News
-
MoonBounce UEFI implant used by spy group brings firmware security into spotlight
Researchers uncovered a stealthy UEFI rootkit that’s being used in highly targeted campaigns by a notorious Chinese cyberespionage group with suspected government ties. The group is known for using software supply-chain attacks in the past. Dubbed MoonBounce by researchers from Kaspersky Lab, the implant’s goal is to inject a malicious driver into the Windows kernel…
-
Attackers use public cloud providers to spread RATs
A campaign that uses public cloud service providers to spread malware has been discovered by Cisco Talos. The offensive is the latest example of threat actors abusing cloud services like Microsoft Azure and Amazon Web Services for malicious purposes, security researchers Chetan Raghuprasad and Vanja Svajcer wrote in the Talos blog. To camouflage their activity,…
-
Homelife of Connecticut Residents Secretly Recorded
Homelife of Connecticut Residents Secretly Recorded A man from Connecticut has been arrested on suspicion of using digital devices to record his neighbors. Waterford resident Keith Hancock allegedly recorded 10 victims from outside their homes, two of whom were juveniles. Six of the individuals were filmed while undressing. Hancock is also suspected of recording more victims while…
-
Pennsylvania Approves Ransomware Bill
Pennsylvania Approves Ransomware Bill Pennsylvania has approved new legislation barring state and local governments from using taxpayers’ money to pay ransoms to cyber-criminals. Senate Bill 726, amending Title 18 (Crimes and Offenses) of the Pennsylvania Consolidated Statutes, was approved by the Pennsylvania Senate on Wednesday. The legislation has now advanced to the House of Representatives for further consideration.…
-
Crime Shop Sells Hacked Logins to Other Crime Shops
Up for the “Most Meta Cybercrime Offering” award this year is Accountz Club, a new cybercrime store that sells access to purloined accounts at services built for cybercriminals, including shops peddling stolen payment cards and identities, spamming tools, email and phone bombing services, and those selling authentication cookies for a slew of popular websites. Criminals…
-
Memorial Health System Confirms Data Breach
Memorial Health System Confirms Data Breach A cyber-attack on an Ohio-based health system may have exposed the protected health information (PHI) of 216,478 patients. Memorial Health System was hit with ransomware in the early hours of August 15 2021. The incident forced the health system to suspend user access to all information technology applications related to its operations.…
-
China’s Olympics App Is Horribly Insecure
China is mandating that athletes download and use a health and travel app when they attend the Winter Olympics next month. Citizen Lab examined the app and found it riddled with security holes. Key Findings: MY2022, an app mandated for use by all attendees of the 2022 Olympic Games in Beijing, has a simple but…
-
(ISC)2 Appoints its First CISO
(ISC)2 Appoints its First CISO (ISC)2 has announced the appointment of Jon France, CISSP, as its first chief information security officer (CISO). The non-profit association of certified cybersecurity professionals said France will lead all of its cybersecurity operations. This includes providing regular risk assessments and strategic insights to (ISC)2’s senior management and the board of…
-
McAfee, FireEye merger yields Trellix, a unified XDR security company
Trellix, a new company formed from the merger of cybersecurity giants McAfee Enterprise and FireEye, is intent on becoming the leader in XDR (extended detection and response) technology by combining applications from both of the formerly separate companies into an interoperable suite of products for threat prevention, detection and response. The strategy and the new…
-
Two-Fifths of Ransomware Victims Still Paying Up
Two-Fifths of Ransomware Victims Still Paying Up Two-fifths (39%) of ransomware victims paid their extorters over the past three years, with the majority of these spending at least $100,000, according to new Anomali research. The security vendor hired The Harris Poll to complete its Cyber Resiliency Survey – interviewing 800 security decision-makers in the US, Canada, the UK,…