Cybercriminals have named the United Kingdom's National Health Service (NHS) as one of the victims of the recent data theft and extortion campaign targeting organizations that use Oracle's E-Business Suite (EBS) enterprise resource planning solutions. "We are aware that the NHS has been listed on a cyber-crime website as being impacted by a cyber-attack, but no data has been published," a spokesperson for NHS England told SecurityWeek. READ MORE...
A Russian hacker accused of helping ransomware gangs break into businesses across the United States is set to plead guilty, according to recently filed federal court documents. 25-year-old Aleksey Olegovich Volkov worked as an "initial access broker", a cybercriminal specialist who focuses on the earliest stage of an attack: gaining the first foothold inside a victim's network. READ MORE...
Google has filed a lawsuit against 25 unnamed China-based scammers, which it claims have stolen more than 115 million credit card numbers in the US as part of the Lighthouse phishing operation. Lighthouse is a phishing software service described in the lawsuit [PDF] as a "phishing for dummies" kit. Criminals pay a monthly subscription fee for access to hundreds of templates for fake websites, domain set-up tools for those phony sites, and other features designed to dupe victims into believing they are visiting a legitimate website. READ MORE...
South America's largest country is notorious for banking malware attacks, Maverick self-terminates if its targeted user is based outside Brazil. Multiple banking Trojans have been claiming victims in Brazil as a result of threat campaigns in recent months. Researchers with security vendor CyberProof published research this week with an analysis of two strains of malware that have been targeting Brazilian citizens throughout the year: Coyote and Maverick. READ MORE...
Uhale Android-based digital picture frames come with multiple critical security vulnerabilities and some of them download and execute malware at boot time. Mobile security company Quokka conducted an in-depth security assessment on the Uhale app and found behavior suggesting a connection with the Mezmess and Voi1d malware families. READ MORE...
Shadow IT has long been a thorn in the side of corporate security teams. After all, you can't manage or protect what you can't see. But things could be about to get a lot worse. The scale, reach and power of artificial intelligence (AI) should make shadow AI a concern for any IT or security leader. Cyber risk thrives in the dark spaces between acceptable use policies. If you haven't already, it may be time to shine a light on what could be your biggest security blind spot. READ MORE...
The Washington Post has confirmed that nearly 10,000 employees and contractors had sensitive personal data stolen in the Clop-linked Oracle E-Business Suite (EBS) attacks. In a filing with Maine's attorney general, submitted on November 12, the Post details how the newspaper was contacted by a "bad actor" on September 29 who claimed to have breached its Oracle EBS environment. READ MORE...