2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches
More than 2.6 million individuals were impacted by two data breaches at insurance administrator Landmark Admin and software solutions provider Young Consulting, according to fresh filings with regulatory agencies. In October 2024, Landmark Admin notified roughly 800,000 people that it fell victim to a ransomware attack that also included the theft of sensitive data. The company said it flagged the unauthorized access to its systems on May 13, but was breached again on June 17. READ MORE...
Govtech giant Conduent confirms client data stolen in January cyberattack
American business services giant and government contractor Conduent disclosed today that client data was stolen in a January 2025 cyberattack. Conduent is a business services company that provides digital platforms and solutions for government and commercial clients in transportation, healthcare, customer experience, and human resources. The company has over 33,000 employees and provides services to half of Fortune 100 companies and over 600 government and transportation agencies. READ MORE...
Hertz data breach: Customers in US, EU, UK, Australia and Canada affected
American car rental company Hertz has suffered a data breach linked to last year's exploitation of Cleo zero-day vulnerabilities by a ransomware gang. The breach resulted in information of an unknown number of customers of Hertz and Hertz's subsidiaries Dollar and Thrifty to be compromised. "Cleo is a vendor that provides a file transfer platform used by Hertz for limited purposes," the company shared - though it did not specify what those limited purposes were. READ MORE...
Chinese APTs Exploit EDR 'Visibility Gap' for Cyber Espionage
Beijing-backed hacker groups are known by a variety of benign-sounding monikers, like FishMonger and MirrorFace, and notably, Volt Typhoon and Salt Typhoon - but a handful of these groups, some of them operating as arms of the military, are running ruthless cyber-espionage campaigns against the US's most sensitive critical infrastructure, including utilities and telecommunications networks. READ MORE...
Chinese snoops use stealth RAT to backdoor US orgs - still active last week
A cyberspy crew or individual with ties to China's Ministry of State Security has infected global organizations with a remote access trojan (RAT) that's "even better" than Cobalt Strike, using this stealthy backdoor to enable its espionage and access resale campaigns. The attacker, dubbed UNC5174, uses a mix of custom and open source malware, including its own SNOWLIGHT dropper and a new open source, in-memory backdoor VShell. READ MORE...
A New 'It RAT': Stealthy 'Resolver' Malware Burrows In
Worldwide phishing emails are coming packed with a new, advanced remote access Trojan (RAT) called "Resolver RAT." There's already evidence to suggest Resolver RAT might supplant some of the most popular infostealers in recent memory. In campaigns observed by Morphisec, threat actors are using the same sorts of phishing emails and the same hijacked dynamic link library (DLL) executables previously used to deliver the likes of Rhadamanthys and Lumma. READ MORE...
Aviation sector faces heightened cyber risks due to vulnerable software, aging tech
The aviation industry is facing significant threats to its ability to maintain cyber resilience and must address key issues ranging from aging technology, outdated software and growing risks from sophisticated threat actors, according to a report released Thursday from the Foundation for Defense of Democracies. The report calls on the Federal Aviation Administration to conduct a comprehensive modernization of the nation's air traffic control system with a strong focus on cyber resilience. READ MORE...
Over 14K Fortinet devices compromised via new attack method
The Shadowserver Foundation reported Saturday that more than 14,000 Fortinet devices across the globe have been compromised by a threat actor that exploited known vulnerabilities and deployed a symlink-based persistence mechanism. Fortinet warned that a threat actor had used older critical vulnerabilities to gain access to FortiGate devices and maintained read-only access after the devices were patched through the persistence mechanism. READ MORE...
