Security

New fraud campaigns have been discovered involving the Medusa (TangleBot) banking Trojan, which had evaded detection for nearly a year.  An analysis published by Cleafy researchers last week revealed that this sophisticated malware family, first identified in 2020, has resurfaced with significant changes.  This malware, known for its remote access Trojan (RAT) capabilities, includes keylogging,

Security researchers from Group-IB have unveiled the operations of a threat actor known as Boolka, whose activities involve deploying sophisticated malware and engaging in web attacks.  According to an advisory published by the company on Friday, the group has been observed exploiting vulnerabilities through SQL injection attacks since 2022, targeting websites across various countries. The

Threat actors have published nearly 400GB of data stolen from pathology provider Synnovis, including sensitive NHS patient information, according to reports. The data was apparently accessed by ransomware group Qilin following the attack on critical NHS supplier Synnovis on June 3, 2024. The gang reportedly posted the information on its darknet site and Telegram channel

The US government has banned cybersecurity provider Kaspersky from selling its products in the country because of the company’s alleged links to the Russian regime. On June 20, 2024, the US Department of Commerce’s Bureau of Industry and Security (BIS) issued a Final Determination prohibiting Kaspersky Lab, Inc., the US subsidiary of the Russian cybersecurity

The US Cybersecurity and Infrastructure Security Agency (CISA) has revealed its Chemical Security Assessment Tool (CSAT) was breached by a malicious actor, and warned chemical facilities that sensitive data may have been exfiltrated. The attackers exploited a zero-day vulnerability in an Ivanti Connect Secure appliance to infiltrate CSAT from January 23 to 26, 2024. The

The notorious LockBit group has reemerged to become the most prominent ransomware actor in May 2024, according to a new analysis by NCC Group. LockBit 3.0 returned to the fold in May to launch 176 ransomware attacks, 37% of the total number for the month. This represents an enormous 665% month-on-month increase for the ransomware-as-a-service

Individuals in China have been targeted by a QR code-based phishing (quishing) campaign which uses QR codes in fake official documents to deceive victims, according to new research by Cyble Research and Intelligence Labs (CRIL). As part of the campaign, Microsfot Word files masquerade as official documents from the Chinese Ministry of Human Resources and

More than nine in 10 (92%) organizations experienced an average of six credential compromises caused by email-based social engineering attacks in 2023, according to a new report by Barracuda. Scamming and phishing continued to make up the vast majority (86%) of social engineering attacks last year. There were some notable trends in how attackers are

Los Angeles County Department of Public Health (DPH) has disclosed a data breach impacting  more than 200,000 individuals. The data stolen includes personal, medical and financial information. The incident, which took place between February 19 and 20, 2024, was caused by an attacker gaining the log-in credentials of 53 Public Health employees through a phishing

Researchers at cybersecurity provider ESET detected five cyber espionage campaigns starting in 2022, targeting Android users with trojanized apps in Egypt and Palestine. In a new report, ESET provided further details on these campaigns, which it attributed with medium confidence to the Arid Viper hacking group. The ESET researchers named the multistage spyware used to

Microsoft President Brad Smith had admitted security failings by the firm in enabling Chinese state hackers access the emails of US government officials in the summer of 2023. In testimony at Congress to members of the US House Committee on Homeland Security on June 13, 2024, Smith said the tech giant accepts responsibility for all

Three weeks before the UK general election, Matthew Feeney, head of tech and innovation at the UK-based Centre for Policy Studies, warned about the deepfake threat to election integrity in a new report. The tech policy expert said that technological advances have made deepfakes easier and cheaper than ever to produce. However, he cautioned against

Ascension has revealed that ransomware attackers gained access to its systems after an employee accidently downloaded a malicious file. The incident, which took place in May 2024, forced the US private healthcare provider to divert ambulances and postpone patient appointments. Additionally, the attack prevented access to electronic health records (EHR), and took down various systems

Vulnerabilities in edge services and infrastructure devices are being increasingly exploited by cyber threat actors, according to a new report by WthSecure. Edge services, pieces of software installed at the edge of a network and accessible from both the internet and the internal network, are attractive to threat actors because they make a perfect initial

Phishing continues to be one of the most favored ways of compromising systems for hacking groups, Abnormal Security has found. In its latest report, Email Security Threats in Europe: Insights into Attack Trends, the email security provider observed that the volume of phishing attacks targeting organizations in Europe increased by 112.4% between April 2023 and

The winners of the European Cybersecurity Blogger Awards were announced at a ceremony held at Tapa Tapa, London, on June 5 at Infosecurity Europe 2024 . The awards celebrated the industry’s best blogs, podcasts, and vlogs, as well as the exceptional talent who contribute to these forums. The award ceremony was organised by Eskenzi PR, sponsored

Multiple security vulnerabilities have been found in the WooCommerce Amazon Affiliates (WZone) plugin, according to Patchstack.  This premium WordPress plugin, developed by AA-Team and boasting over 35,000 sales, is designed to assist site owners and bloggers in monetizing their websites via the Amazon affiliate program.  The vulnerabilities identified are serious, impacting all tested versions, including

Most CISOs now plan on the basis that a cyber-attack or data breach will happen, but there is still work to do to if organizations are to survive a crisis and recover, warned industry experts. Effective cyber crisis management is a key part of resilience. According to a panel of CISOs and cyber experts at

A new vulnerability has been found in the EmailGPT service, a Google Chrome extension and API service that utilizes OpenAI’s GPT models to assist users writing emails within Gmail.  The flaw discovered by Synopsys Cybersecurity Research Center (CyRC) researchers is particularly alarming because it enables attackers to gain control over the AI service simply by

Both enterprises and consumer-facing organizations should look to move away from passwords in favor of more secure, and convenient, forms of authentication. This was the view of experts on authentication, speaking at Infosecurity Europe 2024. The sheer number of passwords the average business user, or consumer, now needs to remember causes practical difficulties as well as

Smaller firms and charities face the same growing security risks as their larger peers, but lack of budgets and resources need not be a barrier to improving security, according to industry experts. Security leaders from smaller organizations told Infosecurity Europe 2024 that it is not just financial constraints that limit options in smaller organizations. A

Leading London hospitals have been forced to cancel operations and divert emergency patients following a cyber-attack on a critical supplier. The incident has affected Guy’s and St Thomas’, King’s College Hospital NHS Foundation Trusts and primary care services in South East London, according to a statement from NHS England on June 4. This follows a

Ransomware activity increased in 2023 compared to 2022, according to Google-owned Mandiant. This is despite broadscale law enforcement operations against prominent ransomware groups, including ALPHV/BlackCat. Mandiant shared ransomware research findings in a new report published on June 3, 2024. The threat intelligence firm observed a 75% increase in posts on ransomware groups’ data leak sites

First American, a major insurance company in the US, has confirmed that a ransomware attack led to the loss of sensitive data for thousands of people. The cyber-attack, which occurred in late December 2023, forced First American to shut down some systems, including its website.  The company later reported to the US Securities and Exchange

Events like the upcoming 2024 Paris Olympic Games, taking place from July 26, 2024, provides threat actors with the opportunity to disrupt a highly anticipated event that attracts global attention. With more than 15 million tourists expected to descend into Paris during the games, there are huge safety and security risks for authorities to manage

The BBC has confirmed a breach of its pension scheme, exposing the personal data of many of its employees. The public service broadcaster revealed that attackers copied files containing some BBC Trust members’ personal details from a cloud-based storage device. The information includes names, National Insurance numbers, dates of birth and home addresses. The BBC

A new operation coordinated by Europol has targeted several significant malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and Trickbot.  Dubbed “Endgame” and conducted between May 27 and 29 2024, the operation aimed to disrupt criminal networks by arresting high-value targets, dismantling their infrastructure and freezing illicit proceeds. The targeted malware facilitated ransomware and other malicious

A malicious email campaign has been discovered leveraging piano-themed messages to perpetrate advance fee fraud (AFF) scams.  These campaigns, active since at least January 2024, primarily target students and faculty at North American colleges and universities.  However, industries such as healthcare and food and beverage services have also been affected. According to Proofpoint, who discovered

Cybersecurity firm Check Point has urged customers to review their VPN configurations to prevent potential exploitation by threat actors seeking initial access to enterprise networks. Writing in a security advisory on Monday, the company reported that VPNs from various cybersecurity vendors have been increasingly targeted.  In particular, Check Point has observed attempts to breach its

Security researchers have reported a significant increase in cyber activity targeting the upcoming Indian general election.  This surge, driven by various hacktivist groups, has resulted in the leakage of personal identifiable information (PII) of Indian citizens on the dark web. The election, set to occur in seven phases from April 19 to June 1 2024, will