An international operation involving the U.S. Department of Justice alongside law enforcement officials in Germany, the Netherlands and the United Kingdom took down a Russian botnet made up of millions of hacked internet-connected devices, the DOJ said in a statement Thursday. Federal prosecutors in the Southern District of California said operators of a botnet botnet known as "RSOCKS" leased access to tens of thousands of compromised internet-connected devices at at time. READ MORE...
The personal information of millions of individuals may have been stolen by threat actors as a result of a data breach at Eye Care Leaders, a firm that provides electronic health record and practice management solutions. The Durham, North Carolina-based company, which sells eye care management software solutions, claims to work with more than 9,000 ophthalmologists and optometrists. At least 23 of these eye care providers have been impacted by a data breach that Eye Care Leaders disclosed in December 2021. READ MORE...
HR consulting firm Robert Half has started informing customers that their personal and financial information might have been compromised after hackers targeted their RobertHalf[.]com accounts. Information provided by the company to the Maine Attorney General shows that threat actors targeted Robert Half between April 26 and May 16. The incident, discovered on May 31, impacts 1,058 individuals. READ MORE...
Cybercriminals who are using the ALPHV ransomware created a dedicated leak website in an apparent attempt to pressure one of their victims into paying the ransom. First observed in November 2021 and also known as BlackCat and Noberus, ALPHV is the first ransomware family to have been developed using the Rust programming language. ALPHV, which is believed to have ties with the cybercrime group behind the Darkside/Blackmatter ransomware, has compromised at least 100 organizations to date. READ MORE...
A new security update to the Ninja Forms WordPress plug-in - which has more than 1 million active installations - patches a code injection vulnerability researchers say is being actively exploited in the wild. The Wordfence team analyzed a recent Ninja Forms update and discovered the patch was for a critical code injection bug that could allow several exploits, including remote code execution (RCE) through deserialization of the content provided by users of the WordPress site form builder. READ MORE...
The threat actor behind BRATA banking trojan has evolved their tactics and improved the malware with information-stealing capabilities. Italian mobile security company Cleafy has been tracking BRATA activity and noticed in the most recent campaigns changes that lead to longer persistence on the device. "The modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," explains Cleafy in a report this week. READ MORE...
Taiwan-based QNAP Systems is warning consumers and organizations using their network-attached storage (NAS) appliances of a new DeadBolt ransomware campaign. There also appears to be a new ech0raix/QNAPCrypt campaign in progress, according to various sources, though QNAP is yet to comment on that. NAS devices are mostly used by consumers and small-to-medium businesses to store, manage and share files and backups. READ MORE...
Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched. The vulnerability is tracked as CVE-2022-20825 and has a CVSS severity rating of 9.8 out of 10.0. According to a Cisco security advisory, the flaw exists due to insufficient user input validation of incoming HTTP packets on the impacted devices. READ MORE...