Tag: cyberattack news

LogoFAIL bugs in UEFI code allow planting bootkits via images
News

LogoFAIL bugs in UEFI code allow planting bootkits via images

A group of security flaws known as LogoFAIL impact image-parsing parts of the UEFI code from different vendors. Researchers alert the public to the possibility that they could be used to distribute bootkits and control the booting process's execution flow. The problems affect both x86 and ARM architectures because they are in the image parsing libraries that vendors use to display logos during booting. Researchers at the firmware supply chain security platform Binarly claim that the branding has added needless security risks, allowing malicious payloads to be executed by injecting image files read more LogoFAIL bugs in UEFI code allow planting bootkits via images. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thorough coverag...
Dollar Tree hit by third-party data breach impacting 2 million people
News

Dollar Tree hit by third-party data breach impacting 2 million people

A third-party data breach that affected 1,977,486 individuals was linked to the discount store chain Dollar Tree following the hack of service provider Zeroed-In Technologies. Discount retailer Dollar Tree runs the Dollar Tree and Family Dollar brands in 23,000 locations across the US and Canada. A security incident occurred between August 7 and August 8, 2023, according to a data breach notification that Dollar Tree's service provider, Zeroed-In, shared with the Maine Attorney General. Threat actors were able to obtain data comprising Dollar Tree and Family Dollar employees' personal information during this cyberattack. Although the inquiry was able to establish that these systems had been accessed, it was unable to verify which precise read more Dollar Tree hit by third-party data...
200+ Malicious Android Apps Targeting Iranian Banks
News

200+ Malicious Android Apps Targeting Iranian Banks

In order to stay under the radar, an Android malware campaign that targets Iranian banks has increased its functionality and added new evasion techniques. According to a recent Zimperium report, the threat actor was also seen executing phishing attacks against the targeted financial institutions. The report also found over 200 malicious apps connected to the malicious operation. The campaign was initially made public in late July 2023 after Sophos published information about a collection of 40 apps that harvest credentials from users of Bank Mellat, Bank Saderat, Resalat Bank, and the Central Bank of Iran. The main objective of the fraudulent applications is to deceive users into giving them excessive permissions read more 200+ Malicious Android Apps Targeting Iranian Banks. G...
Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.
News

Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S.

The Municipal Water Authority of Aliquippa in western Pennsylvania was the target of a cyberattack that involved the active exploitation of Unitronics programmable logic controllers (PLCs), according to the U.S. Cybersecurity and Infrastructure Security Agency (CISA). The attack has been linked to the hacktivist group Cyber Av3ngers, which is supported by Iran. PLCs connected to [Water and Wastewater Systems] facilities are being targeted by cyber threat actors, the agency said, citing a Unitronics PLC at a U.S. water facility as one example. There is no known risk to the municipality's drinking water or water supply as a result of the affected municipality's water authority swiftly taking the system offline read more Iranian Hackers Exploit PLCs in Attack on Water Authority in U.S....
Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access
News

Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access

A "severe design flaw" in Google Workspace's domain-wide delegation (DWD) feature has been identified by cybersecurity researchers. This flaw could be used by threat actors to facilitate privilege escalation and gain unauthorized access to Workspace APIs without the need for super admin privileges. In a technical report shared with The Hacker News, cybersecurity firm Hunters stated that "such exploitation could result in theft of emails from Gmail, data exfiltration from Google Drive, or other unauthorized actions within Google Workspace APIs on all of the identities in the target domain." The design flaw, which is still active today, has been given the codename DeleFriend because it allows users to modify delegations that are already in place in Google Workspace read more Design Fl...
Healthcare giant Henry Schein hit twice by BlackCat ransomware
News

Healthcare giant Henry Schein hit twice by BlackCat ransomware

The BlackCat/ALPHV ransomware group, which also gained access to Henry Schein's network in October, has launched a second cyberattack this month, according to the American healthcare company. With operations and affiliates in 32 countries, Henry Schein is a Fortune 500 provider of healthcare products and services, with over $12 billion in revenue reported in 2022. It first made public on October 15 that, following a cyberattack the day before, it had to take some systems offline in order to contain the threat. On November 22, more than a month later, the business announced that some of its apps and the e-commerce platform had once more been taken offline due to an additional attack read more Healthcare giant Henry Schein hit twice by BlackCat ransomware. Get up to date on the lat...
Cyberattack on IT provider CTS impacts dozens of UK law firms
News

Cyberattack on IT provider CTS impacts dozens of UK law firms

A cyberattack on CTS, a leading managed service provider (MSP) for law firms and other organizations in the UK legal sector, is to blame for a nationwide outage that has impacted numerous law firms and home buyers since Wednesday. "We are experiencing a service outage, which has impacted some of the services we provide to our clients." The outage was caused by a cyber-incident, according to a statement issued by the UK IT services provider on Friday. "We are working closely with a leading global cyber forensics firm to help us with an urgent investigation into the incident and to assist us in service restoration." The company is working to restore online services that were disrupted read more Cyberattack on IT provider CTS impacts dozens of UK law firms. Get up to date on the lat...
Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale
News

Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale

More information has emerged about Telekopye, a malicious Telegram bot used by threat actors to carry out large-scale phishing scams. "Telekopye can create phishing websites, emails, SMS messages, and more," said Radek Jizba, an ESET security researcher, in a new analysis. The threat actors, codenamed Neanderthals, are known to run the criminal enterprise as a legitimate company, spawning a hierarchical structure that includes various members who take on different roles. After being recruited through advertisements on underground forums, aspiring Neanderthals are invited to join designated Telegram channels for communicating read more Cybercriminals Using Telekopye Telegram Bot to Craft Phishing Scams on a Grand Scale. Get up to date on the latest cybersecurity news and enhanc...
Welltok data breach exposes data of 8.5 million US patients
News

Welltok data breach exposes data of 8.5 million US patients

The file transfer program that the company uses was compromised in a data theft attack, and as a result, Welltok, a provider of software for healthcare organizations, is alerting customers to the possibility that approximately 8.5 million patients' personal information was compromised. Welltok supports healthcare needs like medication adherence and pandemic response in addition to working with health service providers across the United States to maintain online wellness programs, hold databases containing personal patient data, and generate predictive analytics. The Clop ransomware group compromised thousands of organizations globally earlier this year by taking advantage of a zero-day vulnerability in the MOVEit software read more Welltok data breach exposes data of 8.5 million US ...
ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer
News

ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer

Targets are currently receiving the macOS information theft malware known as Atomic through a false web browser update chain that is being monitored as ClearFake. According to Jérôme Segura of Malwarebytes, in a Tuesday analysis, "this may very well be the first time we see one of the main social engineering campaigns, previously reserved for Windows, branch out not only in terms of geolocation but also operating system." First reported in April 2023, Atomic Stealer, also known as AMOS, is a commercial stealer malware family that is offered for $1,000 per month as part of a subscription service read more ClearFake Campaign Expands to Target Mac Systems with Atomic Stealer. Get up to date on the latest cybersecurity news and enhance your knowledge of cybersecurity with our thoroug...