Cybercrime , Fraud Management & Cybercrime , Incident & Breach Response Cook County Health Says It Is Among the Vendor’s ‘Many’ Clients Affected by Hack Marianne Kolbasuk McGee (HealthInfoSec) • November 8, 2023 Image: Getty A major healthcare provider in Chicago that targets underserved populations is notifying as many as 1.2 million patients […]
A new malvertising campaign has been observed wherein threat actors are copying a legitimate Windows news portal to distribute malware. This type of website is often visited by software enthusiasts and system administrators to stay updated about computer reviews and download software utilities. What’s happening? Threat actors are leveraging the Windows news portal to promote […]
The full skinny on the Mancunian boy wonder’s latest Juno Daily favourite Loz Goddard is back with a new EP, ‘Are We Ever Leaving Here?’ via Turkey’s Oath label. As well as three cracking new original tunes from Goddard, he’s enlisted OCB – fresh from an acclaimed appearance on Juan Atkins’ Metroplex label – and […]
A new set of malicious Python packages has been discovered on the Python Package Index (PyPI) repository. These packages masquerade as harmless obfuscation tools but contain a malware called BlazeStealer, reported Checkmarx. Diving into details The campaign started in January 2023 and includes eight packages – Pyobftoexe, Pyobfusfile, Pyobfexecute, Pyobfpremium, Pyobflite, Pyobfadvance, Pyobfuse, and pyobfgood. […]
Mandiant Says Sandworm Used Novel Techniques in Ukrainian Cyberattack Chris Riotta (@chrisriotta) • November 9, 2023 Fires on a combined heat and power plant in Kyiv after Russian missile strikes on Oct. 10, 2022 (Image: Main Directorate of the State Emergency Service of Ukraine in Kyiv) Russian military hackers in October 2022 successfully […]
Nov 09, 2023NewsroomEndpoint Security / Malware A new malvertising campaign has been found to employ fake sites that masquerade as legitimate Windows news portal to propagate a malicious installer for a popular system profiling tool called CPU-Z. “This incident is a part of a larger malvertising campaign that targets other utilities like Notepad++, Citrix, and […]
Organizations using SysAid IT service management software have been warned about a zero-day vulnerability that has been exploited by affiliates of a notorious ransomware operation. Exploitation of the zero-day, tracked as CVE-2023-47246, was apparently first observed by Microsoft’s threat intelligence team, which rushed to notify SysAid about the vulnerability and the attacks. The vendor has […]
Nov 09, 2023NewsroomCyber Attack / Vulnerability The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a high-severity flaw in the Service Location Protocol (SLP) to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-29552 (CVSS score: 7.5), the issue relates to a denial-of-service (DoS) vulnerability that could be […]
Nov 09, 2023NewsroomCyber Attack / Malware Iranian nation-state actors have been observed using a previously undocumented command-and-control (C2) framework called MuddyC2Go as part of attacks targeting Israel. “The framework’s web component is written in the Go programming language,” Deep Instinct security researcher Simon Kenin said in a technical report published Wednesday. The tool has been […]