eSentire’s Threat Response Unit (TRU) detected fake updates delivering BitRAT and Lumma Stealer, exploiting browser update mechanisms1. The attack begins with a compromised webpage, leading to a fake update page and a ZIP archive download, containing malicious PowerShell scripts and JavaScript files. BitRAT offers extensive remote access capabilities, while Lumma Stealer …
Attackers are distributing malware, including RATs and CoinMiners, disguised as cracked MS Office versions via file-sharing services and torrents. Malware installs persist through Task Scheduler entries, executing PowerShell commands to reinstall strains after removal attempts. Without proper remediation, such as AhnLab’s V3, systems face continuous malware installations, compromising user information …
Top Data Breaches: Healthcare Data Exposed: A cyberattack on pharmaceutical services provider Cencora compromised patient data (names, diagnoses, medications) from 11 drug companies. Government Breach Investigation: Albany County, New York is investigating a potential cybersecurity breach, urging vigilance. Fuel Distributor Hacked: Black Basta claims to have hacked Atlas, a major …
What C-Level Executives Need to Know Threat actors have been exploiting a zero-day vulnerability (CVE-2024-24919) in Check Point Remote Access VPNs since at least April 30. This high-severity vulnerability allows hackers to obtain sensitive information from internet-connected network security gateways with remote access VPN or mobile access enabled. Specifically, …
Cybercriminals have devised a cunning strategy to spread malware by posing as helpful Stack Overflow users. They answer coding-related questions on the platform, directing unsuspecting developers to install a malicious PyPi package called ‘pytoileur.’ This package, disguised as an API management tool, actually installs Windows information-stealing malware. The threat actors …
The Seattle Public Library system was hit by a ransomware attack over the Memorial Day weekend, disrupting access to technology services across its 27 individual branches. As of the latest update, the library remains offline while investigations and recovery efforts are underway. Unfortunately, there is no estimated timeline for full …
In December, First American Financial Corporation, the second-largest title insurance company in the United States, fell victim to a cyberattack. Approximately 44,000 individuals had their personal information breached. While the company is in the process of notifying affected customers, specific details about the compromised information have not been disclosed. The …
The “#StopRansomware: Black Basta” document, published by CISA on May 10, 2024, is a concise overview of key cybersecurity practices recommended for protecting mid-sized companies with technology departments against ransomware attacks, specifically targeting the Black Basta ransomware variant. Insights are drawn from a collaborative cybersecurity advisory involving the FBI, CISA, HHS, …
The Philadelphia Inquirer, a prominent daily newspaper in Philadelphia, experienced a significant data breach in May 2023. As the largest newspaper by circulation in the city and one of the longest-operating dailies in the United States, the Inquirer holds a substantial readership and reputation. The breach was detected after the Inquirer’s …
The Oregon Department of Transportation (ODOT) experienced a significant data breach in June 2023. The breach was connected to the MOVEit attacks, impacting the Oregon Driver and Motor Vehicles division. Approximately 3.5 million Oregon residents were affected. The breach occurred through the MOVEit file transfer tool, which ODOT uses for sending and receiving data. Data records …
