Bleeping Computer reports that hospitals are being warned about a social engineering trick used by hackers to gain access: The sector alert issued by the Health Sector Cybersecurity Coordination Center (HC3) this week says these tactics have allowed attackers to gain access to targeted organizations’ systems by enrolling their own multi-factor authentication (MFA) devices. In […]
The Register reports: Cybercriminals are targeting iOS users with malware that steals Face ID scans to break into and pilfer money from bank accounts – thought to be a world first. A Chinese-speaking cybercrime group, dubbed GoldFactory by Group-IB’s researchers, started distributing trojanized smartphone apps in June 2023, however, the latest GoldPickaxe version has been […]
Bleeping Computer reports: Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. “Google is aware that an exploit for CVE-2023-7024 exists in the wild,” a security advisory published Wednesday said. The company fixed the zero-day bug for users in the Stable Desktop […]
Cybernews reports: Microsoft is urging Outlook users to patch and update their systems to mitigate a new threat from Russia. Hackers associated with the Kremlin’s military intelligence agency GRU are exploiting the vulnerability to access victim’s emails. Microsoft warned that a nation-state actor tracked as Forest Blizzard is actively exploiting a vulnerability to provide secret, […]
SummaryThe Federal Bureau of Investigation (FBI) is releasing this Private Industry Notification tohighlight emerging ransomware trends and encourage organizations to implement therecommendations in the “Mitigations” section to reduce the likelihood and impact ofransomware incidents. ThreatAs of July 2023, the FBI noted two trends emerging across the ransomware environment and isreleasing this notification for industry awareness. […]
NSFOCUS Security Labs recently discovered a new attack process based on phishing documents in their daily threat-hunting operations. Delving deeper into this finding through extensive research, they confirmed two new Trojan horse programs and many rare attack techniques and tactics. … AtlasCross designed a decoy document titled “Blood Drive September 2023.docm” with the United States […]
HC3: Sector AlertTLP:CLEARReport: 202309181700 Executive Summary Cisco Talos has published an open-source report regarding the North Korean state-sponsored actor, the Lazarus Group, reported to be targeting internet backbone infrastructure and healthcare entities in Europe and the United States. The attackers have been exploiting a vulnerability in ManageEngine products, which is tracked as CVE-2022-47966. This vulnerability […]
Hackers are targeting Cisco Adaptive Security Appliance (ASA) SSL VPNs in credential stuffing and brute-force attacks that take advantage of lapses in security defenses, such as not enforcing multi-factor authentication (MFA). Last week, BleepingComputer reported that the Akira ransomware gang was breaching Cisco VPNs for initial network access. Rapid7 security researchers have provided additional insights regarding these […]
Most data breaches involve some level of victim human error, which theoretically employee training can address. Human error can take the form of clicking on a link, where the email address of the sender is unknown to the person clicking on the link. Malware then enters the scene. Another common human error scenario involves phishing […]
AI Poses a Threat to Financial Sector, and Cyberattackers are ‘Outpacing’ Defenses – Treasury
Law.com reports that the U.S. Treasury Department warned the financial services sector this week that artificial intelligence (AI) will become a powerful weapon for fraudsters and cyberattackers, who will outgun the sector’s defensive efforts in the foreseeable future. The report was based on interviews with representatives from 42 financial services and technology companies about the […]