UnitedHealth Group, the parent of ransomware-struck Change Healthcare, delivered some very unwelcome news for customers today as it continues to recover from the massively expensive side and disruptive digital break-in. "Based on the initial targeted data sampling to date, the company has found files containing protected health information and personally identifiable information, which could cover a substantial proportion of people in America," it said in a statement. READ MORE...
A phishing campaign exploiting a bug in Nespresso's website has been able to evade detection by taking advantage of security tools that fail to look for malicious nested or hidden links. The campaign starts with a phishing email that appears to have been sent from an employee with Bank of America, with a message to "please check your recent [Microsoft] sign-in activity." If a target clicks, they are then directed to a legitimate but infected URL controlled by Nespresso. READ MORE...
The head of counterintelligence for a division of the Russian Federal Security Service (FSB) was sentenced last week to nine years in a penal colony for accepting a USD $1.7 million bribe to ignore the activities of a prolific Russian cybercrime group that hacked thousands of e-commerce websites. The protection scheme was exposed in 2022 when Russian authorities arrested six members of the group, which sold millions of stolen payment cards at flashy online shops like Trump's Dumps. READ MORE...
An advanced persistent threat (APT) group known as ToddyCat is collecting data on an industrial scale from government and defense targets in the Asia-Pacific region. Researchers from Kaspersky tracking the campaign described the threat actor this week as using multiple simultaneous connections into victim environments to maintain persistence and to steal data from them. They also discovered a set of new tools that ToddyCat is using to enable data collection from victim systems and browsers. READ MORE...
Kremlin-backed hackers have been exploiting a critical Microsoft vulnerability for four years in attacks that targeted a vast array of organizations with a previously undocumented tool, the software maker disclosed Monday. When Microsoft patched the vulnerability in October 2022-at least two years after it came under attack by the Russian hackers-the company made no mention that it was under active exploitation. READ MORE...
BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It now turns out, GitLab is also affected by this issue and could be abused in a similar manner. While most of the malware-associated activity was based around the Microsoft GitHub URLs, this "flaw" could be abused with any public repository on GitHub or GitLab. READ MORE...
A misconfigured cloud server that used a North Korean IP address has led to the discovery that film production studios including the BBC, Amazon, and HBO Max could be inadvertently hiring workers from the hermit kingdom for animation projects. The server - which according to think tank Stimson Center is no longer being utilized - was discovered by the author of NK Internet blog, Nick Roy, in late 2023. READ MORE...
23% of Americans said they recently came across a political deepfake they later discovered to be fake, according to McAfee. The actual number of people exposed to political and other deepfakes is expected to be much higher given many Americans are not able to decipher what is real versus fake, thanks to the sophistication of AI technologies. Misinformation and disinformation emerged as key concerns for Americans. READ MORE...
Microsoft's PlayReady content access and protection technology is affected by vulnerabilities that could allow rogue subscribers to illegally download movies from popular streaming services, according to Poland-based cybersecurity research company AG Security Research. The research was conducted over a period of several months by Adam Gowdiak, founder and CEO of AG Security Research, formerly known as Security Explorations, which is now the name of the firm's research lab. READ MORE...
The recently disclosed Palo Alto Networks firewall vulnerability tracked as CVE-2024-3400, which has been exploited in attacks for at least one month, has been found to impact one of Siemens' industrial products. In an advisory published late last week, Siemens revealed that its Ruggedcom APE1808 devices configured with a Palo Alto Networks virtual next-generation firewall (NGFW) could be affected by CVE-2024-3400. READ MORE...