Security News

Cyberattackers Exploit Google Sheets for Malware Control in Likely Espionage Campaign
2024-08-30 13:04

Cybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism. The activity, detected by Proofpoint starting August 5,...

NHS boss says Scottish trust wouldn't give cyberattackers what they wanted
2024-06-18 11:29

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Healthcare organizations in the crosshairs of cyberattackers
2023-07-18 03:30

In an era where cyber threats continue to evolve, healthcare organizations are increasingly targeted by malicious actors employing multiple attack vectors, according to Trustwave. "Protecting the supply chain and maintaining business continuity are critical considerations across most industries, but healthcare cyber leaders encounter distinct challenges in safeguarding patient well-being, maintaining quality of care, and enabling healthcare professionals to leverage cutting-edge digital technologies to perform at the highest level," said Trustwave CISO Kory Daniels.

Cyberattackers Target UPS Backup Power Devices in Mission-Critical Environments
2022-03-30 17:14

Cyberattackers are targeting uninterruptible power supply devices, which provide battery backup power during power surges and outages. UPS devices are usually used in mission-critical environments, safeguarding critical infrastructure installations and important computer systems and IT equipment, so the stakes are high.

Cyberattackers Leverage DocuSign to Steal Microsoft Outlook Logins
2022-02-24 15:08

A sophisticated phishing campaign directed at a "Major, publicly traded integrated payments solution company located in North America" made use of DocuSign and a compromised third party's email domain to skate past email security measures, researchers said. The campaign spread seemingly innocuous emails around the company, with the goal of stealing Microsoft login credentials, researchers at Armorblox revealed.

Cyberattackers Cook Up Employee Personal Data Heist for Meyer
2022-02-22 20:41

Meyer Corp., maker of Farberware and the largest cookware and bakeware distributor in the U.S., has begun notifying 2,747 employees that a cyberattack that occurred on Oct. 25 compromised their personal data. While the report given to the Maine Attorney General doesn't specifically name the culprit behind the attack, the Conti ransomware group had already announced on its leak site on Nov. 7 it was in possession of the employee data files, according to a report this week on the cyberattack.

Cyberattacker hits German service station petrol terminal provider
2022-02-01 15:50

Two companies owned by Hamburg-based company fuel group Marquard & Bahls are battling cyberattackers, with loading and unloading systems at the German arm of petrol tank terminal provider Oiltanking affected. The company this afternoon confirmed to The Register that Oiltanking GmbH's terminals - which provide Shell service stations, among others - are "Operating with limited capacity" and that Mabanaft GmbH had "Declared force majeure for the majority of its inland supply activities in Germany."

Cyberattackers Hit Data of 80K Fertility Patients
2022-01-07 21:14

FCI's data breach notice said that the healthcare organization first detected suspicious activity on its internal systems on Feb. 1, 2021. The data of more than 3,300 U.S. military service members, military dependents and civilians employed by the DoD were compromised as part of what turned out to be a transnational cybercrime ring created to defraud them out of $1.5 million in military benefits from the DoD and the VA. With regards to the FCI breach, the organization said that it immediately took steps to eliminate unauthorized access and brought in independent forensic investigators to investigate and remediate the matter, on top of additional security measures meant to further secure access to data, individual accounts, and equipment, including the implementation of enterprise identity verification software.

Top 3 API Vulnerabilities: Why Apps are Pwned by Cyberattackers
2021-08-31 13:29

Whether the app is on your mobile device, entertainment system or garage door, APIs are what developers use to make applications function. Some background on what makes APIs such a security concern.

Cyberattackers Embrace CAPTCHAs to Hide Phishing, Malware
2021-08-13 21:04

Cyberattackers are using Google's reCAPTCHA and fake CAPTCHA-like services to obscure various phishing and other campaigns, according to researchers. CAPTCHAs are familiar to most internet users as the challenges that are used to confirm that they're human.