Boeing confirms attempted $200 million ransomware extortion attempt (cyberscoop.com)
Citrix warns admins to manually mitigate PuTTY SSH client bug (www.bleepingcomputer.com)
Actor IntelBroker is selling data from Europol in Breachforums (breachforums.st)
Data offered include Alliance employees, FOUO source code, PDFs, Documents for recon and guidelines.
IntelBroker Hacker Leaks Alleged HSBC & Barclays Bank Data (www.hackread.com)
Proton VPN TunnelVision support response.
I contacted Proton VPN about the TunnelVision exploit and I got a response. I feel great about it, thank you Proton!...
New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data (thehackernews.com)
Poland says Russian cyberspies targeted government networks (www.reuters.com)
Ascension warns of suspected cyberattack; clinical operations disrupted (www.reuters.com)
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version (thehackernews.com)
Zscaler takes "test environment" offline after rumors of a breach (www.bleepingcomputer.com)
Zscaler investigating a potential breach (trust.zscaler.com)
Security company exposes 1.2M guard and suspect records (www.theregister.com)
Critical vulnerabilities in BIG-IP appliances leave big networks open to intrusion (arstechnica.com)
Hackers can exploit them to gain full administrative control of internal devices.
Chinese Hackers Deployed Backdoor Quintet to Down MITRE (www.darkreading.com)
UK confirms Ministry of Defence payroll data exposed in data breach (www.bleepingcomputer.com)
Kinsing crypto mining campaign targets 75 cloud-native applications (www.csoonline.com)
Five years after being discovered, the Kinsing cryptojacking operation remains very active against organizations, employing daily probes for vulnerable applications using an ever-growing list of exploits.
Analyzing the vulnerability landscape in Q1 2024 (securelist.com)
Kaspersky’s report highlights a steady increase in software vulnerabilities, with a surge in critical ones due to factors like bug bounty programs and complex software. Exploits, especially those available publicly, pose significant threats, and their numbers are rising. Key vulnerabilities in Q1 2024 include those affecting...
BetterHelp to pay $7.8 million to 800,000 in health data sharing settlement (www.bleepingcomputer.com)
BetterHelp has agreed to pay $7.8 million in a settlement agreement with the U.S. Federal Trade Commission (FTC) over allegations of misusing and sharing consumer health data for advertising purposes.
CHM Malware Stealing User Information Being Distributed in Korea (asec.ahnlab.com)
Nearly 184,000 MedStar Health patients' personal data possibly breached (therecord.media)
zEus Stealer Distributed via Crafted Minecraft Source Pack (www.fortinet.com)
Change Healthcare went without cyber insurance before debilitating ransomware attack (www.csoonline.com)
Organizations that eschew cyber insurance give up not only financial protection but also advice from the insurer on improving the security of their systems.
LockBit ransomware admin identified, sanctioned in US, UK, Australia (www.bleepingcomputer.com)
The FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor revealed for the first time.
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw (www.bleepingcomputer.com)
Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw.
Hackers exploit LiteSpeed Cache flaw to create WordPress admins (www.bleepingcomputer.com)
Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites.
