulnerabilities (KEV) catalog. The exploited Pixel vulnerability is tracked as CVE-2023-21237. When it patched the flaw in June 2023, Google warned that it had been aware of "limited, targeted exploitation", but the company published its security bulletin for Pixel phones a week after the general Android security bulletin and CVE-2023-21237 went unnoticed. READ MORE...