Security
MediExcel exposes 500K patient documents
MediExcel, a US-based healthcare provider, left an open instance exposing over half a million patient documents, including diagnoses and claim forms.
Read more about MediExcel exposes 500K patient documents
New spyware targets Macs pretending to be “Spotify Music Converter”
Arm and Intel-based Macs are being targeted by a new dangerous malware, dubbed Cuckoo. It comes as a trojan, disguising itself as legitimate software such as music converter apps. Then, it spreads its infostealer wings and lays spyware.
Read more about New spyware targets Macs pretending to be “Spotify Music Converter”
Tech support scams top list of elder fraud, new FBI report
Cyber scams targeting seniors are on the rise, costing those over the age of 60 more than $3.4 billion in total losses for 2023 – an increase of 11% over 2022, according to a new FBI intel report.
Read more about Tech support scams top list of elder fraud, new FBI report
One-fifth of Docker Hub repositories are malicious, researchers find
Nearly three million repositories on Docker Hub, a platform for web developers to collaborate on their code for web applications, contain malicious content, security researchers at JFrog have found.
Read more about One-fifth of Docker Hub repositories are malicious, researchers find
Android apps with 4B installs leave open doors to code execution attacks
If your Android device has Xiaomi’s File Manager or WPS Office, update them immediately. Several Android apps with more than four billion total installs have been found to be vulnerable, allowing attackers to run arbitrary code or steal credentials.
Read more about Android apps with 4B installs leave open doors to code execution attacks
Thousands of Airsoft players under threat after data breach
Malicious actors took advantage of 75,000 Airsoft players’ personal data after the community site forgot to put a password on its database backups.
Read more about Thousands of Airsoft players under threat after data breach
Britain bans simple passwords for smart devices
Internet-connected smart devices will soon be required to meet minimum security standards by law in the UK.
Read more about Britain bans simple passwords for smart devices
Software supply chain risks for AI and ML models
As organizations become more dependent on third-party libraries, frameworks, and services to develop and deploy their AI applications, software supply chain risks are increasing exponentially. These risks can emerge in various forms, potentially leading to data breaches and other security vulnerabilities in affected systems.
Read more about Software supply chain risks for AI and ML models
Breaking 2FA authentication: demystifying your security
So, you thought using 2-factor authentication (2FA) and multifactor authentication (MFA) was your one-stop solution to keep hackers out of your accounts. Let’s adopt a rule of thumb – if there’s a will, there’s a way.
Read more about Breaking 2FA authentication: demystifying your security
Romance scammers offer fake protection from sex offenders, FBI warns
Fraudsters have found a new way to trick their victims into paying for non-existent services. The Federal Bureau of Investigation (FBI) has warned of a new “verification scheme” targeting online dating platform users.
Read more about Romance scammers offer fake protection from sex offenders, FBI warns
New banking malware gives hackers complete control of Android phones
A new Android mobile malware family, dubbed Brokewell, has appeared on cybersecurity researchers’ radars. It includes a powerful feature set, allowing attackers to take over user devices and steal data.
Read more about New banking malware gives hackers complete control of Android phones
Healthcare app exposes sensitive patient data
Health Genie, a healthcare IT solutions provider, left an open instance, exposing patients’ personal details as well as sensitive clinical data.
Read more about Healthcare app exposes sensitive patient data
Label working with Snoop Dogg and Iggy Azalea faces cyberthreat
Independent record label Empire Distribution, a big name in the hip-hop music scene, has been left vulnerable to cyberattacks.
Read more about Label working with Snoop Dogg and Iggy Azalea faces cyberthreat
Scammers bypassing Google ad checks to impersonate real brands
Google seems to have a problem with brand impersonation. For example, some ads on top of the search results bar appear to be the real Facebook but lead to scams, users have found. Malicious actors have found a way to trick Google’s bots.
Read more about Scammers bypassing Google ad checks to impersonate real brands
MFA under siege: keep your protections up-to-date
Compromised multi-factor authentication (MFA) was behind some of last year’s biggest cyberattacks, including breaches at casino giants MGM and Caesars. Yet some companies are just adding it as an extra layer of security.
Read more about MFA under siege: keep your protections up-to-date
Microsoft: Russian APT 28 exploits Windows bug with GooseEgg tool
Microsoft has released a fix to a known vulnerability that the Russian threat group APT 28 – also known as Forrest Blizzard and Fancy Bear – has been exploiting for years with the use of a newly identified, customized malware tool dubbed GooseEgg.
Read more about Microsoft: Russian APT 28 exploits Windows bug with GooseEgg tool
Four Iranian nationals charged in cyber campaign against US firms
The US Department of Justice (DoJ) Tuesday charged four Iranian nationals for their involvement in a multi-year cyber campaign that, allegedly, targeted US companies with access to military defense information. Now, they're offering a $10 million reward to anyone who can help find them.
Read more about Four Iranian nationals charged in cyber campaign against US firms
HelloKitty ransomware rebranded and back in business, looking for employees
Threat actors previously known as HelloKitty ransomware have announced that they’re rebranding into “HelloGookie.” Instead of balloons, they released some decryption keys from older attacks and leaked more of the stolen code from CD Project Red and Cisco network information. Now, they are looking for an employee who will make voice calls to victims directly.
Read more about HelloKitty ransomware rebranded and back in business, looking for employees
Phishers use Nespresso links, exploiting redirect vulnerability
Security researchers at Perception Point discovered that phishers are exploiting an open redirect vulnerability, which affects the Nespresso website, a popular coffee machine and coffee capsule manufacturer.
Read more about Phishers use Nespresso links, exploiting redirect vulnerability
Wave of ransomware on the cheap: junk guns still okay for small targets
Researchers observe a flood of crude and amateurish ransomware. But it’s cheap, difficult to trace, and comes in many flavors. This spells trouble for small business owners and other individuals.
Read more about Wave of ransomware on the cheap: junk guns still okay for small targets
