IT Security Newsletter - 4/22/2025
Two Healthcare Orgs Hit by Ransomware Confirm Data Breaches Impacting Over 100,000
Two healthcare organizations have each confirmed suffering data breaches impacting more than 100,000 people after being targeted in ransomware attacks. One of them is Milwaukee, WI-based Bell Ambulance, which provides ambulance services in the area. The company revealed last week in a data security notice that it detected a network intrusion on February 13, 2025. The second healthcare organization is Birmingham, AL-based ophthalmology practice Alabama Ophthalmology Associates. READ MORE...
Cyberattack Knocks Texas City's Systems Offline
The city of Abilene, Texas, says it has been working on restoring systems that were taken offline to contain a cyberattack. The assault started on April 18, when some of the systems in the city's internal network were reported as unresponsive, and prompted the immediate activation of the incident response plan. To secure its network, Abilene disconnected critical assets and the systems that were impacted by the attack, the city's officials announced on Monday. READ MORE...
State-sponsored hackers embrace ClickFix social engineering tactic
ClickFix attacks are gaining traction among threat actors, with multiple advanced persistent threat (APT) groups from North Korea, Iran, and Russia adopting the technique in recent espionage campaigns. ClickFix is a social engineering tactic where malicious websites impersonate legitimate software or document-sharing platforms. Targets are lured via phishing or malvertising and shown fake error messages that claim a document or download failed. READ MORE...
'Fog' Hackers Troll Victims With DOGE Ransom Notes
Fog ransomware operators have recently begun using DOGE-themed ransom notes to mock victims, offering a free decryption key in exchange for spreading the malware to others. Unlike earlier campaigns by Fog that relied on compromised VPN credentials for access, the latest attacks begin with phishing emails containing a zip archive titled "Pay Adjustment.zip," which packs in a malicious LNK file. READ MORE...
'Elusive Comet' Attackers Use Zoom to Swindle Victims
Researchers at the Open Security Alliance are tracking an ongoing campaign from a group dubbed Elusive Comet, which is targeting cryptocurrency users through sophisticated social engineering tactics. The threat actor's goal is to dupe victims into installing malware, allowing it to steal their crypto after gaining access to their infected device. At present, Elusive Comet is responsible for the loss of millions of stolen funds, and poses "a significant risk to users." READ MORE...
WordPress ad-fraud plugins generated 1.4 billion ad requests per day
A large-scale ad fraud operation called 'Scallywag' is monetizing pirating and URL shortening sites through specially crafted WordPress plugins that generate billions of daily fraudulent requests. Scallywag was uncovered by bot and fraud detection firm HUMAN, which mapped a network of 407 domains supporting the operation that peaked at 1.4 billion fraudulent ad requests per day. HUMAN's efforts to block and report Scallywag traffic have resulted in its shrinking by 95%. READ MORE...
Krebs on Security: DOGE Allegedly Siphoned NLRB Case Data
A security architect with the National Labor Relations Board (NLRB) alleges that employees from Elon Musk's Department of Government Efficiency (DOGE) transferred gigabytes of sensitive data from agency case files in early March, using short-lived accounts configured to leave few traces of network activity. The NLRB whistleblower said the unusual large data outflows coincided with multiple blocked login attempts from an Internet address in Russia. READ MORE...
Bug hunter tricked SSL.com into issuing cert for Alibaba Cloud domain in 5 steps
Certificate issuer SSL.com's domain validation system had an unfortunate bug that was exploited by miscreants to obtain, without authorization, digital certs for legit websites. With those certificates in hand, said fraudsters could set up more-convincing malicious copies of those sites for things like credential phishing, or decrypt intercepted HTTPS traffic between those sites and their visitors. READ MORE...
Today's LLMs craft exploits from patches at lightning speed
The time from vulnerability disclosure to proof-of-concept (PoC) exploit code can now be as short as a few hours, thanks to generative AI models. Matthew Keely, of Platform Security and penetration testing firm ProDefense, managed to cobble together a working exploit for a critical vulnerability in Erlang's SSH library in an afternoon. The model was able to use code from an already published patch in the library to hunt down which holes had been filled and figure out how to exploit them. READ MORE...
- ...in 1793, President George Washington proclaims American neutrality in the European wars following the French Revolution.
- ...in 1970, the first Earth Day is celebrated.
- ...in 1976, Barbara Walters becomes the first female nightly news anchor on network television.
- ...in 1978, The Blues Brothers make their debut as the musical guest on Saturday Night Live.