Tag: Cybersecurity

UnitedHealth Hack Leaks 6 TB of User Data

The BlackCat group hacked into UnitedHealth, stealing massive amounts of data.

UnitedHealth Group, one of the largest providers of health insurance and health care services in the United States, suffered a cyberattack with the following data breach. The company admitted that the personal data of millions of patients was “stolen” in a cyberattack. This incident is already being called one of the largest in healthcare history.… Continue reading UnitedHealth Hack Leaks 6 TB of User Data

Microsoft SharePoint Vulnerability Exploited, Update Now

A critical vulnerability in Microsoft SharePoint is now under active exploitation

In late March 2024, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued the alert regarding the exploitation of a flaw in Microsoft SharePoint. It was detected back in September 2023, but the facts of active exploitation surfaced only recently. Fortunately, Microsoft offers updates that fix the flaw. Remote code execution vulnerability A vulnerability designated… Continue reading Microsoft SharePoint Vulnerability Exploited, Update Now

ShadowRay Vulnerability Threatens AI Workloads, No Patch Available

Researchers noticed that a vulnerability in question is actively exploited

Recent review of vulnerabilities in the Ray framework uncovered the unpatched flaw, dubbed ShadowRay. It appears that hundreds of machine learning clusters were already compromised, leading to the leak of ML assets. Researchers trace the first attack that used this vulnerability to September 2023, meaning that the vulnerability already circulates for over half a year.… Continue reading ShadowRay Vulnerability Threatens AI Workloads, No Patch Available

STRRAT and Vcurms Malware Abuse GitHub for Spreading

Attackers are using GitHub as a source for the final payload

A new phishing campaign has recently been discovered that uses GitHub to deliver Remote Access Trojans (RAT) STRRAT and Vcurms via a malicious Java downloader. ANY.RUN specialists have detected the active spread of these malicious programs and warn users against potential threats. Short About STRRAT and Vcurms STRRAT is a Java-based RAT, notorious for its… Continue reading STRRAT and Vcurms Malware Abuse GitHub for Spreading

Fortinet RCE Vulnerability Affects FortiClient EMS Servers

Critical vulnerability CVE-2023-48788 in FortiClient EMS, potentially allow remote code execution without authentication.

Fortinet disclosed a critical vulnerability affecting FortiClient EMS products in March 2024. This vulnerability, categorized as an SQL injection, poses a significant cybersecurity threat. Above all, it has the potential to allow remote attackers to execute arbitrary commands on administrative workstations. Fortinet SQLi Vulnerability Causes Remote Code Execution As I mentioned, the vulnerability is classified… Continue reading Fortinet RCE Vulnerability Affects FortiClient EMS Servers

Adobe Reader Infostealer Plagues Email Messages in Brazil

Frauds use forged PDF documents to deploy infostealers

A recent email spam campaign reportedly spreads infostealer malware under the guise of Adobe Reader Installer. Within a forged PDF document, there is a request to install Adobe Reader app, that triggers malware downloading and installation. Considering the language of the said documents, this malicious activity mainly targets Portugal and Brazil. Infostealer Spreads in Fake… Continue reading Adobe Reader Infostealer Plagues Email Messages in Brazil

LockBit Ransomware Taken Down by NCA

LockBit was considered the toughest nuts, but then law enforcements pulled a nutcracker

On February 19, 2024, LockBit ransomware was taken down by the UK National Crime Agency in cooperation with a selection of other law enforcement agencies. The banner typical for such takedowns now illustrates all the web assets of LockBit ransomware. There is quite a hope about the possible release of decryption keys and even a… Continue reading LockBit Ransomware Taken Down by NCA

MIT Hacked, Students’ Data Sold on the Darknet

Hackers publish a database full of info about the current - and past - students of MIT

On February 13, 2024, a post on a Darknet forum appeared, offering to purchase a large pack of data leaked from Massachusetts Institute of Technology (MIT). The hacker under the alias “Ynnian” claims that the leak happened this year, and consists mainly of students’ data. No pay is asked for this DB, hence the information… Continue reading MIT Hacked, Students’ Data Sold on the Darknet

Warzone RAT Dismantled, Members Arrested

International crackdown dismantles Warzone RAT, leading to key arrests in Malta and Nigeria.

In an international law enforcement operation, the U.S. Department of Justice continues its fight against cybercriminals. The operation dismantled a network that sold and supported the Warzone Remote Access Trojan (RAT). Also, this malware allowed cybercriminals to stealthily infiltrate victims’ computers, resulting in data theft and other malicious activities. Warzone RAT Masters Arrested and Charged… Continue reading Warzone RAT Dismantled, Members Arrested

HijackLoader Malware Comes With New Evasion Methods

New malware offers some really unique detection evasion techniques

The HijackLoader malware has added new defense evasion techniques. Other threat actors are increasingly using the malware to deliver payloads and tooling. The developer used a standard process hollowing technique coupled with a trigger that makes defense evasion stealthier. What is HijackLoader? According to the researchers’ report, the HijackLoader malware, or IDAT Loader, has recently… Continue reading HijackLoader Malware Comes With New Evasion Methods