The University of California San Francisco (UCSF) says that it paid $1.14 million to the Netwalker ransomware operators who successfully breached the UCSF School of Medicine's IT network, stealing data and encrypting systems. UCSF is a research university focused on health sciences and involved in COVID-19 research, ranked as #2 in medical schools for research and #6 in best medical schools for primary care based on U.S. News & World Report's college rankings. READ MORE...
A data breach broker is selling databases containing user records for 14 different companies he claimed were breached by hackers in 2020. When a company is breached, threat actors will typically download accessible databases, including account records. These databases are then sold directly to other threat actors, or the hackers utilize data breach brokers to sell them on their behalf. READ MORE...
Palo Alto Networks disclosed a critical vulnerability found in the operating system (PAN-OS) of all its next-generation firewalls that could allow unauthenticated network-based attackers to bypass authentication. According to the company's website, PAN-OS is the software that powers all of its next-generation firewalls. While the 'Validate Identity Provider Certificate' option shouldn't normally be disabled, this is the recommended choice in official deployment guidelines provided by multiple organizations. READ MORE...
The REvil ransomware gang (also known as Sodinokibi) has added an auction feature to its underground website that allows anonymous bidding on information stolen in its targeted ransomware campaigns. The auction capability appeared at the beginning of June, according to an analysis from Cyberint. In announcing the feature, REvil included details on its first lot, the firm said, containing accounting information, files and databases stolen from a Canadian agricultural company. READ MORE...
If you run a website or a blog, you probably use a cloud provider or a dedicated hosting company to manage your server and deliver the content to your readers, viewers and listeners. We certainly do - both Naked Security and our sister site Sophos News are hosted by WordPress VIP. That's not a secret (nor is it meant to be), not least because most providers identify themselves in the HTTP headers they send back in their web replies, if only as a matter of courtesy. READ MORE...
The COVID-19 pandemic has radically changed the nature of everyday work, forcing employees to do large parts of their jobs via remote access. Cybercriminals - especially ransomware operators - are aware of the shift and attempt to exploit the new opportunities and increase their illicit earnings. ESET telemetry confirms this trend in an uptick in the number of unique clients who reported brute-force attack attempts blocked via ESET's network attack detection technology. READ MORE...
Driver vulnerabilities can facilitate attacks on ATMs, point-of-sale (PoS) systems and other devices, firmware security company Eclypsium warned on Monday. Eclypsium last year analyzed device drivers from major vendors and found that over 40 drivers made by 20 companies contained serious vulnerabilities that could be exploited to deploy persistent malware. The firm now warns that the Windows drivers used in ATMs and PoS devices can be highly useful to threat actors targeting these types of systems. READ MORE...