In a new HiatusRAT malware campaign, threat actors targeted a U.S. Department of Defense server in a reconnaissance attack. Read more of this article by Sergiu Gatlan at Bleeping Computer.
You’re on a call with someone and they can hear you keyboarding. Can they figure out what you typed or steal any passwords you typed in while on the call? Read more of this article by Bill Toulas at Bleeping Computer.
Schools that haven’t already reopened this year will be reopening this week, which makes this a great time for ransomware gangs to strike. All school districts should be hypervigilant and make sure they have a rapid response plan and an emergency backup plan in place. A number of school districts have already been reporting attacks […]
Prospect Medical Holdings has now confirmed what already seemed clear to researchers and those who check leak sites. The threat actors did get files with personal information. Prospect Medical Holdings is confirming new details about a massive data theft from three Connecticut hospitals and others around the country in a nearly month-old cyber attack by a shadowy […]
Boston Red Sox legend David Ortiz has revealed that he is victim of an extortion plot by criminal network that has threatened to spill details of his personal life. The Hall of Famer posted a video to Instagram explaining that the the suspects had broken into an old cellphone, where they gained access to his […]
Prime Therapeutics LLC / Magellan Rx has disclosed a breach that may have affected a subset of covered Blue Cross and Blue Shield of Minnesota members. According to their press release, on July 11, they became aware that an unauthorized actor obtained access to an employee’s mobile email account. That email account contained documents that included members’ personal […]
Omkhar Arasaratnam writes that the same type of attack that took advantage of poor security in 1998 is still taking advantage of poor security in 2023. He writes: SQL injection — among the lowest hanging of security fruit — is still included in the Open Worldwide Application Security Project (OWASP) Top 10 list of security […]
You’ve become the victim of a ransomware attack and received a ransom demand that is not something you can afford. Can you negotiate with the ransomware gang? Yes, you can, and it may save you money if you do your homework first on different gangs and negotiators. Read more of this article By Christopher Janaro […]
Makers of vulnerable apps that are exploited in wide-scale supply chain attacks such as the MOVEit breach need to improve software security or face steep fines and settlement fees. Read more of this article at Darkreading.com.
Q2 2023 Threat Landscape Report: All Roads Lead to Supply Chain Infiltrations
The significant increase in supply-chain attacks has been discussed in a Q2 report by Kroll, who also noted a significant increase in email compromises. Read more of this article Kroll.com.