A Russian cyber gang is believed to be behind a ransomware attack that disrupted London hospitals and led to operations and appointments being canceled, the former head of British cybersecurity said Wednesday. A group known as Qilin is most likely behind the attack on Synnovis, which provides pathology lab services for several hospitals run by the National Health Service, said Ciaran Martin, former chief executive of the National Cyber Security Centre. READ MORE...
The 2024 Paris Olympics is facing elevated risks of cyber threats, especially from Russian threat actors, Google and Microsoft warn. According to Google Cloud's Mandiant cybersecurity team, the 2024 Paris Olympics is facing cyber threats ranging from espionage, disruption, destruction, hacktivism, influence, and financially motivated activities. Russian threat groups represent a major threat to the Olympics, while threat actors from China, Iran, and North Korea pose a moderate to low risk. READ MORE...
A cybercriminal using the handle Sp1d3r is offering to sell 3 TB of data taken from Advance Auto Parts, Inc. Advance Auto Parts is a US automotive aftermarket parts provider that serves both professional installers and do it yourself customers. The data set allegedly also includes information about 358,000 employees and candidates-which is a lot more than are currently employed by Advance Auto Parts (69,000 in 2023). READ MORE...
The social media platform TikTok has confirmed that high-profile accounts are being exploited and hijacked by threat actors in a takeover campaign. The threat was first discovered by Forbes on June 4, which revealed that users had received direct messages believed to contain a strain of malware that is being spread by the threat actors. The malware reportedly allows the hijackers to take over an account without the targeted victim even having to click on a link or download a file. READ MORE...
Microsoft has finally decided to add the venerable NTLM authentication protocol to the Deprecated Features list. The announcement means that admins dragging their feet to move to something more secure must start making plans. Active feature development for all versions of NTLM (NT Lan Manager) has now ceased, although the protocol will linger for a while. Microsoft said: "Use of NTLM will continue to work in the next release of Windows Server and the next annual release of Windows." READ MORE...
Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. The vulnerabilities have been discovered and reported by Timothy Hjort, a vulnerability researcher with Outpost24's Ghost Labs. Hjort also found a backdoor account used for remote support (that was supposedly removed four years ago) and two other flaws. READ MORE...
The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. FBI Cyber Division Assistant Director Bryan Vorndran announced this on Wednesday at the 2024 Boston Conference on Cyber Security. "From our ongoing disruption of LockBit, we now have over 7,000 decryption keys and can help victims reclaim their data and get back online," the FBI Cyber Lead said. READ MORE...
Following their divorce, a husband carried out a campaign of stalking and abuse against his ex-wife-referred to only as "S.K."-by allegedly hiding seven separate Apple AirTags on or near her car, according to documents filed by US prosecutors for the Eastern District of Pennsylvania. The documents, unearthed by 404 Media in collaboration with Court Watch, reveal how everyday consumer tools, like Bluetooth trackers, are sometimes leveraged for abuse against spouses and romantic partners. READ MORE...
A seven-year-old Oracle vulnerability is the latest to be added to CISA's Known Exploited Vulnerability (KEV) catalog, meaning the security agency considers it a significant threat to federal government. CVE-2017-3506 affects Oracle's WebLogic Server, allowing for remote command execution on affected operating systems. Carrying a 7.4 severity, patches were originally released for it in April 2017, but recent research suggests it's now being exploited by Chinese cybercriminals. READ MORE...
Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests' personal information and the keys for other rooms. These terminals allow people to book and check into the hotel themselves, handle the payment process via a POS subsystem, print invoices, and provision RFID transponders used as room keys. READ MORE...