Software running Palo Alto Networks' firewalls is under attack, prompting U.S. Cybersecurity and Infrastructure Security Agency (CISA) to issue a warning to public and federal IT security teams to apply available fixes. Federal agencies urged to patch the bug by September 9. Earlier this month, Palo Alto Networks issued a fix for the high-severity bug (CVE-2022-0028) that it says adversaries attempted to exploit. READ MORE...
U.S. healthcare provider Novant Health has disclosed a data breach impacting 1,362,296 individuals who have had their sensitive information mistakenly collected by the Meta Pixel ad tracking script. Meta Pixel (formerly Facebook Pixel) is a JavaScript tracking script that Facebook advertisers can add to their site to track advertising performance. The unauthorized patient data access and disclosure began in May 2020, when Novant ran promotional campaigns for COVID-19 vaccination. READ MORE...
The leak website of the LockBit ransomware operation has been taken offline by a distributed denial-of-service (DDoS) attack that appears to have been launched in response to the cybercriminals publishing data stolen from security company Entrust. The Entrust breach was discovered on June 18 and the firm started notifying customers on July 6. However, the intrusion only came to light on July 21, when a security researcher came across a copy of the notification sent by Entrust to customers. READ MORE...
California corrections officials said Monday that there has been a potential exposure of medical information for employees and visitors who were tested for the coronavirus, although they have not found any improper use despite the data breach. The data was for people who were tested for COVID-19 in the department between June 2020 and last January. The testing data did not include inmates, but the resulting investigation uncovered the potential release of information for some inmates going back to 2008. READ MORE...
Hackers linked to the Iranian government's cyber espionage unit developed a software tool to retrieve downloaded emails and other data from Gmail, Yahoo and Microsoft Outlook accounts, Google researchers said Tuesday. The researchers at Google's Threat Analysis Group, who dubbed the tool "HYPERSCRAPE," detected the malicious program in December 2021. The Iranian hackers appear to have deployed it against fewer than two dozen accounts located in Iran, according to Ajax Bash, a Google security engineer. READ MORE...
When an organization experiences a massive data breach, it knows (at least) that it needs to inform the federal government about the cybersecurity incident, get law enforcement involved, and then inform its clients and affiliates. Seems simple enough, but this process, which countries from the West have been abiding by, is the result of countless breaches in the past, followed by a myriad of digital crimes that took advantage of those leaked and stolen data. READ MORE...
Cybercriminals are swarming to deploy an emerging ransomware variant called BianLian that was written in Go, the Google-created open source programming language. BianLian has been rising popularity since it was first outed in mid-July, according to researchers at Cyble Research Labs, which published details on their study of the ransomware in a blog post last week. Threat actors so far have cast a wide net with the novel BianLian malware, which counts organizations in media and entertainment. READ MORE...
Israeli researcher Mordechai Guri has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards. Dubbed 'ETHERLED', the method turns the blinking lights into Morse code signals that can be decoded by an attacker. Capturing the signals requires a camera with a direct line of sight to LED lights on the air-gapped computer's card. These can be translated into binary data to steal information. READ MORE...
Academic researchers from Northwestern University have shared details on 'DirtyCred', a previously unknown privilege escalation vulnerability affecting the Linux kernel. Tracked as CVE-2022-2588, the security flaw can be exploited to escalate privileges, and can also lead to a container escape. The academics say the vulnerability has been present in Linux for eight years. READ MORE...