Researchers uncovered thousands of Citrix servers that are vulnerable to two critical flaws, one of which is being actively exploited by nation-state hackers. Netgear also warned its customers about a denial-of-service vulnerability affecting some of its devices.
Hackers stole and leaked personal data for nearly 270,000 patients and employees of Louisiana's Lake Charles Memorial Health System as part of a ransomware attack for which Hive claimed credit. Patients and regulators have just been informed about the October attack.
Posing as leading banks, the North Korea-backed BlueNoroff group is evading Microsoft Windows' Mark of the Web security measure to help infect machines with malware. Hackers are refining their techniques for bypassing MOTW, which warns users when they try to open a file downloaded from the internet.
Construction and engineering firm Sargent & Lundy is informing more than 6,900 individuals that attackers stole their Social Security numbers through an Oct. 15 cyber incident. The firm has engineered 958 power plant units and more than 6,200 circuit miles of power delivery systems.
Karl Sebastian Greenwood, a dual citizen of Sweden and the United Kingdom, pleaded guilty in U.S. federal court to his role in selling the purported multibillion-dollar cryptocurrency pyramid OneCoin that netted $4 billion. He now faces sentencing.
U.S. federal prosecutors charged six men ranging in age from 19 to 37 with running distributed denial-of-service attacks for sale on the internet. One of the accused allegedly ran a site, Ipstresser.com, responsible for more than 30 million DDoS attacks.
Microsoft's last monthly dump of patches for 2022 includes a fix for a zero-day exploited by ransomware hackers to bypass the SmartScreen security mechanism for malware execution. The zero-day hinged on hackers creating a malformed Authenticode signature.
Australian telecommunications provider Telstra apologized for accidentally publishing names, numbers and addresses of over 130,000 customers whose details were supposed to be unlisted. The company apologized for the error and blamed a "misalignment of databases."
Hosted services company Rackspace is warning customers about the increasing risk of phishing attacks following a ransomware attack causing ongoing outages to its hosted Exchange environment. The Texas-based firm also is now facing a class action lawsuit.
A novel botnet dubbed "Zerobot" by Fortinet researchers is taking advantage of vulnerabilities in a slew of networking equipment and networked cameras with an emphasis on equipment manufactured in East Asia. The botnet exploits 21 separate vulnerabilities.
Hackers, possibly North Korea's Lazarus Group, are behind a campaign that socially engineers cryptocurrency traders into opening an Excel spreadsheet loaded with a malicious macro. Pyongyang hackers specialize in cryptocurrency theft as the regime seeks hard currency to fuel weapons development.
The 2019 seizure by U.S. law enforcement of online criminal marketplace xDedic is paying dividends for lawyers unrolling prosecutions of accused fraudsters who allegedly obtained compromised credentials from the site. The FBI and IRS estimate that xDedic facilitated more than $68 million in fraud.
Thousands of Rackspace customers continue to face hosted Microsoft Exchange Server outages after the managed services giant took the offering offline after being affected by an unspecified security incident Thursday. Rackspace urges affected customers to at least temporarily move to Microsoft 365.
The U.S. federal government says the Cuba ransomware gang actively targets critical infrastructure and that its criminal efforts have netted it $60 million so far. The group has recently modified its techniques, says an alert from the FBI and the Cybersecurity and Infrastructure Security Agency.
Hackers stole customer information but not passwords when they broke into password manager LastPass' third-party cloud storage service, the company disclosed. An unauthorized party used information stolen during a dayslong incident in August to exfiltrate the data.