U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach

Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as well as the theft and release of Personally Identifiable

North Korean Hackers Weaponize Research Lures to Deliver RokRAT Backdoor

Media organizations and high-profile experts in North Korean affairs have been at the receiving end of a new campaign orchestrated by a threat actor known as ScarCruft in December 2023. "ScarCruft has been experimenting with new infection chains, including the use of a technical threat research report as a decoy, likely targeting consumers of threat intelligence like cybersecurity

Carbanak Banking Malware Resurfaces with New Ransomware Tactics

The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned last month through new

Rogue WordPress Plugin Exposes E-Commerce Sites to Credit Card Theft

Threat hunters have discovered a rogue WordPress plugin that's capable of creating bogus administrator users and injecting malicious JavaScript code to steal credit card information. The skimming activity is part of a Magecart campaign targeting e-commerce websites, according to Sucuri. "As with many other malicious or fake WordPress plugins it contains some deceptive information at

Alert: Chinese-Speaking Hackers Pose as UAE Authority in Latest Smishing Wave

The Chinese-speaking threat actors behind Smishing Triad have been observed masquerading as the United Arab Emirates Federal Authority for Identity and Citizenship to send malicious SMS messages with the ultimate goal of gathering sensitive information from residents and foreigners in the country. "These criminals send malicious links to their victims' mobile devices through SMS or

Microsoft Warns of Storm-0539: The Rising Threat Behind Holiday Gift Card Frauds

Microsoft is warning of an uptick in malicious activity from an emerging threat cluster it's tracking as Storm-0539 for orchestrating gift card fraud and theft via highly sophisticated email and SMS phishing attacks against retail entities during the holiday shopping season. The goal of the attacks is to propagate booby-trapped links that direct victims to adversary-in-the-middle (AiTM

Iranian State-Sponsored OilRig Group Deploys 3 New Malware Downloaders

The Iranian state-sponsored threat actor known as OilRig deployed three different downloader malware throughout 2022 to maintain persistent access to victim organizations located in Israel. The three new downloaders have been named ODAgent, OilCheck, and OilBooster by Slovak cybersecurity company ESET. The attacks also involved the use of an updated version of a known OilRig downloader

Unveiling the Cyber Threats to Healthcare: Beyond the Myths

Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum?  Surprisingly, it's the EHR, and the difference is stark: according to a study, EHRs can sell for up to $1,000 each, compared to a mere $5 for a credit card number and $1 for a social

CISA Sets a Deadline - Patch Juniper Junos OS Flaws Before November 17

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given a November 17, 2023, deadline for federal agencies and organizations to apply mitigations to secure against a number of security flaws in Juniper Junos OS that came to light in August. The agency on Monday added five vulnerabilities to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active

Critical Flaw in NextGen's Mirth Connect Could Expose Healthcare Data

Users of Mirth Connect, an open-source data integration platform from NextGen HealthCare, are being urged to update to the latest version following the discovery of an unauthenticated remote code execution vulnerability. Tracked as CVE-2023-43208, the vulnerability has been addressed in version 4.4.1 released on October 6, 2023. "This is an easily exploitable, unauthenticated remote code

New Magecart Campaign Alters 404 Error Pages to Steal Shoppers' Credit Cards

A sophisticated Magecart campaign has been observed manipulating websites' default 404 error page to conceal malicious code in what's been described as the latest evolution of the attacks. The activity, per Akamai, targets Magento and WooCommerce websites, with some of the victims belonging to large organizations in the food and retail industries. "In this campaign, all the victim websites we

How to Protect Patients and Their Privacy in Your SaaS Apps

The healthcare industry is under a constant barrage of cyberattacks. It has traditionally been one of the most frequently targeted industries, and things haven’t changed in 2023. The U.S. Government’s Office for Civil Rights reported 145 data breaches in the United States during the first quarter of this year. That follows 707 incidents a year ago, during which over 50 million records were

Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack

Cybersecurity researchers have unearthed a new ongoing Magecart-style web skimmer campaign that's designed to steal personally identifiable information (PII) and credit card data from e-commerce websites. A noteworthy aspect that sets it apart from other Magecart campaigns is that the hijacked sites further serve as "makeshift" command-and-control (C2) servers, using the cover to facilitate the

N. Korean ScarCruft Hackers Exploit LNK Files to Spread RokRAT

Cybersecurity researchers have offered a closer look at the RokRAT remote access trojan that's employed by the North Korean state-sponsored actor known as ScarCruft. "RokRAT is a sophisticated remote access trojan (RAT) that has been observed as a critical component within the attack chain, enabling the threat actors to gain unauthorized access, exfiltrate sensitive information, and potentially

Cynet Protects Hospital From Lethal Infection

A hospital with 2,000 employees in the E.U. deployed Cynet protections across its environment. The hospital was in the process of upgrading several expensive imaging systems that were still supported by Windows XP and Windows 7 machines. Cynet protections were in place on most of the Windows XP and Windows 7 machines during the upgrade process, ensuring that legacy operating systems would not

Darknet Carding Kingpin Pleads Guilty: Sold Financial Info of Tens of Thousands

A U.S. national has pleaded guilty in a Missouri court to operating a darknet carding site and selling financial information belonging to tens of thousands of victims in the country. Michael D. Mihalo, aka Dale Michael Mihalo Jr. and ggmccloud1, has been accused of setting up a carding site called Skynet Market that specialized in the trafficking of credit and debit card data. Mihalo and his

CISA Warns of Critical Flaws in Illumina's DNA Sequencing Instruments

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 DNA

Attention Online Shoppers: Don't Be Fooled by Their Sleek, Modern Looks — It's Magecart!

An ongoing Magecart campaign has attracted the attention of cybersecurity researchers for leveraging realistic-looking fake payment screens to capture sensitive data entered by unsuspecting users. "The threat actor used original logos from the compromised store and customized a web element known as a modal to perfectly hijack the checkout page," Jérôme Segura, director of threat intelligence at

VMware Patches Critical Vulnerability in Carbon Black App Control Product

VMware on Tuesday released patches to address a critical security vulnerability affecting its Carbon Black App Control product. Tracked as CVE-2023-20858, the shortcoming carries a CVSS score of 9.1 out of a maximum of 10 and impacts App Control versions 8.7.x, 8.8.x, and 8.9.x. The virtualization services provider describes the issue as an injection vulnerability. Security researcher Jari

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners. The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota as well as in

Cyber Security Is Not a Losing Game – If You Start Right Now

Reality has a way of asserting itself, irrespective of any personal or commercial choices we make, good or bad. For example, just recently, the city services of Antwerp in Belgium were the victim of a highly disruptive cyberattack.  As usual, everyone cried "foul play" and suggested that proper cybersecurity measures should have been in place. And again, as usual, it all happens a bit too late.

SiriusXM Vulnerability Lets Hackers Remotely Unlock and Start Connected Cars

Cybersecurity researchers have discovered a security vulnerability that exposes cars from Honda, Nissan, Infiniti, and Acura to remote attacks through a connected vehicle service provided by SiriusXM. The issue could be exploited to unlock, start, locate, and honk any car in an unauthorized manner just by knowing the vehicle's vehicle identification number (VIN), researcher Sam Curry said in a 

The Value of Old Systems

Old technology solutions – every organization has a few of them tucked away somewhere.  It could be an old and unsupported storage system or a tape library holding the still-functional backups from over 10 years ago.  This is a common scenario with software too. For example, consider an accounting software suite that was extremely expensive when it was purchased. If the vendor eventually went

Been Doing It The Same Way For Years? Think Again.

As IT professionals, we all reach a certain point in our IT career where we realize that some of our everyday tasks are done the same way year after year without anyone questioning why it's done that way. Despite the constant change and improvement in technology, some things just get done the same ineffective way without any real thought behind it because "that's the way it's always been done."

Medibank Refuses to Pay Ransom After 9.7 Million Customers Exposed in Ransomware Hack

Australian health insurer Medibank today confirmed that personal data belonging to around 9.7 million of its current and former customers were accessed following a ransomware incident. The attack, according to the company, was detected in its IT network on October 12 in a manner that it said was "consistent with the precursors to a ransomware event," prompting it to isolate its systems, but not

Your OT Is No Longer Isolated: Act Fast to Protect It

Not too long ago, there was a clear separation between the operational technology (OT) that drives the physical functions of a company – on the factory floor, for example – and the information technology (IT) that manages a company's data to enable management and planning.  As IT assets became increasingly connected to the outside world via the internet, OT remained isolated from IT – and the

Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers

A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group. This link "could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups," cybersecurity firm SentinelOne said in a technical write-up shared with The Hacker News. Black

Australian Health Insurer Medibank Suffers Breach Exposing 3.9 Million Customers' Data

Australian health insurance firm Medibank on Wednesday disclosed that the personal information of all of its customers had been unauthorizedly accessed following a recent ransomware attack. In an update to its ongoing investigation into the incident, the firm said the attackers had access to "significant amounts of health claims data" as well as personal data belonging to its ahm health

European Police Arrest a Gang That Hacked Wireless Key Fobs to Steal Cars

Law enforcement authorities in France, in collaboration with Spain and Latvia, have disrupted a cybercrime ring that leveraged a hacking tool to steal cars without having to use a physical key fob. "The criminals targeted vehicles with keyless entry and start systems, exploiting the technology to get into the car and drive away," Europol said in a press statement. <!--adsense--> The coordinated

64,000 Additional Patients Impacted by Omnicell Data Breach - What is Your Data Breach Action Plan?

In April 2022, Omnicell reported a data breach affecting nearly 62,000 patients. The company has revealed that the incident has impacted an additional 64,000 individuals. This brings the total number of patients affected to over 126,000.  Will you be the next victim like Omnicell? If you are overlooking the importance of data protection, attackers can get you in no time.  Explore the impact of

Back to Basics: Cybersecurity's Weakest Link

A big promise with a big appeal. You hear that a lot in the world of cybersecurity, where you're often promised a fast, simple fix that will take care of all your cybersecurity needs, solving your security challenges in one go.  It could be an AI-based tool, a new superior management tool, or something else – and it would probably be quite effective at what it promises to do. But is it a silver

Firing Your Entire Cybersecurity Team? Are You Sure?

What on earth were they thinking? That's what we – and other security experts – were wondering when content giant Patreon recently dismissed its entire internal cybersecurity team in exchange for outsourced services. Of course, we don't know the true motivations for this move. But, as outsiders looking in, we can guess the cybersecurity implications of the decision would be inescapable for any

New Vulnerabilities Reported in Baxter's Internet-Connected Infusion Pumps

Multiple security vulnerabilities have been disclosed in Baxter's internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. "Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration," the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in

Integrating Live Patching in SecDevOps Workflows

SecDevOps is, just like DevOps, a transformational change that organizations undergo at some point during their lifetime. Just like many other big changes, SecDevOps is commonly adopted after a reality check of some kind: a big damaging cybersecurity incident, for example. A major security breach or, say, consistent problems in achieving development goals signals to organizations that the

Resolving Availability vs. Security, a Constant Conflict in IT

Conflicting business requirements is a common problem – and you find it in every corner of an organization, including in information technology. Resolving these conflicts is a must, but it isn’t always easy – though sometimes there is a novel solution that helps. In IT management there is a constant struggle between security and operations teams. Yes, both teams ultimately want to have secure

Magecart Hacks Food Ordering Systems to Steal Payment Data from Over 300 Restaurants

Three restaurant ordering platforms MenuDrive, Harbortouch, and InTouchPOS were the target of two Magecart skimming campaigns that resulted in the compromise of at least 311 restaurants. The trio of breaches has led to the theft of more than 50,000 payment card records from these infected restaurants and posted for sale on the dark web. "The online ordering platforms MenuDrive and Harbortouch

Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning of a handful of unpatched security vulnerabilities in MiCODUS MV720 Global Positioning System (GPS) trackers outfitted in over 1.5 million vehicles that could lead to remote disruption of critical operations. "Successful exploitation of these vulnerabilities may allow a remote actor to exploit access and gain control of

Why Developers Hate Changing Language Versions

Progress powers technology forward. But progress also has a cost: by adding new capabilities and features, the developer community is constantly adjusting the building blocks. That includes the fundamental languages used to code technology solutions. When the building blocks change, the code behind the technology solution must change too. It's a challenging and time-consuming exercise that

North Korean Maui Ransomware Actively Targeting U.S. Healthcare Organizations

In a new joint cybersecurity advisory, U.S. cybersecurity and intelligence agencies have warned about the use of Maui ransomware by North Korean government-backed hackers to target the healthcare sector since at least May 2021. "North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services—including electronic health

Newly Discovered Magecart Infrastructure Reveals the Scale of Ongoing Campaign

A newly discovered Magecart skimming campaign has its roots in a previous attack activity going all the way back to November 2021. To that end, it has come to light that two malware domains identified as hosting credit card skimmer code — "scanalytic[.]org" and "js.staticounter[.]net" — are part of a broader infrastructure used to carry out the intrusions, Malwarebytes said in a Tuesday analysis

Do You Have Ransomware Insurance? Look at the Fine Print

Insurance exists to protect the insured party against catastrophe, but the insurer needs protection so that its policies are not abused – and that's where the fine print comes in. However, in the case of ransomware insurance, the fine print is becoming contentious and arguably undermining the usefulness of ransomware insurance. In this article, we'll outline why, particularly given the current

Even the Most Advanced Threats Rely on Unpatched Systems

Common cybercriminals are a menace, there's no doubt about it – from bedroom hackers through to ransomware groups, cybercriminals are causing a lot of damage. But both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups such as the famous hacking groups and state-sponsored groups. In fact, these tools can prove almost

New Emotet Variant Stealing Users' Credit Card Information from Google Chrome

Image Source: Toptal The notorious Emotet malware has turned to deploy a new module designed to siphon credit card information stored in the Chrome web browser. The credit card stealer, which exclusively singles out Chrome, has the ability to exfiltrate the collected information to different remote command-and-control (C2) servers, according to enterprise security company Proofpoint, which