0 Comments
The U.S. Treasury Department on Friday announced sanctions against Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence, Esmaeil Khatib, for engaging in cyber-enabled activities against the nation and its allies. “Since at least 2007, the MOIS and its cyber actor proxies have conducted malicious cyber operations targeting a range of government
0 Comments
More than 10% of enterprise IT assets are missing endpoint protection and roughly 5% are not covered by enterprise patch management solutions.  The figures come from new research by Sevco Security, which the company has compiled in the State of the Cybersecurity Attack Surface report. “Attackers are very adept at exploiting enterprise vulnerabilities. Security and IT
0 Comments
It’s too bad cybercriminals don’t funnel their creativity into productive pursuits because they’re constantly coming up with nefarious new ways to eke out money and information from unsuspecting people. One of their newest schemes is called synthetic identity theft, a type of identity theft that can happen to anyone. Luckily, there are ways to lower
0 Comments
Multiple security vulnerabilities have been disclosed in Baxter’s internet-connected infusion pumps used by healthcare professionals in clinical environments to dispense medication to patients. “Successful exploitation of these vulnerabilities could result in access to sensitive data and alteration of system configuration,” the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in a coordinated advisory. Infusion pumps
0 Comments
On April 20, 2022, Rapid7 discovered vulnerabilities in two TCP/IP–enabled medical devices produced by Baxter Healthcare. The flaws, four in total, affected the company’s SIGMA Spectrum Infusion Pump and SIGMA WiFi Battery. Almost five months after Rapid7 first reported the issues to Baxter, the companies are now revealing they have worked together to discuss the
0 Comments
Former members of the Conti cybercrime cartel have been implicated in five different campaigns targeting Ukraine from April to August 2022. The findings, which come from Google’s Threat Analysis Group (TAG), builds upon a prior report published in July 2022, detailing the continued cyber activity aimed at the Eastern European nation amid the ongoing Russo-Ukrainian
0 Comments
A persistent cyber–attack campaign has emerged targeting major financial institutions in French–speaking African countries and has been active over the last two years. The campaign was discovered by Check Point Research (CPR) and dubbed ‘DangerousSavanna.’ It relied on spear phishing techniques to initiate infection chains. The threat actors reportedly sent malicious attachment emails in French
0 Comments
Cybersecurity researchers have offered insight into a previously undocumented software control panel used by a financially motivated threat group known as TA505. “The group frequently changes its malware attack strategies in response to global cybercrime trends,” Swiss cybersecurity firm PRODAFT said in a report shared with The Hacker News. “It opportunistically adopts new technologies in
0 Comments
Focused mostly on Asia, this new cyberespionage group uses undocumented tools, including steganographically extracting PowerShell payloads from PNG files ESET researchers recently found targeted attacks that used undocumented tools against various high-profile companies and local governments mostly in Asia. These attacks were conducted by a previously unknown espionage group that we have named Worok and
0 Comments
Over half (52%) of global organizations know a partner that has been compromised by ransomware, yet few are doing anything to improve the security of their supply chain, according to Trend Micro. The security vendor polled nearly 3000 IT decision makers across 26 countries to produce its latest report, Everything is connected: Uncovering the ransomware
0 Comments
Researchers discovered a private Telegram channel-based backdoor in the information stealing malware, dubbed Prynt Stealer, which its developer added with the intention of secretly stealing a copy of victims’ exfiltrated data when used by other cybercriminals. “While this untrustworthy behavior is nothing new in the world of cybercrime, the victims’ data end up in the