The potent and enduring Russian military intelligence hacking operation known as Sandworm was likely responsible for attacks on water utilities in the United States, Poland and a small water mill in France, researchers with Google's Mandiant said Wednesday. Wednesday's report concludes that Sandworm is behind a set of online personas that have been linked to a string of recent attacks on critical infrastructure, including a water system in Texas. READ MORE...
Michigan healthcare organization Cherry Street Services (Cherry Health) has started notifying over 180,000 individuals that their personal information was compromised in a ransomware attack. The incident occurred on December 21, 2023, and resulted in the disruption of certain systems, suggesting that file-encrypting ransomware might have been involved. Cherry Health initially disclosed the attack in early January. READ MORE...
The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor. According to researchers at BlackBerry, the attack happened late last year and relied on living-off-the-land binaries, scripts, and libraries (LoLBas). The threat actor focused on targets with high level privileges, luring them with links to a malicious URL impersonating the legitimate Advanced IP Scanner tool. READ MORE...
LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. CryptoChameleon is an advanced phishing kit that was spotted earlier this year, targeting Federal Communications Commission (FCC) employees using custom-crafted Okta single sign-on (SSO) pages. According to researchers at mobile security company Lookout, campaigns using this phishing kit also targeted multiple cryptocurrency platforms. READ MORE...
Ivanti has released 27 fixes for various reported vulnerabilities in its 2024 first-quarter release. None of the vulnerabilities are being actively exploited, according to the vendor. The company recommends users download the Avalanche installer and update to the latest version of Avalanche 6.4.3, which will, in turn, apply all the fixes listed in the update. READ MORE...
Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants - cheap, independently produced, and crudely constructed - on the dark web. The developers of these junk gun variants are attempting to disrupt the traditional affiliate-based ransomware-as-a-service (RaaS) model that has dominated the ransomware racket for nearly a decade. Instead of selling or buying ransomware to or as an affiliate, attackers create and sell unsophisticated variants for a one-time cost. READ MORE...
Kremlin-backed actors have stepped up efforts to interfere with the US presidential election by planting disinformation and false narratives on social media and fake news sites, analysts with Microsoft reported Wednesday. The analysts have identified several unique influence-peddling groups affiliated with the Russian government seeking to influence the election outcome, with the objective in large part to reduce US support of Ukraine and sow domestic infighting. READ MORE...