If history has anything to tell us, the most significant cyber threat to this year's elections won't be a leak, a distributed denial-of-service (DDoS) attack, or a fake news video. Instead, it will be some combination of these or more. In cyberspace's salad days, hackers caused all kinds of fuss using simple, direct methods: hiding viruses in advertisements, hacking websites with easily guessed passwords, and so on. READ MORE...
?The Los Angeles County Department of Health Services disclosed a data breach after thousands of patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. This integrated health system operates the public hospitals and clinics in L.A. County (the most populous county in the United States) and is the second largest public health care system in the country after NYC Health + Hospitals. READ MORE...
Healthcare service provider Kaiser Permanente disclosed a data security incident that may impact 13.4 million people in the United States. Kaiser Permanente is an integrated managed care consortium and one of the largest nonprofit health plans in the U.S. It operates 40 hospitals and 618 medical facilities in California, Colorado, the District of Columbia, Georgia, Hawaii, Maryland, Oregon, Virginia, and Washington. READ MORE...
A video by a Russian hacking group claiming responsibility for last week's cyberattack on Tipton West Wastewater Treatment Plant in Indiana surfaced on social media Thursday. It's evidence of the latest cyberattack by nation state cybercriminals targeting water facilities in small towns across the United States. The "People's Cyber Army of Russia" took credit last Saturday for the incident on the messaging app Telegram. READ MORE...
A now-abandoned USB worm that backdoors connected devices has continued to self-replicate for years since its creators lost control of it and remains active on thousands, possibly millions, of machines, researchers said Thursday. The worm-which first came to light in a 2023 post published by security firm Sophos-became active in 2019 when a variant of malware known as PlugX added functionality that allowed it to infect USB drives automatically. READ MORE...
North of 1,000 samples of the Godfather mobile banking Trojan are circulating in dozens of countries worldwide, targeting hundreds of banking apps. First discovered in 2022, Godfather - which can record screens and keystrokes, intercepts two-factor authentication (2FA) calls and texts, initiates bank transfers, and more - has quickly become one of the most widespread malware-as-a-service offerings in cybercrime, especially mobile cybercrime. READ MORE...
The Federal Communications Commission (FCC) today voted to restore a national standard to ensure the internet is fast, open, and fair. Today's decision to reclassify broadband service as a Title II telecommunications service allows the FCC to protect consumers, defend national security, and advance public safety. Through its actions today, the Commission creates a national standard by which it can ensure that broadband internet service is treated as an essential service. READ MORE...
Threat actors are exploiting a critical-severity vulnerability in a plugin named WordPress Automatic to inject malicious code into websites, WordPress security scanner WPScan warns. The issue, tracked as CVE-2024-27956 (CVSS score of 9.8), is described as an SQL injection (SQLi) flaw in the plugin's handling of user authentication in one file, allowing attackers to inject code into a site's database and gain administrator privileges. READ MORE...
Many Chinese keyboard apps, some from major handset manufacturers, can leak keystrokes to determined snoopers, leaving perhaps three quarters of a billion people at risk according to research from the University of Toronto's Citizen Lab. As the Lab's findings [PDF] explain, "There is no way to fit the tens of thousands of Chinese characters that exist onto a single keyboard." READ MORE...