Multiple malware-as-a-service info stealers now have the ability to manipulate authentication tokens to gain persistent access to a victim’s Google account, even after the user has reset their password.
The North Korean Kimsuky APT has recently been observed using a new variant called AlphaSeed, written in Golang, which uses chromedp for communication with the command-and-control server.
The scam involved the developer downloading npm packages from a GitHub repository, which potentially allowed the attackers to gain access to his machine and drain his wallet.
Anna Jaques Hospital’s health record system was shut down due to a cyberattack, causing delays in receiving services and diverting ambulance arrivals. The hospital is working with cybersecurity professionals to investigate the attack.
Regulators, particularly the California Privacy Protection Agency and the Federal Trade Commission, are starting to investigate and potentially take action against connected vehicle manufacturers for privacy violations.
The CERT-UA has issued a warning about a new phishing campaign orchestrated by Russian hackers known as APT28. The campaign targeted Ukraine between December 15 and 25, 2023, using phishing emails that tricked recipients into clicking on a link.
Google has reached a preliminary settlement in a class-action lawsuit accusing the company of deceiving users about their privacy while using the Incognito mode. The settlement comes after a nearly four-year legal battle.
The Downfall fan expansion for the game Slay the Spire was breached on Christmas Day, distributing the Epsilon information stealer malware through the Steam update system.
The extent of the cyber incident is still being determined, but external experts have been engaged to investigate, raising concerns about a potential data breach and exposure of sensitive financial information.
The company is working to restore its operations and has notified regulatory authorities. Despite the disruption, the company is still able to close loans and accept payments.