Several federal agencies are warning healthcare organizations that they are under threat of attacks from North Korean state-sponsored actors employing a unique ransomware that targets files with surgical precision, according to U.S. federal authorities. Threat actors from North Korea have been using Maui ransomware since at least May 2021 to target organizations in the healthcare and public health sector. READ MORE...
Professional Finance Company Inc. (PFC), a full-service accounts receivables management company, says that a ransomware attack in late February led to a data breach affecting over 600 healthcare organizations. Founded in 1904, PFC helps thousands of healthcare, government, and utility organizations across the U.S. ensure that customers pay their invoices on time. READ MORE...
The group claiming responsibility for cyberattacks on multiple Iranian steel facilities last month posted on Thursday what it called a cache of nearly 20 gigabytes of data containing corporate documents that reveal the facilities' affiliation with Iran's powerful Islamic Revolutionary Guard Corps. In a series of tweets in both English and Persian, the group - which calls itself Gonjeshke Darande or Predatory Sparrow - said the 19.76 gigabyte cache was just the "first part" of what would be released. READ MORE...
On the last day of May, one of my inboxes began receiving emails, purportedly from one of the owners of the yoga studio I visit. It concerned a message I sent in January through the studio's website that had been resolved the following day in an email sent by the co-owner. Now, here she was, four months later, emailing me again. "Listed below the documents we chatted regarding last week," the email author wrote. "Contact me if you've got any queries about the attached files." READ MORE...
In a fresh campaign that takes a page from the advanced persistent threat known as APT29, hackers are shifting away from the Cobalt Strike post-exploitation toolkit, instead embracing Brute Ratel C4 (BRc4). BRc4 is the latest upstart in the red-team tooling world, like Cobalt Strike, it's an adversarial attack simulation tool designed for penetration testers. It's a command-and-control (C2) framework that's not easily detected by endpoint detection and response (EDR) technology or other anti-malware tools. READ MORE...
Fortinet published security advisories this week to inform customers about vulnerabilities affecting several of the company's products. The cybersecurity firm's latest batch of monthly advisories describe roughly a dozen vulnerabilities identified in FortiADC, FortiAnalyzer, FortiManager, FortiOS, FortiProxy, FortiClient, FortiDeceptor, FortiEDR, FortiNAC, FortiSwitch, FortiRecorder, and FortiVoiceEnterprise products. READ MORE...
QNAP Systems is warning about Checkmate, a new piece of ransomware targeting users of its network-attached storage (NAS) appliances. "Preliminary investigation indicates that Checkmate attacks via SMB services exposed to the internet, and employs a dictionary attack to break accounts with weak passwords," the company says. This particular ransomware has been documented in late May 2022, but it seems that it hasn't succeeded in spreading widely, since QNAP is only now addressing the issue. READ MORE...
New Zealand-based cybersecurity firm Emsisoft has released a free decryption tool to help AstraLocker and Yashma ransomware victims recover their files without paying a ransom. The free tool is available for download from Emsisoft's servers, and it allows you to recover encrypted files using easy-to-follow instructions available in this usage guide [PDF]. "Be sure to quarantine the malware from your system first, or it may repeatedly lock your system or encrypt files," Emsisoft warned. READ MORE...
Cisco's Talos threat intelligence and research unit has identified several critical vulnerabilities in a widely used industrial cellular IoT gateway made by Chinese company Robustel. The affected product is the R1510 router, which is designed to provide high-speed wireless network bandwidth in harsh environments. The device has been used worldwide and it has been certified by more than 20 mobile network operators in the United States, Europe and Southeast Asia. READ MORE...