Security News > 2022 > July

Dll attachments as the main focus when cyberattacks arise, but there may be another type of highly used malicious file to be aware of. According to findings from IT security company Barracuda Networks, HTML attachments are being employed by adversaries the most when it comes to cyberattacks and 21% of all HTML attachments scanned by the company were found to be malicious.

The U.S. government is warning healthcare companies to watch for and protect themselves against ongoing ransomware attacks from cybercriminals sponsored by North Korea. In a joint advisory posted Wednesday, the FBI, Cybersecurity and Infrastructure Security Agency, and Department of the Treasury cautioned that these state-sponsored attackers have been using Maui ransomware to target hospitals, laboratories and other public and private healthcare organizations.

The U.S. government is warning healthcare companies to watch for and protect themselves against ongoing ransomware attacks from cybercriminals sponsored by North Korea. In a joint advisory posted Wednesday, the FBI, Cybersecurity and Infrastructure Security Agency, and Department of the Treasury cautioned that these state-sponsored attackers have been using Maui ransomware to target hospitals, laboratories and other public and private healthcare organizations.

Unidentified cyber threat actors have started using Brute Ratel C4, an adversary simulation tool similar to Cobalt Strike, to try to avoid detection by endpoint security solutions and gain a foothold on target networks, Palo Alto Networks researchers have found. Their line of attack is apparently successful, as one of the files delivering the Brute Ratel C4 "Badger" - a payload for remote access similar to Cobalt Strike's Beacon - has initially not been flagged as malicious by security tools leveraged by VirusTotal.

Security researchers are warning that hackers can abuse online programming learning platforms to remotely launch cyberattacks, steal data, and scan for vulnerable devices, simply by using a web browser. DataCamp provides integrated development environments to close to 10 million users that want to learn data science using various programming languages and technologies.

ALPHV, also known as BlackCat, is a ransomware developed in the Rust programming language, which makes it easier to compile and customize for various different operating systems, therefore widening the range of possible targets for the threat actor. Many of the developers and money launderers for ALPHV are actually linked to Darkside and Blackmatter ransomware groups, according to the FBI. Extortion technique update.

Email, according to SHI, came back yesterday and "The IT teams at SHI continue to work on bringing other systems back to full availability in a secure and reliable manner." SHI said "There is no evidence to suggest that customer data was exfiltrated during the attack" and that it was liaising with the FBI and CISA regarding the incident.

The popular protocol for radio controlled aircraft called ExpressLRS can be hacked in only a few steps, according to a bulletin published last week. The vulnerability in the protocol is tied to the fact some of the information sent over via over-the-air packets is link data that a third-party can use to hijack the connection between drone operator and drone.

Singapore-based security vendor and services provider Group-IB has commenced a "Regional diversification" program that will see it not just continue to operate in Russia, but do so with a dedicated entity. A new and independently managed entity will offer the company's services and wares in Russia.

In this Help Net Security video, you’ll learn more about Lockdown Mode, a security capability from Apple that offers specialized additional protection to users who may be at risk of highly...