Cyber Security News

  Cybercriminals who targeted hospitals in New Zealand’s Waikato district have published the stolen patient data to the local media outlets, with the outlets declining to publish the details as health systems struggled to come back online more than a week after the ransomware attack. According to the local media, the leaked data includes official-looking records and documents containing names, phone numbers, and addresses of patients and staff.  The release of the information comes a week after the health system’s information services were entirely shut down by hackers, impacting clinical service, disrupting the treatment of patients and the payroll process of staff members. As a result, hospitals shifted to manual processes to support a backlog of patients while the public was asked to look for alternative avenues for treatment for non-critical conditions. The breach comes after Ireland’s hospitals suffered a ransomware attack which was quite similar to the Waikato rans...

  Since the Covid pandemic intensified digitalization and remote working, the banking sector is becoming more vulnerable to cybercrime, according to S&P Global Ratings.  In a report titled "Cyber Risk In A New Era: The Effect On Bank Ratings," the ratings agency stated that cyberattacks can affect credit ratings primarily through reputational damage and potential financial loss. Banks and other financial organizations are potential targets for cyber attackers because they hold valuable personal data and serve specific financial or economic requirements and sectors.  Credit Analyst Irina Velieva stated, "Cyber attacks have had only a limited effect on bank ratings to date but can trigger more rating actions in the future as cyber incidents become more frequent and complex.” Meanwhile, S&P stated, "Although it is crucial to learn from previous attacks and strengthen cyber-risk frameworks in real time, the appropriate detection and remediation of attack...

  In the wild, CERT Coordination Center (CERT/CC) in Carnegie Mellon University alerts about a Checkbox Survey vulnerability that might enable a remote attacker to unleash arbitrary code without actual identification.  A checkbox is a GUI widget that allows the user to choose between one of the two mutually exclusive alternatives. The Checkbox Survey allows organizations generate professional surveys with quick access from any desktop or mobile device, as a customizable online surveillance tool designed in ASP.NET. For example, a basic yes/no inquiry may ask the user to answer in 'yes' or 'no.' Checkboxes will be displayed with the required choices.  This vulnerability in the Checkbox Survey, which was identified as CVE-2021-27852, is linked to the insecure deserialization of view state data, a technique applied by the ASP.NET web page framework.  Microsoft stated that “When the HTML markup for the page is rendered, the current state of the page and values t...

A new vulnerability has recently surfaced online that has revived the threat of the Rowhammer… Half-Double Rowhammer Vulnerability Even Targets The Latest Chips on Latest Hacking News . from Latest Hacking News https://ift.tt/3wMjqwc

Another major service has recently fallen prey to a third-party cybersecurity incident. The latest report… Canada Post Disclosed Data Breach Due To Third-Party Ransomware Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/3uGoOzf

  Proofpoint identified the phishing attempt in early May, which entailed hackers creating a phoney movie-streaming website named BravoMovies and stocking it with phoney movie posters and other materials to make it appear real to unwary visitors. It has nothing to offer for download other than BazaLoader malware, despite its pretty pictures and fun-sounding titles. BazaLoader is a malware loader that is used to spread ransomware and other types of malware, as well as steal sensitive data from infected computers.  "BazaLoader is a downloader written in C++ that is used to download and execute additional modules. Proofpoint first observed BazaLoader in April 2020. It is currently used by multiple threat actors and frequently serves as a loader for disruptive malware including Ryuk and Conti ransomware. Proofpoint assesses with high confidence there is a strong overlap between the distribution and post-exploitation activity of BazaLoader and threat actors behind The Trick mal...

The scientific and industrial company "High Technologies and Strategic Systems" (HT and SS SIJSC) will develop a computer program for the Ministry of Internal Affairs that recognizes face substitution in videos, the so-called deepfake videos. It is not the first time that the company has worked with Russian law enforcement agencies. According to the company's website, their specialists participated in the development of products for the Ministry of Emergency Situations and the Ministry of Defense of the Russian Federation. The amount that the company will receive is set at 3 million 550 thousand rubles ($48,000). The deadline for the completion of research work is scheduled for November 30, 2022. The program for recognizing deepfakes was named "Mirror". The Ministry of Internal Affairs explained that with the help of deepfakes, scammers can easily substitute any person by inserting his image on a video in which an immoral act or crime is committed. In additi...

  According to security firm FireEye, a massive Chinese espionage operation against US and European government entities includes four new hacking tools and reaches more commercial sectors than previously reported.  Two China-linked gangs — as well as additional hackers that investigators did not name — have used virtual private network software in breaches affecting the transportation and telecommunications industries. The breaches had previously only been identified as affecting the defense, banking, and government sectors, according to the firm.  The intruders are using Pulse Connect Secure, a popular VPN product, to break into networks and steal critical data. According to Mandiant, FireEye's incident response arm, many of the hacked firms "operate in verticals and industries aligned with Beijing's strategic objectives" specified in the Chinese government's latest "Five Year Plan" for economic growth.  According to Sarah Jones, senior principa...

  Several hacker groups that are supposed to support Chinese long-term economic goals continue in the defense, high-tech, public, transportation, and financial services industry networks in the US and Europe.  Many breaches have taken place wherein attacks by Chinese threat actors penetrated Pulse Secure VPN devices to break into an organization's network and steal confidential material.  Whereas in several other incidents the attackers took full advantage of the Pulse Connect Secure (PCS) (CVE-2021-22893) authentication bypass vulnerability to enter into the victim's network. The intruders also gained control of the combination of previously known vulnerabilities. Meanwhile, last month, a failure in the bypass authentication was detected and rectified.  Mandiant issued a warning this week – on China's advanced persistent threat (APT) activity for U.S. and European organizations. In the alert, Mandiant had focused on a battery of malware tools used to address...

  Big Sur 11.4 was updated this week to fix a zero-day vulnerability that allowed users to capture screenshots, capture video, and access files on another Mac without being noticed. The flaw lets users go around Apple's Transparency Consent and Control (TCC) architecture, which manages app permissions.  According to Jamf's blog, the issue was identified when the XCSSET spyware "used this bypass especially for the purpose of taking screenshots of the user's desktop without requiring additional permissions." By effectively hijacking permissions granted to other programmes, the malware was able to get around the TCC.  Researchers identified this activity while analyzing XCSSET "after detecting a considerable spike of identified variations observed in the wild". In its inclusion in the CVE database, Apple has yet to offer specific details regarding the issue. “The exploit in question could allow an attacker to gain Full Disk Access, Screen Recording, o...

Kaspersky Lab noted that the new attacks differ from cyberattacks using encryption viruses in that the scammers do not use specially created malware, but the standard BitLocker Drive Encryption technology included in the Windows operating system. Several Russian companies have been hit by ransomware attacks that have blocked access to corporate data and demanded a ransom. The company explained that scammers get into the corporate network with the help of phishing emails that are sent on behalf of different companies in order to obtain user data or vulnerabilities in the system. After that, they find the BitLocker function in the control panel, perform encryption, and assign themselves the keys, usernames, and passwords that this program generates. As the company said, as soon as the scammers get access to the server, which contains information about all corporate devices, they can completely encrypt the IT infrastructure of the organization. Sergey Golovanov, the chief expert at Ka...

  The Bruhat Bengaluru Mahanagara Palike (BBMP) has shut down its COVID-19 test data collection portal after a possible data breach, which allows hackers to access the health information of citizens. The incident was flagged by the Free Software Movement of India after they showed how the data could be easily accessed just with the phone numbers. BBMP was collecting the health records of the citizens for its Public Health Activities, Surveillance, and Tracking (PHAST) portal which included name, age, gender, patient ID, ICMR test ID, lab name, test result (positive/negative), the sample collected and received date, sample type, hospital name (if the patient is hospitalized) and status of symptoms.  The Free Software Movement of India has requested the local authorities to not only conduct a security audit but to also take action against the software company for its complacency in designing software without any security.  Kiran Chandra, general secretary of the Fre...

  SonicWall urges customers to “immediately” patch a post-authentication vulnerability that impacts on-premises versions of the Network Security Manager (NSM) multi-tenant firewall management solution. The CVE-2021-20026 vulnerability affects NSM 2.2.0-R10-H1 and previous versions, and it was patched by SonicWall in NSM 2.2.1-R6 and 2.2.1-R6 (Enhanced) versions. It has an 8.8/10 severity rating from SonicWall, and authenticated intruders can use it for OS command injection in low-complexity attacks that don't require user interaction.  The SonicWall stated, "This critical vulnerability potentially allows a user to execute commands on a device's operating system with the highest system privileges (root). This vulnerability only impacts on-premises NSM deployments, SaaS versions of NSM are not affected."  SonicWall is urging consumers to patch their devices instantaneously, despite the fact that the business did not mention an immediate threat of attackers explo...

A serious cyber attack has recently been brought to the attention of numerous Japanese government… Hackers Exploited Fujitsu SaaS Targeting Japanese Govt Agencies In New Supply-Chain Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/3vx2TvK

VMware has recently fixed a serious security flaw that may even lead to ransomware attacks.… VMware Urges Patching Critical RCE Vulnerability In vCenter Server on Latest Hacking News . from Latest Hacking News https://ift.tt/3us6jyJ

  A popular phishing campaign tries to somehow get users to believe that they've enrolled in the film streaming platform to force customers to call on a phone number for cancellation – a technique that contains BazarLoader malware that harms the computer.  BazarLoader is a C++ downloader for installing and performing other modules. In April 2020, BazarLoader was first observed by Proofpoint.  BazarLoader develops a backdoor on Windows machines that could be exploited to provide initial access to other malware attacks - even ransomware. Ryuk Ransomware is generally delivered through BazarLoader, which can have severely harmful consequences to a successful compromise amongst cybercriminals. The operation of BazarLoader demands important human contact in the implementation and installation of the BazarLoader backdoor.  The operator of the threat used customer service agents to lead victims to download and install the malware unwittingly. This campaign represents...

  After issuing a cybersecurity advisory warning that APT hacker groups are purposefully targeting vulnerabilities in Fortinet FortiOS, the FBI now warned that after hacking a Fortinet appliance, state-sponsored attackers compromised the webpage of a US local government.  Fortinet is a multinational security company based in Sunnyvale, California. It creates and sells cybersecurity solutions, which include hardware like firewalls as well as software and services like anti-virus protection, intrusion prevention systems, and endpoint security components. "As of at least May 2021, an APT actor group almost certainly exploited a Fortigate appliance to access a web-server hosting the domain for a U.S. municipal government," the FBI's Cyber Division said in a TLP:WHITE flash alert published on 27th May.  The advanced persistent threat (APT) actors moved laterally around the network after gaining access to the local government organization's server, creating new doma...

When it comes to machine learning, we believe outsourcing is your best bet. This business… How to hire right machine learning company on Latest Hacking News . from Latest Hacking News https://ift.tt/3up7BKM

  Cybercriminals have breached the offices of multiple Japanese agencies by hacking into Fujitsu’s software-as-a-service (SaaS) platform and gaining access to its systems.  A number o confidential files belonging to multiple Japanese government entities were also stolen after attackers gained unauthorized access to projects that used ProjectWEB, Fujitsu stated. Various agencies including the Ministry of Land, Infrastructure, Transport, and Tourism; the Ministry of Foreign Affairs; the Cabinet Secretariat; and the Narita Airport acknowledged that hackers were able to gain inside information via Fujitsu's information-sharing tool.  ProjectWEB is a software-as-a-service (SaaS) platform for enterprise collaboration and file platform that Fujitsu has operated since the mid-2000s, and which a number of agencies within the Japanese government currently use. Fujitsu's ProjectWEB enables companies and organizations to exchange information internally, with project managers ...

  Siemens published a consumer notice on Tuesday 25th of May concerning several serious vulnerabilities impacting its Solid Edge product. The faults are generated using the software of the fourth party, which many other organizations often use.  “The Solid Edge installation package includes a specific version of the third-party product KeyShot from Luxion, which may not contain the latest security fixes provided by Luxion. Siemens recommends updating KeyShot according to the information in the Luxion Security Advisory LSA-394129,” read the advisory released by Siemens.  Security researcher Andrea Micalizzi, who has detected numerous flaws in industrial systems in recent years, also discovered the problems in Siemens Solid Edge last year. The vulnerability problems have been reported by the Zero Day Initiative (ZDI) of Trend Micro and the US Cybersecurity and Infrastructure Security Agency (CISA).  Solid Edge is a software for solid modeling in 3D CAD, paramet...

Since Bitcoin emerged in 2009, it has gained a lot in value, while its popularity… What are the best wallets to secure your crypto?  on Latest Hacking News . from Latest Hacking News https://ift.tt/3paneox

Today, PDF has become the most convenient document format for all users. From e-books to… Kdan PDF Reader Review: A Convenient Alternative To The Leading PDF Editors on Latest Hacking News . from Latest Hacking News https://ift.tt/3hZoEjX

  Dubai appears to have developed its own cryptocurrency, known as the DubaiCoin (DBIX). It is established on a public blockchain, which means that anyone can mine DBIX to generate their own.   On May 27, around 4 p.m. IST, it was trading at roughly $1.13, up from the original price of $0.17. According to Crypto.com, the price of the cryptocurrency has increased by over 1000 percent in the last 24 hours. The city of Dubai, on the other hand, issued a statement late last night denying this According to the official Dubai Media Office, “Dubai Coin cryptocurrency was never approved by any official authority. The website promoting the coin is an elaborate phishing campaign that is designed to steal personal information from its visitors.” Arabianchain Technology, based in the United Arab Emirates (UAE), claimed to be the first public blockchain in the Arabic world when it introduced cryptocurrency. In a press release, the company stated, “DubaiCoin will soon be able t...

The increasing activities of malicious bots in recent years have been very concerning, since they… 6 Tips To Choose The Best Bot Protection Solution on Latest Hacking News . from Latest Hacking News https://ift.tt/2SCRSKF

  The state-owned postal service, Canada Post has reported that a cyber-attack on a third-party provider resulted in a data breach affecting 950,000 parcel recipients. Canada Post Corporation, also known as Canada Post, is a Crown corporation that serves as the country's major postal operator.  Canada Post claimed in a press release on May 26 that it had notified 44 "major business customers" that they may have been compromised by "a malware assault" targeting Commport Communications, a supplier of electronic data interchange (EDI) services.  On May 19, the supplier informed Canada Post that “manifest data housed in their systems, which was related with some Canada Post customers, had been compromised.”  It stated that the data was compromised between July 2016 and March 2019, with 97% of it containing the names and addresses of receiving consumers. According to the firm, the remaining 3% contained email addresses and/or phone numbers. The Crown corporat...

The press service of the Moscow Department of Information Technologies informs that the specialists of the Scientific-Research Institute of Metallurgical Heat Engineering (VNIIMT) completed research work on the security of mobile communications of all standards, including 5G. Scientists have determined that the levels of the electromagnetic field created by mobile communication base stations of all standards, including the fifth generation, are safe for human health.  For a year and a half, specialists conducted street measurements of electromagnetic field levels day and night in six residential districts of the capital, where 2G-4G communication standards are presented, as well as 5G in pilot zones. Laboratory measurements were carried out in full compliance with Russian and international standards and methods. Scientists have determined the safe level of the electromagnetic field in the prospective use of 5G standard base stations, including in millimeter frequencies such as ...

  Social media companies such as Facebook, Twitter, YouTube, Instagram, and WhatsApp will lose their status as ‘intermediaries” that granted them legal protection for the user content posted on their platforms. Till 26th May 2021, they were enjoying the legal immunity offered by Section 79 of the Information Technology Act, 2001. They were only obligated for taking down any illegal content that they noticed on their own, or when it was highlighted to them by the state, or the courts, or any responsible/aggrieved party. Now it’s a civil and criminal liability on them for any illegal post, be it in words, or a picture or a video. Nobody in the information transmission business enjoys such immunities from legal claims of defamation, etc. For example, while newspapers and broadcasters have always operated under the threat of legal liability for defamation and other speech related offences, intermediaries have escaped liability despite behaving as publishers because of the immunit...

Another data breach has surfaced online targeting Indian citizens shortly after the Air India breach.… Dominos India Admits Data Breach After Hackers Upload Stolen Data For Sale on Latest Hacking News . from Latest Hacking News https://ift.tt/3oRVcxO

  A security researcher identified the first-ever vulnerability in Apple M1 chips that requires a silicon redesign to fix. The good news is that the flaw is considered low-risk, and even the security researcher who identified it believes the flaw is insignificant and has sought to avoid exaggerating the problem while presenting his findings.  The vulnerability was codenamed M1RACLES and is presently tracked as CVE-2021-30747. It was discovered by Hector Martin, a software engineer at Asahi Linux, a project that works on porting Linux for Mac devices.  In a simplified explanation, Martin explained that the vulnerability allowed two apps running on the same device to exchange data via a hidden channel at the CPU level, circumventing memory, sockets, files, and other standard operating system features. While the discovery is notable because of the amount of time, work, knowledge, and proficiency required to find bugs in a CPU's physical design, Martin states that the p...

  Tens of thousands of Google Chrome extensions accessible from the official Chrome Online Store manipulate security headers on major websites, posing the danger of web attacks for visitors.  Although the security headers are little known, they are a vital aspect of the present internet ecosystem. A key component of website security is the HTTP security header. When implemented, it protects users against the kinds of attacks most probably happening on the website. These headers protect XSS, injection code, clickjacking, etc.  In many other cases, as per the research team, they examined CSP and other security headers, deactivated Chrome extensions “to introduce additional seemingly benign functionalities on the visited web page,” and didn't even look like it was nefarious in purpose. That is because Chrome's framework forces extensions in the name of security to do that, paradoxically. Standard extension code could access the DOM page, but no scripts on the page can ...

  With the advent of its latest privacy policy, the Facebook-owned messaging app is all set to block certain features if the users won't agree to the new privacy policy. The update that was initially set to be rolled out by February 8 – making new privacy regulations applicable for all its users, got delayed till May 15 as WhatsApp faced strong contempt from the public, which allowed its competitors namely Telegram and Signal to solidify their repute with the public. Earlier, as per the ultimatum given by WhatsApp: if the users do not accept the updated privacy policy on May 15, they won't be able to use the app. However, later on, it was said that no accounts will be deleted in case the aforementioned does not happen.  Giving insights into the new Privacy Policy, a WhatsApp spokesperson said, “Requiring messaging apps to “trace” chats is the equivalent of asking us to keep a fingerprint of every single message sent on WhatsApp, which would break end-to-end encryption a...

While media reports had already reported a cyber attack, the Belgium officials have recently confirmed… Belgium Interior Ministry Fell Prey To ‘Sophisticated’ Cyber Attack on Latest Hacking News . from Latest Hacking News https://ift.tt/3bWPDZK

According to Masatoshi Fujitani, head of the Tokyo-based Japan Forum for Strategic Studies (JFSS), the Summer Olympic Games in Tokyo will be the target of violent cyberattacks. He is expecting a hacker attack from Russia. Mr. Fujitani, a former top police officer in Japan, published an article in the online publication JB Press, based on the reasoning around the hacker group DarkSide, allegedly involved in the attack on the biggest US petrol pipeline Colonial Pipeline and allegedly linked to Russia. He believes that "a Russian hacker group is targeting the Tokyo Olympics." "In Japan, we have already started training "white hackers" and creating government hacker organizations," noted the Japanese expert. The head of the JFSS calls on developed countries such as Japan, the United States and the United Kingdom to unite and take decisive action in collaboration with public and private specialized organizations working in the field of cyber defense. Summ...