31.5M invoices, contracts, patient consent forms, and more exposed to the internet
Nearly 2.7 TB of sensitive data - 31.5 million invoices, contracts, HIPPA patient consent forms, and other business documents regarding numerous companies across industries - has been exposed to the public internet in a non-password protected database for an unknown amount of time. "Once I started seeing invoices, it was pretty clear what the risks were here, including invoice fraud," said information security researcher Jeremiah Fowler. READ MORE...
500k Impacted by Texas Dow Employees Credit Union Data Breach
Texas Dow Employees Credit Union (TDECU) is notifying over 500,000 individuals that their personal information was compromised in the MOVEit campaign last year. Conducted by the Russian-speaking Cl0p ransomware group, the hack came to light on May 31, 2023, when Progress Software warned that hackers had exploited a zero-day in the MOVEit Transfer managed file transfer (MFT) software, tracked as CVE-2023-34362, to access customer data. READ MORE...
Patelco Credit Union Says Breach Impacts 726k After Ransomware Gang Auctions Data
California-based Patelco Credit Union is informing customers and employees about a data breach after a ransomware group managed to steal databases containing personal information from its systems. Patelco is a member-owned, not-for-profit credit union that serves Northern California, particularly the San Francisco Bay Area. The organization revealed in a data breach notice on its website that it detected a ransomware attack involving unauthorized access to its databases on June 29. READ MORE...
Hackers now use AppDomain Injection to drop CobaltStrike beacons
A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows. The technique has been around since 2017, and multiple proof-of-concept apps have been released over the years. However, it is typically used in red team engagements and seldomly observed in malicious attacks, with defenders not actively monitoring it. READ MORE...
Stealthy 'sedexp' Linux malware evaded detection for two years
A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. The malware was discovered by risk management firm Stroz Friedberg, an Aon Insurance company, and enables its operators to create reverse shells for remote access and to further the the attack. "At the time of this writing, the persistence technique used (udev rules) is not documented by MITRE ATT&CK," the researchers note. READ MORE...
Constantly Evolving MoonPeak RAT Linked to North Korean Spying
A threat actor with likely connections to North Korea's notorious Kimsuky group is distributing a new version of the open source XenoRAT information-stealing malware, using a complex infrastructure of command-and-control (C2) servers, staging systems, and test machines. The variant, that researchers at Cisco Talos are tracking as MoonPeak after discovering it recently, is under active development and has been constantly evolving in little increments over the past few months. READ MORE...
Android malware steals payment card data using previously unseen technique
Newly discovered Android malware steals payment card data using an infected device's NFC reader and relays it to attackers, a novel technique that effectively clones the card so it can be used at ATMs or point-of-sale terminals, security firm ESET said. ESET researchers have named the malware NGate because it incorporates NFCGate, an open source tool for capturing, analyzing, or altering NFC traffic. READ MORE...
- ...in 1920, the 19th Amendent is formally adopted into the U.S. Constitution, guaranteeing the right of women to vote.
- ...in 1939, the Brooklyn Dodgers hosted the Cincinnati Reds in the first televised baseball game.
- ...in 1952, puzzle creator and New York Times crossword editor Will Shortz is born in Crawfordsville, IN.
- ...in 1957, the Ford Motor Company rolls out the first Edsel. It will be discontinued three years later.
