Post-Cyberattack, Universal Health Services Faces $67M in Losses
The Fortune-500 hospital network owner is facing steep costs in damages after a cyberattack impacted patient care and billing in September and October.
Compromised Website Images Camouflage ObliqueRAT Malware
Emails spreading the ObliqueRAT malware now make use of steganography, disguising their payloads on compromised websites.
Malware Loader Abuses Google SEO to Expand Payload Delivery
Gootloader has expanded its payloads beyond the Gootkit malware family, using Google SEO poisoning to gain traction.
Firewall Vendor Patches Critical Auth Bypass Flaw
Cybersecurity firm Genua fixes a critical flaw in its GenuGate High Resistance Firewall, allowing attackers to log in as root users.
Amazon Dismisses Claims Alexa ‘Skills’ Can Bypass Security Vetting Process
Researchers found a number of privacy and security issues in Amazon's Alexa skill vetting process, which could lead to attackers stealing data or launching phishing attacks.
Malware Gangs Partner Up in Double-Punch Security Threat
From TrickBot to Ryuk, more malware cybercriminal groups are putting their heads together when attacking businesses.
Podcast: Ransomware Attacks Exploded in Q4 2020
Researchers said they saw a seven-times increase in ransomware activity in the fourth quarter of 2020, across various families – from Ryuk to Egregor.
Malicious Mozilla Firefox Extension Allows Gmail Takeover
The malicious extension, FriarFox, snoops in on both Firefox and Gmail-related data.
Cisco Warns of Critical Auth-Bypass Security Flaw
Cisco also stomped out a critical security flaw affecting its Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches.
Mozilla Patches Bugs in Firefox, Now Blocks Cross-Site Cookie Tracking
Mozilla said its Total Cookie Protection feature in Firefox 86 prevents invasive, cross-site cookie tracking.
Microsoft Lures Populate Half of Credential-Swiping Phishing Emails
As more organizations migrate to Office 365, cybercriminals are using Outlook, Teams and other Microsoft-themed phishing lures to swipe user credentials.
IBM Squashes Critical Remote Code-Execution Flaw
A critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote attackers to execute code.
10K Microsoft Email Users Hit in FedEx Phishing Attack
Microsoft users are receiving emails pretending to be from mail couriers FedEx and DHL Express - but that really steal their credentials.
Chinese Hackers Hijacked NSA-Linked Hacking Tool: Report
APT31, a Chinese-affiliated threat group, copied a Microsoft Windows exploit previously used by the Equation Group, said researchers.
Credential-Stuffing Attack Targets Regional Internet Registry
RIPE NCC, the regional Internet registry for Europe, West Asia, and the former Soviet Union, said attackers attempted a credential-stuffing attack against its single-sign on service.