Cloud storage provider Snowflake said that accounts belonging to multiple customers have been hacked after threat actors obtained credentials through info-stealing malware or by purchasing them on online crime forums. Ticketmaster parent Live Nation-which disclosed Friday that hackers gained access to data it stored through an unnamed third-party provider-told TechCrunch the provider was Snowflake. The live-event ticket broker said it identified the hack on May 20. READ MORE...
A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. Cybersecurity researchers collected these credentials from numerous Telegram cybercrime channels, where the stolen data is commonly leaked to the channel's users to build reputation and subscribers. READ MORE...
The RansomHub ransomware group over the weekend claimed responsibility for the April 2024 cyberattack on telecommunications giant Frontier Communications. In an April filing with the Securities and Exchange Commission (SEC), Frontier revealed that the intrusion was identified on April 14 and resulted in certain systems being shut down to contain the attack. The Dallas-based company reiterated that the attackers likely stole certain data from its systems, inclusing personal information. READ MORE...
Malware miscreants are increasingly showing a penchant for abusing legitimate, commercial packer apps to evade detection. JirĂ Vinopal, threat researcher at Check Point Research, says the trend has become especially popular over the past 12 months, and BoxedApp is one of the products that appear to be among the most favored. Some of the most prevalent malware strains in the world are abusing BoxedApp to evade static analysis, the researcher claims. READ MORE...
As health care providers continue to get hammered by ransomware, a new report from an influential think tank warns that rural hospitals are likely to be hardest hit by such attacks unless the industry makes major cybersecurity investments. The study from CSC 2.0, an offshoot of the Cyberspace Solarium Commission, finds that whether the U.S. health care sector will be able to protect itself against future cyberattacks hinges largely on how much funding Congress will allocate to address the issue. READ MORE...
After a spectacular botnet takedown just a few days ago, Operation Endgame, an international cybersecurity law enforcement cooperative, has now trained its focus on the individual threat actors behind the botnets. Late last month, Operation Endgame dismantled dropper botnet infrastructure that supported initial-access Trojan malware strains, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot, in a sweeping action. READ MORE...
Still throwing toys out the pram over its relationship with international sport, Russia is engaged in a multi-pronged disinformation campaign against the Olympic Games and host nation France that's intensifying as the opening ceremony approaches. Microsoft said on Sunday that it's tracking a number of Russia-affiliated cyber groups working to undermine trust in the Games through a variety of means - everything from fake news articles inciting fears of terrorism to Tom Cruise deepfakes. READ MORE...
Telecoms giant Cox Communications recently patched a series of vulnerabilities that could have allowed hackers to remotely take control of millions of modems used by the company's customers, according to a researcher. The vulnerabilities were discovered and responsibly reported to Cox in early March by Sam Curry, a reputable researcher who previously uncovered serious security flaws in products from Apple, airline and hotel rewards platform Points.com, and vehicles from over a dozen car makers. READ MORE...
The research team at SonicWall Capture Labs has discovered a remote code execution vulnerability in the Atlassian Confluence Data Center and Server. The vulnerability, identified as CVE-2024-21683, has a high CVSS score of 8.3 out of 10, and allows an authenticated threat actor the ability to execute arbitrary code. In order to leverage the vulnerability, a cyberattacker must have network access to the vulnerable system, and possess the privilege to add new macro languages. READ MORE...