Security News

Analyzing data from the U.S. Department of Health and Human Services, threat protection company Bitglass found that the count of healthcare breaches reported in 2020 increased to 599, a jump of more than 50% compared to the previous year. Most of the breaches were caused by hacking and IT incidents, which exposed data from 24.1 million individuals, making them vulnerable to identity theft and phishing attacks.

A major French software firm allegedly targeted by Russian hackers denied Tuesday that its major clients could have been affected by the attack. Centreon, which lists blue-chip French firms from Airbus to Total among its users, was named in a report by the French national cybersecurity agency ANSSI late Monday.

We delve into Google's tight-lipped Chrome bugfix, explain how a Belgian researcher awarded himself 111,848 cups of coffee, and discuss the audacious but thankfully temporary theft of the Perl.com domain. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

Unit 42 researchers today have shared info on a new polymorphic and "Highly sophisticated" malware dubbed BendyBear, linked to a hacking group with known ties to the Chinese government. The malware has features and behavior that strongly resemble those of the WaterBear malware family, active since at least as early 2009.

Microsoft will soon notify Office 365 of suspected nation-state hacking activity detected within their tenants according to a new listing on the company's Microsoft 365 roadmap. Microsoft Defender for Office 365 provides Office 365 enterprise accounts with email protection against several types of threats including credential phishing and business email compromise, as well as automated attack remediation.

An Internet Explorer zero-day vulnerability has been discovered used in recent North Korean attacks against security and vulnerability researchers. Last month, Google disclosed that the North Korean state-sponsored hacking group known as Lazarus was conducting social engineering attacks against security researchers.

What's the connection between coronavirus facemasks and fingerprint biometrics? Who would have expected funky job ads on the White House website? And who would you call if you spotted a deceased former colleague hanging out on your network? WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

Any organizations that used the backdoored SolarWinds network-monitoring software should take another look at their logs for signs of intrusion in light of new guidance and tooling. In an update and white paper [PDF] released on Tuesday, FireEye warned that the hackers - which intelligence services and computer security outfits have concluded were state-sponsored Russians - had specifically targeted two groups of people: those with access to high-level information, and sysadmins.

A couple of researchers claim they have earned $50,000 from Apple for finding some serious vulnerabilities that gave them access to the tech giant's servers. Harsh Jaiswal and Rahul Maini, India-based bug bounty hunters who specialize in application security, said they discovered the flaws in recent months, being inspired by a group of researchers who in October reported receiving hundreds of thousands of dollars from Apple for a total of 55 vulnerabilities, including ones that exposed source code, iCloud accounts, warehouse software, and employee and customer apps.

Project Zero, Google's 0day bug-hunting team, revealed a hacking campaign coordinated by "a highly sophisticated actor" and targeting Windows and Android users with zero-day and n-day exploits. The Project Zero team, in collaboration with the Google Threat Analysis Group, discovered a watering hole attack using two exploit servers in early 2020, each of them using separate exploit chains to compromise potential targets.