Chinese scammers have reportedly stolen a whopping $529 million dollars from Indian residents using instant lending apps, lures of part-time jobs, and bogus cryptocurrency trading schemes, according to the cyber crime unit in the state of Uttar Pradesh. As of last April, the coppers had busted a network of criminals worth around $378 million, but that total did not include the cryptocurrency-related frauds. READ MORE...
U.S. moving and storage rental company U-Haul has suffered a data breach due to an unauthorized person having accessed an unspecified number of rental contracts, U-Haul's parent company Amerco has revealed in a last week. It is not known have many customers have been affected, but apparently their payment card information is safe - the person had access "only" to customers' name, driver's license or state identification number. READ MORE...
Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors. The Browser-in-the-Browser technique is a trending attack method involving the creation of fake browser windows within the active window, making it appear as a sign-in pop-up page for a targeted login service. READ MORE...
Hackers are using a clever new phishing technique to create email threads with multiple responses to trick potential victims into thinking bogus messages are legitimate. The cybersecurity firm Proofpoint has identified the group deploying these so-called "multi-persona impersonation" emails as TA453. The company previously linked TA453 to Iran and says their activities overlap with other groups called Charming Kitten, Phosphorous and APT42. READ MORE...
More than 20% of the healthcare organizations recently surveyed by the Ponemon Institute reported increased patient mortality rates after experiencing a cyberattack, according to a study released Thursday from the research group and Proofpoint, a cybersecurity compliance company. Delayed procedures and tests were the most commonly reported consequences of cyberattacks, along with longer patient stays, according to the study. READ MORE...
Apple has pushed out five security fixes including including two vulnerabilities in its iPhones, iPads and Mac operating systems that are already being exploited. One of these, tracked as CVE-2022-32917, can be used to allow malicious applications to execute arbitrary code with kernel privileges. "Apple is aware of a report that this issue may have been actively exploited," according to a security alert posted on Monday. READ MORE...
The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks. Arctic Wolf Labs security researchers spotted this new tactic after observing a significant overlap with Tactics, Techniques, and Procedures (TTPs) tied to ransomware attacks exploiting the CVE-2022-29499 bug for initial access, as Crowdstrike reported in June. READ MORE...
The FBI is warning healthcare facilities of the risks associated with unpatched and outdated medical devices. Security flaws in medical devices could adversely impact the operations of healthcare facilities, while also affecting the safety of patients and data confidentiality and integrity, the FBI says. Both hardware design and device software management faults could lead to security vulnerabilities, especially if specific configurations are used, embedded security features are missing or cannot be updated. READ MORE...