Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. CVE-2024-40766 is an Improper Access Control Vulnerability impacting SonicWall SonicOS, the company addressed it in August […]
French internet service provider (ISP) Free disclosed a cyber attack, threat actors allegedly had access to customer personal information. Free S.A.S. is a French telecommunications company, subsidiary of Iliad S.A. that provides voice, video, data, and Internet telecommunications to consumers in France. The company is the second-largest ISP in France with over 22.9 million mobile and fixed subscribers. Free disclosed a cyber attack over the […]
Italian police arrested four and are investigating dozens, including Leonardo Maria Del Vecchio, for alleged unauthorized access to state databases. Italian authorities have arrested four individuals as part of an investigation into alleged illegal access to state databases. The police are also investigating dozens of other individuals, including the son of Luxottica founder Leonardo Maria […]
A long supply chain adds third-party risks, as each partner’s security affects your own, making identity and access management more challenging. Identity-related attack vectors are a significant concern, with a substantial percentage of cyberattacks—often cited as over 70%—involving compromised credentials or identity theft. However, this problem primarily stems from a lack of visibility. Do you […]
ReliaQuest researchers observed Black Basta affiliates relying on Microsoft Teams to gain initial access to target networks. ReliaQuest researchers warn that Black Basta ransomware affiliates switched to Microsoft Teams, posing as IT support to deceive employees into granting access. The BlackBasta ransomware operators were spotted posing as corporate help desks and contacting employees to help […]
Russian authorities sentenced four members of the REvil ransomware operation to several years in prison in Russia. Four former members of the REvil ransomware group were sentenced in Russia for hacking and money laundering, marking a rare case of Russian gang members being convicted in the country. The four men are Artem Zaets, Alexei Malozemov, […]
The Change Healthcare data breach in the February 2024 impacted over 100 million, the largest-ever healthcare data breach in the US. UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals. On February 21, a cyber attack disrupted IT operation of the healthcare organization, more than […]
US hospice pharmacy OnePoint Patient Care suffered a data breach that exposed the personal info of approximately 800,000 individuals. OnePoint Patient Care is a U.S.-based pharmacy specializing in hospice and palliative care services, providing customized medications and support for patients with advanced illnesses. It partners with healthcare providers to manage and deliver complex medication regimens […]
Threat actors are targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances, Trend Micro warns. Trend Micro researchers observed attackers targeting Docker remote API servers to deploy SRBMiner crypto miners on compromised instances. The threat actors used the gRPC protocol over h2c to bypass security and execute crypto mining on Docker […]
Experts warn of a new wave of attacks involving the Bumblebee malware, months after Europol’s ‘Operation Endgame‘ that disrupted its operations in May. The Bumblebee malware loader has resurfaced in new attacks, four months after Europol disrupted it during “Operation Endgame” in May. Bumblebee has been active since March 2022 when it was spotted by Google’s Threat Analysis Group […]