A large volume of United Nations Development Programme data related to staffers and other internal operations was stolen and posted to a ransomware website in late March, the agency announced this week. The UNDP issued a statement Tuesday saying that "local IT infrastructure in UN City, Copenhagen, was targeted," and that a "data extortion actor had stolen data which included certain human resources and procurement information." READ MORE...
Telecommunications giant Frontier Communications on Thursday informed the Securities and Exchange Commission (SEC) that certain systems were shut down following a cyberattack. The incident, the company said in a regulatory filing with the SEC, was identified on April 14, when a third-party "gained unauthorized access to portions of its information technology environment". READ MORE...
Octapharma Plasma has blamed IT "network issues" for the ongoing closure of its 150-plus centers across the US. It's feared a ransomware infection may be the root cause of the medical firm's ailment. "All centers are experiencing network issues and are currently closed," according to a banner across the top of the company's website. One source familiar with the situation, however, told The Register Octapharma Plasma fell to a BlackSuit ransomware infection on Monday. READ MORE...
The World-Check database used by businesses to verify the trustworthiness of users has fallen into the hands of cybercriminals. The Register was contacted by a member of the GhostR group on Thursday, claiming responsibility for the theft. The authenticity of the claims was later verified by a spokesperson for the London Stock Exchange Group (LSEG), which maintains the database. READ MORE...
The Hospital Simone Veil in Cannes (CHC-SV) has announced that it was targeted by a cyberattack on Tuesday morning, severely impacting its operations and forcing staff to go back to pen and paper. CHC-SV is an important medical establishment in France, particularly in the region of Cannes. With a capacity of 869 beds, it handles 150,000 outpatient and 50,000 emergency room visits, performs 9,000 surgeries, and assists in 1,500 births annually. READ MORE...
Since early 2023, Akira ransomware has made over 250 victims worldwide and received more than $42 million in ransom payments, according to CISA, the FBI, Europol, and the Netherlands' National Cyber Security Centre (NCSC-NL). Akira ransomware operators have been observed targeting organizations in various industries, including services and goods, manufacturing, education, construction, critical infrastructure, finance, healthcare, and legal sectors. READ MORE...
A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too. Redline is a powerful information-stealing malware capable of harvesting sensitive information from infected computers, including passwords, cookies, autofill information, and cryptocurrency wallet information. The malware is very popular among cybercriminals and is spread worldwide using diverse distribution channels. READ MORE...
A known issue associated with the DOS-to-NT path conversion process in Windows opens up significant risk for businesses by allowing attackers to gain rootkit-like post-exploitation capabilities to conceal and impersonate files, directories, and processes. That's according to Or Yair, security researcher at SafeBreach, who outlined the issue during a session here this week. He also detailed four different vulnerabilities related to the issue, which he dubbed "MagicDot." READ MORE...
Palo Alto Networks and security researchers said a growing number of attackers are targeting a command injection vulnerability in the PAN-OS operating system, which powers the security vendor's firewall products. "Palo Alto Networks is aware of an increasing number of attacks that leverage the exploitation of this vulnerability," the company's Unit 42 threat intelligence team said in a Tuesday update on its original threat brief. READ MORE...
Cisco Talos this week warned of a massive increase in brute-force attacks targeting VPN services, SSH services, and Web application authentication interfaces. In its advisory, the company described the attacks as involving the use of generic and valid usernames to try and gain initial access to victim environments. The targets of these attacks appear to be random and indiscriminate and not restricted to any industry sector or geography, Cisco said. READ MORE...