This week: Google began phasing out passwords, Microsoft to bid VBScript goodbye, payment card information exposed in Air Europa hack, Magecart attack uses sneaky 404 page tactic, U.S. voter registration data stolen from the District of Columbia, and Volex reports a hack attack.
Cloud compromises and supply chain attacks are overshadowing ransomware as the top cyberthreats worrying healthcare sector organizations - but all such incidents are still viewed as significant risks to patient outcomes and safety, said Ryan Witt of Proofpoint, citing new research findings.
North Korea's state-sponsored hackers continue to refine their "cyber intrusions to conduct both espionage and financial crime to project power and to finance both their cyber and kinetic capabilities," says a new report from Google's Mandiant group.
Tens of thousands of knockoff Android products manufactured in China including TV streaming boxes reached consumers infected with malware, say cybersecurity researchers. Human Security says it uncovered a related operation that earned millions per month in an online advertising fraud scheme.
Hotel and casino giant MGM Resorts says the recent hack attack against it cost $110 million in lost revenue and mitigation expenses. The publicly traded company expects to recoup losses and costs to date via cyber insurance. MGM Resorts says that its investigation remains ongoing.
Cybersecurity firm Group-IB said threat actors are using an advanced banking Trojan, dubbed GoldDigger, to steal credentials from 51 Vietnamese financial apps, e-wallets and cryptocurrency applications. Researchers said it can potentially transfer funds from apps and avoid detection and analysis.
Clorox said Wednesday an August cyberattack had caused a drop in the bleach manufacturing giant's sales and profits in the quarter ended Sept. 30. The company said organic sales will drop between 21% and 26% due to widespread disruption, order processing delays and product outages after the hack.
Hackers have weaponized a zero-day in a popular workspace collaboration tool to create administrator accounts and gain unrestricted access to their on-premises instances of the software, Atlassian's Confluence Data Center and Server products, which serves millions of daily active users.
This week, Bitsight found a lot of internet-exposed industrial control systems, Apple issued new patches, Sony confirmed a data breach, Google and Yahoo tackled spam, Qualcomm patched three zero-days, Cisco revealed zero-day exploits in VPN, and the FBI warned of twin attacks.
What do "bank transfer request.lnk" and "URGENT-Invoice-27-August.docx.lnk" have in common? Both are the names of malicious files being sent as part of a phishing campaign attributed to the Qakbot botnet group that has continued despite law enforcement disrupting Qakbot's operations in late August.
Revenue cycle management firm Arietis Health is notifying the patients of 55 healthcare practices across several states that their sensitive information has been potentially compromised in a hack of Progress Software's MOVEit file transfer application. What can entities learn from these breaches?
In the past year alone, investigators have received a staggering 30 million reports of online child sexual exploitation globally. It's time to harness emerging technologies such as AI and create new legal frameworks to fight against these criminal acts, said Guillermo Galarza of the ICMEC.
UNC3944 and BlackCat have taken over the headlines with a new wave of high-profile ransomware attacks on casinos and other industries, continuing an upward trend of damaging attacks impacting global organizations.
Large enterprises, including government and educational organizations, are being warned to immediately update their WS_FTP Server, built by Progress Software, to fix serious flaws being actively exploited by attackers. Secure file transfer software remains a top target, especially for extortionists.
Researchers discovered an undocumented backdoor being used by the North Korean Lazarus Group to target a Spanish aerospace company. The attacker masqueraded as a Meta recruiter and tricked the victim into downloading and executing malicious files on a company device.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.in, you agree to our use of cookies.