Security News

As Mandiant found during a follow-up investigation into the incident, the attacker used a wallet drainer dubbed CLINKSINK. This same drainer has been used since December to steal funds and tokens from users of Solana cryptocurrency as part of a large-scale campaign involving at least 35 affiliate IDs linked to a shared drainer-as-a-service. Since the start of the year, a massive wave of account breaches has impacted X users, with verified organizations getting hacked to spread cryptocurrency scams and links to wallet drainers.

Visit Mullvad VPN. Mullvad VPN has built a solid reputation for being one of the best privacy-focused VPNs on the market. Overall, Mullvad VPN proves to be a safe and secure VPN service to use in 2024.

Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. Unity Connection is a fully virtualized messaging and voicemail solution for email inboxes, web browsers, Cisco Jabber, Cisco Unified IP Phone, smartphones, or tablets with high availability and redundancy support.

Fidelity National Financial has confirmed that a November cyberattack has exposed the data of 1.3 million customers. Yesterday, Fidelity National Financial confirmed in an amended SEC Form 8-K filing that the cyberattack occurred on November 19, 2023, and was successfully contained seven days later.

US hospitals will be required to meet basic cybersecurity standards before receiving federal funding, according to rules the White House is expected to propose in the next few weeks. The Centers for Medicare and Medicaid Services, an arm of the US Department of Health and Human Services, is reportedly drawing up rules connecting hospital IT security with funding, which are set to take effect before the end of the year.

Review and manage your consent Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the "Your Consent Options" link on the site's footer.

A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. Kyivstar is Ukraine's largest telecommunications service provider and its services were severely disrupted in mid-December by what was later revealed to be an attack from Russian hackers.

Ivanti has disclosed two Connect Secure and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. Ivanti says the two zero-days have already been exploited in the wild in attacks targeting a small number of customers.

Threat actors are using communication about personal pension accounts plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials. Cofense says that throughout last year it has seen a sharp rise in QR codes embedded in those phishing emails, taking recipients to a fake login page designed to steal credentials.

Ransomware victims already reeling from potential biz disruption and the cost of resolving the matter are now being subjected to follow-on extortion attempts by criminals posing as helpful security researchers. Researchers at Arctic Wolf Labs publicized two cases in which casulaties of the Royal and Akira ransomware gangs were targeted by a third party, believed to be the same individual or group in both scenarios, and extorted by a fake cyber samaritan.