Healthcare , Incident & Breach Response , Industry Specific Researcher Reported Configuration Issue to Cloud Vendor After Lab Failed to Respond Marianne Kolbasuk McGee (HealthInfoSec) • January 23, 2024 Image: Getty An unsecured database appearing to belong to a Netherlands-based medical laboratory exposed 1.3 million records on the internet, including COVID test results […]
ReversingLabs identified close to 11,200 unique malicious packages across three major open-source software platforms in 2023: npm, PyPI, and RubyGems. These findings mark an astounding 1,300% increase in malicious packages from 2020 and an increase of 28% over 2022 when a little more than 8,700 malicious packages were detected. “Over the years, we’ve closely monitored […]
Jan 25, 2024NewsroomRemote Access Trojan Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. “SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP,” Kroll said in an analysis […]
Jan 25, 2024NewsroomVulnerability / Software Security The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved nine security flaws, including a critical bug that, if successfully exploited, could result in remote code execution (RCE). The issue, assigned the CVE identifier CVE-2024-23897, has been described as an arbitrary file read […]
A federal judge has denied a motion from spyware maker NSO Group to dismiss an Apple lawsuit alleging the company’s powerful Pegasus tool has violated computer fraud laws and unfairly profited off of Apple and its customers, according to a court ruling filed Tuesday. NSO Group, a highly controversial purveyor of spyware which has been […]
Jan 25, 2024NewsroomCyber Attack / Data Breach Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise’s (HPE) cloud email environment to exfiltrate mailbox data. “The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our […]
Email security risks remain high with 94% of organizations experiencing incidents in the past 12 months, according to Egress. Inbound email incidents primarily took the form of malicious URLs, attacks sent from a compromised account, and malware or ransomware attachments. Looking towards outbound email incidents, 91% of organizations experienced data loss and exfiltration due to […]
The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform’s surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team. Discover the full scope of digital threats in the Axur […]
Pro-Ukraine hackers have reportedly breached a Russian scientific research center, Ukraine’s defense intelligence directorate (GUR) said. According to GUR’s report on Wednesday, the hacker group called “BO Team” attacked the State Research Center on Space Hydrometeorology, also known as “Planeta,” and destroyed its database and valuable equipment. Planeta is a Russian state enterprise that receives […]