News

Daily News Articles

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access
News

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access

A "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature has been identified by cybersecurity researchers. This flaw could be used by threat actors to facilitate privilege escalation and gain unauthorized access to Workspace APIs without the need for super admin privileges. In a technical report shared with The Hacker News, cybersecurity firm Hunters stated that "such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all of the identities in the target domain." The design flaw, which is still active today, has been given the codename DeleFriend because it allows users to modify delegations that are already in place in Google Workspace read more Design Fl...
GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability
News

GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability

Threat actors are actively using the recently discovered critical security flaw affecting Apache ActiveMQ to spread a new Go-based botnet called GoTitan and a.NET application called PrCtrl Rat, which has the ability to remotely commandeer the compromised hosts. The attacks take advantage of a remote code execution bug (CVE-2023-46604, CVSS score: 10.0) that has recently been turned into a weapon by a number of hacker groups, including the Lazarus Group. Threat actors have been seen to drop next-stage payloads from a remote server after a successful breach. One of these payloads is GoTitan, a botnet that is intended read more GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability. Get up to date on the latest cybersecurity news and enhance your knowledge of cyberse...
Understanding HIPAA: Safeguarding Health Information
News

Understanding HIPAA: Safeguarding Health Information

The safeguarding of sensitive patient data is crucial in the quickly changing healthcare environment. One of the main pieces of legislation protecting the privacy, availability, and integrity of medical data is the Health Insurance Portability and Accountability Act (HIPAA). We'll look at What is HIPAA and why it is important for healthcare organizations in this blog post, looking at its goals, essential elements, and effects on the healthcare sector. 1. What is HIPAA? Enacted in 1996, HIPAA is a federal law streamlining healthcare transactions and guaranteeing insurance portability. Its primary focus is safeguarding the privacy and security of individually identifiable health information (PHI). Through the Privacy Rule, patients gain control over their health data, and the Secu...
Microsoft deprecates Defender Application Guard for Office
News

Microsoft deprecates Defender Application Guard for Office

Microsoft suggests using Windows Defender Application Control, Protected View, and Defender for Endpoint as an alternative to Defender Application Guard for Office and the Windows Security Isolation APIs, which are being deprecated. Word, Excel, and PowerPoint for Microsoft 365 Apps are compatible with Application Guard for Office, a security feature designed for Windows 10 and Windows 11 Enterprise editions. By limiting files downloaded from untrusted sources, making sure they are opened in a secure sandbox, and blocking access to trusted resources on the user's device, its main goal read more Microsoft deprecates Defender Application Guard for Office. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverage of the da...
Healthcare giant Henry Schein hit twice by BlackCat ransomware
News

Healthcare giant Henry Schein hit twice by BlackCat ransomware

The BlackCat/ALPHV ransomware group, which also gained access to Henry Schein's network in October, has launched a second cyberattack this month, according to the American healthcare company. With operations and affiliates in 32 countries, Henry Schein is a Fortune 500 provider of healthcare products and services, with over $12 billion in revenue reported in 2022. It first made public on October 15 that, following a cyberattack the day before, it had to take some systems offline in order to contain the threat. On November 22, more than a month later, the business announced that some of its apps and the e-commerce platform had once more been taken offline due to an additional attack read more Healthcare giant Henry Schein hit twice by BlackCat ransomware. Get up to date on the lat...
North Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection
News

North Korean Hackers ‘Mixing’ macOS Malware Tactics to Evade Detection

Threat actors from North Korea have been observed "mixing and matching" various components of the two distinct attack chains, using RustBucket droppers to propagate KANDYKORN, one of the macOS malware strains they are responsible for. The research was conducted by cybersecurity firm SentinelOne, which also connected the RustBucket campaign to a third malware that is specific to macOS and is known as ObjCShellz. RustBucket is the name of an activity cluster associated with the Lazarus Group, wherein, upon viewing a specially crafted lure document, a backdoored version of a PDF reader app called SwiftLoader read more North Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity wit...
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
News

Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections

According to a recent study, passive network attackers can potentially obtain private RSA host keys from a susceptible SSH server by timing naturally occurring computational errors that arise during the connection establishment process. Over an unprotected network, commands can be safely transmitted and computer logins can be accomplished with the help of the Secure Shell (SSH) protocol. SSH, which has a client-server architecture, encrypts and verifies device connections using cryptography. In the SSH protocol, a cryptographic key called a host key is used to authenticate computers. Key pairs known as "host keys" are usually produced by public-key cryptosystems read more Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections. Get up to date on the latest...
Cyberattack on IT provider CTS impacts dozens of UK law firms
News

Cyberattack on IT provider CTS impacts dozens of UK law firms

A cyberattack on CTS, a leading managed service provider (MSP) for law firms and other organizations in the UK legal sector, is to blame for a nationwide outage that has impacted numerous law firms and home buyers since Wednesday. "We are experiencing a service outage, which has impacted some of the services we provide to our clients." The outage was caused by a cyber-incident, according to a statement issued by the UK IT services provider on Friday. "We are working closely with a leading global cyber forensics firm to help us with an urgent investigation into the incident and to assist us in service restoration." The company is working to restore online services that were disrupted read more Cyberattack on IT provider CTS impacts dozens of UK law firms. Get up to date on the lat...
Atomic Stealer malware strikes macOS via fake browser updates
News

Atomic Stealer malware strikes macOS via fake browser updates

The 'ClearFake' fake browser update campaign has expanded to macOS, with Atomic Stealer (AMOS) malware targeting Apple computers. The ClearFake campaign began in July of this year, with the goal of targeting Windows users with bogus Chrome update prompts that appear on compromised sites via JavaScript injections. Guardio Labs discovered a significant development for the malicious operation in October 2023, which used Binance Smart Chain contracts to conceal its malicious scripts supporting the infection chain in the blockchain. The operators used this technique, dubbed "EtherHiding," to distribute Windows-targeting payloads, including information-stealing malware such as RedLine read more Atomic Stealer malware strikes macOS via fake browser updates. Get up to date on the late...
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
News

Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale

More information has emerged about Telekopye, a malicious Telegram bot used by threat actors to carry out large-scale phishing scams. "Telekopye can create phishing websites, emails, SMS messages, and more," said Radek Jizba, an ESET security researcher, in a new analysis. The threat actors, codenamed Neanderthals, are known to run the criminal enterprise as a legitimate company, spawning a hierarchical structure that includes various members who take on different roles. After being recruited through advertisements on underground forums, aspiring Neanderthals are invited to join designated Telegram channels for communicating read more Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale. Get up to date on the latest cybersecurity news and enhanc...