Turns out 3CX was not the original target in a recent supply chain compromise affecting customers of the video conferencing software maker: The attack came via a prior supply chain compromise involving Trading Technologies, a provider of high-performance trading software. That makes the breach at 3CX one of the first known instances where an adversary used one supply chain attack to enable a second supply chain attack in an effort to try and breach multiple organizations. READ MORE...
UK-based business process outsourcing and professional services company Capita has confirmed that hackers have stolen data from its systems after a well-known ransomware group offered to sell information allegedly stolen from the organization. The incident came to light on March 31, when Capita said it was experiencing a major IT incident that prevented staff from logging into their systems. The company told the press at the time that it was too early to confirm that it was a cyberattack. READ MORE...
Three Nigerian nationals face charges in a US federal court related to a business email compromise (BEC) scam that is said to have stolen more than US $6 million from victims. 29-year-old Kosi Goodness Simon-Ebo was extradited from Canada to the United States earlier this month, according to a Department of Justice press release, and will appear before a federal court on Friday. READ MORE...
Websites of multiple U.S. universities are serving Fortnite and 'gift card' spam. Researchers observed Wiki and documentation pages being hosted by universities including Stanford, MIT, Berkeley, UMass Amherst, Northeastern, Caltech, among others, were compromised. BleepingComputer confirmed the malicious campaign was live, and had targeted additional scholastic websites including that of the University of Michigan. READ MORE...
Non-profit health insurer Point32Health says it has taken systems offline to contain a ransomware attack identified this week. Established in 2021 as the merger between Harvard Pilgrim Health Care and Tufts Health Plan, Point32Health is the second largest health insurer in Massachusetts, serving more than 2 million customers. In a notification published this week, the organization revealed that it fell victim to a ransomware attack on April 17, which forced it to take systems offline. READ MORE...
QBot, an infostealer-turned-dropper that aids criminal gangs in their malicious campaigns, is now being distributed as part of a phishing campaign using PDFs and Windows Script Files (WSF), according to recent discoveries by malware hunter Proxylife (@pr0xylife) and the Cryptolaemus group (@Cryptolaemus1). The last time QBot (aka QakBot) had its modus operandi changed was in November. READ MORE...
A security vulnerability in Google's Cloud Platform (GCP) could have allowed cyberattackers to hide an unremovable, malicious application inside a victim's Google account, dooming the account to a state of permanent, undetectable infection. The bug, dubbed "GhostToken," was discovered and reported by Astrix Security researchers. According to an analysis released by the team on April 20, the malicious app could have paved the way for a startling array of nefarious activity, READ MORE...