The industries most frequently targeted by Asian APT groups include government, industrial, healthcare, IT, agriculture, and energy sectors, emphasizing the importance of tailored security measures for these industries.
Cisco’s Talos Intelligence blog reveals a sophisticated spam exploit using Google Forms’ quiz results feature, collecting email addresses subtly via a quiz template. The spammer leverages Google’s infrastructure to send phishing emails, bypassing spam blockers until Google addresses this method, ultimately leading victims to a complex cryptocurrency scam. As these types of scams continue to […]
The attackers are targeting healthcare organizations in the U.S. using local ScreenConnect instances used by Transaction Data Systems (TDS), a pharmacy supply chain and management systems solution provider.
Attackers exploited the CVE-2023-22515 vulnerability to gain initial access and embed a web shell, allowing them to execute malicious actions without needing a valid user account.
The hospital has taken its information systems offline and is working with cybersecurity specialists and law enforcement to restore functionality, but it is unclear if a ransom has been demanded or if patient data has been compromised.
The attack caused intermittent connectivity issues for a few minutes but did not impact any services or products provided by Cloudflare. The group claims to have used the Skynet and Godzilla botnets for the recent attacks.
The spyware, disguised as an Android app, has been available on the website since January 2023 and has compromised at least 20 mobile devices, harvesting sensitive information and uploading it to a command-and-control server.
The ALPHV/BlackCat ransomware group claimed responsibility for the breach and accused McLaren of attempting to cover it up, stating that they still have access to the organization’s network.
The cause of the cyberattack is under investigation, and while some parts of the website are back up, certain features such as the travel map and online freight permits remain out of service.
DarkCasino exploited a WinRAR 0-day vulnerability (CVE-2023-38831) to launch phishing attacks against forum users, posing a significant threat due to the large installed base and difficulty in identifying and defending against these attacks.