Updated on 2022-10-07 Insurance and reinsurance market Lloyd’s of London says they have “detected unusual activity on [their] network and … are investigating the issue.” Lloyd’s has reset its IT systems and shut down external connectivity, but has yet provided no further details. Note This is a good example of that tough business risk decision …
Cyberattack
Updated on 2022-12-08 Patients of at least seven Washington state hospitals affiliated with CommonSpirit have been impacted by the breach of the hospital chain in October, revealed investigation. Read more: CommonSpirit Health Provides Cyberattack Update and Notification of Data Breach Involving Virginia Mason Franciscan Health in Washington state Updated on 2022-12-04: CommonSpirit finally notifies of …
Updated on 2022-10-04 Cyber adversaries hijacked the installer for commercial chat provider Comm100 to propagate a trojan malware via its Windows Desktop agent software. Read more: Report: Commercial chat provider hijacked to spread malware in supply chain attack Updated on 2022-10-03: Comm100 supply chain attack CrowdStrike said on Friday that it detected that a suspected …
Updated on 2022-09-30 Managed care company Magellan Health will pay $1.43 million to settle a lawsuit filed in the wake of a 2019 data breach. In May 2019, Magellan subsidiary Magellan Rx Management suffered a phishing attack that led to the compromise of sensitive personal information belonging to 273,000 patients. While Magellan learned about the …
Interpol and South African officials detained last week two Nigerian nationals in Pretoria for their roles in a sprawling cybercrime campaign that stole more than $1.8 million from victims via online romance scams and business email compromise (BEC) operations. Authorities did not release the names of the two suspects, but local media reported that the …
Updated on 2022-10-31 This Halloween, let’s once more visit the ghost of threat actors present. BlackByte claimed to have attacked a metal solution provider and is demanding $600,000 to delete the stolen data. It seems that data breaches are piling up high on the land down under. An airline suffered a breach that impacted only …
Jenkins Security Advisories Jenkins Security Advisory 2022-10-19 Oracle Security Alerts Oracle Critical Patch Update Advisory – October 2022 Adobe Security Bulletins and Advisories Security Updates Available for Adobe Animate | APSB21-21 APSB22-57 Security update available for Adobe Acrobat and Reader | APSB21-09 APSB22-46 Security updates available for Adobe ColdFusion | APSB22-44 Apple Security Advisory iOS …
Updated on 2022-10-05: Fast Company hacked to send obscene push notification Pour one out for Fast Company, whose website is still down a week after its backend content management system was hacked — and very publicly. Credentials stored in the CMS allowed the cybercriminal to push a racial slur as an Apple News push notification. …
Live streaming service Twitch dealt with a major bot attack this week and was forced to block logins from exotic browsers to prevent a threat actor from mass-creating new accounts to be used in future hate raids. According to a developer who creates Twitch-centered software, more than 4 million new accounts were created over the …
Updated on 2022-12-07: Cobalt Strike adoption PAN’s Unit42 research team says it spotted three malware operations that have straight out incorporated components of the Cobalt Strike pen-testing framework into their code. The three malware strains are KoboldLoader, MagnetLoader, and LithiumLoader. Read more: Blowing Cobalt Strike Out of the Water With Memory Analysis Updated on 2022-12-05: …
Updated on 2022-10-09: NSA: Who hacked what now?! Spies snooped inside a U.S. military defense contractor’s network for months and stole a cache of sensitive data, according to a joint release by the NSA, CISA and the FBI. The U.S. agencies point the finger of blame at an unspecified APT group, but could be Russia …
Updated on 2022-12-29: FIN7 report By far, the best infosec report of last week is Prodaft’s analysis of the FIN7 cybercrime cartel. The report covers the gang’s membership, various tools, and internal chat logs, including conversations where the FIN7 leaders threaten to hurt their members’ family members in case any of them want to leave …
Updated on 2022-09-28: Healthcare services organization spills data West Virginia-based Physician’s Business Office notified 196,573 individuals about a breach that exposed their personal data and Protected Health Information (PHI). Hackers could have accessed patient names, SSNs, driver’s licenses, treatments, diagnoses, contact details, disability codes, prescription information, and health insurance account details. Overview West Virginia-based Physician’s …
Ukraine’s Main Directorate of Intelligence of the Ministry of Defense warns that Russia is planning to escalate cyberattacks against Ukrainian and Ukrainian allies’ critical infrastructure. The Directorate says it expects the first attacks to target the energy sector. They also warn that Russia is likely to escalate distributed denial-of-service (DDoS) attacks against critical infrastructure in …
Updated on 2022-09-23: CISA Adds Critical Zoho Flaw to Known Exploited Vulnerabilities Catalog The US Cybersecurity and Infrastructure Security Agency (CISA) has added a Java deserialization vulnerability in Zoho ManageEngine products to its Known Exploited Vulnerabilities (KEV) catalog. The critical flaw affects ManageEngine PAM360, Password Manager Pro, and Access Manager Plus. CISA has given federal …
