The Federal Bureau of Investigation (FBI) has issued an alert about hackers targeting healthcare payment processors to route payments to bank accounts controlled by the attacker. This year alone, threat actors have stolen more than $4.6 million from healthcare companies after gaining access to customer accounts and changing payment details. Cybercriminals are combining multiple tactics to obtain login credentials of employees at payment processors in the healthcare industry and to modify payment instructions. READ MORE...
The ads on the Telegram messaging service's White Shark Channel this summer had the matter-of-fact tone and clipped phrasing you might find on a Craigslist posting. But this Chinese-language forum, which had some 5,700 users, wasn't selling used Pelotons or cleaning services. It was selling human beings-in particular, human beings in Sihanoukville, Cambodia, and other cities in southeast Asia. READ MORE...
German software maker SAP this week announced the release of eight new and five updated security notes as part of its September 2022 Security Patch Day. The most important of the newly released security notes deals with a high-severity vulnerability in Business One that could lead to escalation of privileges. Tracked as CVE-2022-35292 (CVSS score of 7.8), the issue is described as an unquoted service path vulnerability. READ MORE...
ESET researchers have discovered a Linux variant of the SideWalk backdoor, one of the multiple custom implants used by the SparklingGoblin APT group. This variant was first deployed against a Hong Kong university in February 2021 - the same university that SparklingGoblin had already targeted during the student protests in May 2020. SparklingGoblin is an APT group with targets mainly in East and Southeast Asia. READ MORE...
A number of financial institutions in and around New York City are dealing with a rash of super-thin "deep insert" skimming devices designed to fit inside the mouth of an ATM's card acceptance slot. The card skimmers are paired with tiny pinhole cameras that are cleverly disguised as part of the cash machine. Here's a look at some of the more sophisticated deep insert skimmer technology that fraud investigators have recently found in the wild. READ MORE...
The registration of SIM cards tied to a verified identity is back in the news, off the back of large-scale phone fraud. In what some may call a knee-jerk response to a problem, there are calls to revive a legal bill and make it law. What's happening, and what are the potential ramifications? More than 1 billion suspicious messages and spam texts have been sent in the Philippines in 2022 so far. READ MORE...
Attackers who gain initial access to a victim's network now have another method of expanding their reach: using access tokens from other Microsoft Teams users to impersonate those employees and exploit their trust. That's according to security firm Vectra, which stated in an advisory on Sept. 13 that Microsoft Teams stores authentication tokens unencrypted, allowing any user to access the secrets file without the need for special permissions. READ MORE...