Information Technology Security

By Bill Toulas,  Bleeping Computer The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023. Singing River Health System is a major healthcare provider located in Mississippi, operating the Singing River Hospital in Pascagoula, Ocean Springs Hospital , and the Singing River Gulfport Hospital , collectively providing over 700 beds. The health system, which employs over 3,500 people, also operates two hospices, four pharmacies, six imaging centers, ten specialty centers, and twelve medical clinics in the Gulf Coast region. On August 19, 2023, Singing River announced that it had been targeted by a sophisticated ransomware attack, which resulted in operational disruptions at its hospitals and potentially data theft. Singing River was added to the HHS' Office for Civil Rights breach portal in late August, with a temporary figure of 501 impacted individuals. On September 13, 2023, the healthca

By Sergiu Gatlan, Bleeping Computer The Government of British Columbia is investigating multiple "cybersecurity incidents" that have impacted the Canadian province's government networks. Premier David Eby said in a Wednesday statement that there is no evidence that the attackers had accessed or stolen sensitive information from the compromised networks. However, an ongoing investigation is assessing the incidents' impact and looking into what data, if any, may have been accessed. "Recently, the Government of B.C. has identified sophisticated cybersecurity incidents involving government networks," Eby said. "The government is working closely with the Canadian Centre for Cyber Security (Cyber Centre) and other agencies to determine the extent of the incidents and implement additional measures to safeguard data and information systems." The Government of B.C. has yet to disclose the number of cybersecurity incidents that impacted its networks and when

By Lawrence Abrams, Bleeping Computer AT&T's email servers are blocking connections from Microsoft 365 due to a "high volume" spam wave originating from Microsoft's service. Starting on Monday, AT&T customers began reporting they could no longer receive email from Microsoft 365 email addresses. When Microsoft 365 customers attempted to email an address at @att.com, @sbcglobal.net, or @bellsouth.com, AT&T servers would refuse the connection and not accept the email for delivery.

By Lawrence Abrams, Bleeping Computer Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. The computer maker began emailing data breach notifications to customers yesterday, stating that a Dell portal containing customer information related to purchases was breached. "We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell," reads a Dell data breach notification. "We believe there is not a significant risk to our customers given the type of information involved." Dell states that the following information was accessed by the threat actor during the breach: Name Physical address Dell hardware and order information, including service tag, item description, date of order, and related warranty information The company stresses that the stolen information does not include fina

By Krebs On Security Virtual private networking (VPN) companies market their services as a way to prevent anyone from snooping on your Internet usage. But new research suggests this is a dangerous assumption when connecting to a VPN via an untrusted network, because attackers on the same network could force a target’s traffic off of the protection provided by their VPN without triggering any alerts to the user. When a device initially tries to connect to a network, it broadcasts a message to the entire local network stating that it is requesting an Internet address. Normally, the only system on the network that notices this request and replies is the router responsible for managing the network to which the user is trying to connect. The machine on a network responsible for fielding these requests is called a Dynamic Host Configuration Protocol (DHCP) server, which will issue time-based leases for IP addresses. The DHCP server also takes care of setting a specific local address — known

By Charlie Nash,  Mediaite Two conservative news websites – Human Events and The Post Millennial – were hacked on Thursday evening and replaced with a page leaking private information. Both websites were taken down by unnamed hackers and replaced with a fake coming out letter purported to be written by Post Millennial senior editor Andy Ngo. “Dear Readers of The Post Millennial, I am writing to you today to share something deeply personal and important to me,” the letter opened. “After much soul-searching, I have come to the realization that I am a trans individual, and I would like to officially introduce myself as Angelina Ngo, a woman.” At the end of the letter, the hacker concluded, “P.S. I am also sharing with you all of our mailing lists, our subscriber database and the personal details of all our writers and editors,” along with links to download the private information. The official Twitter accounts for both Human Events and The Post Millennial – which was acquired by Human Eve

By Bill Toulas, Bleeping Computer A former cybersecurity consultant was arrested for allegedly attempting to extort a publicly traded IT company by threatening to disclose confidential and proprietary data unless they paid him $1,500,000. A staffing company assigned Vincent Cannady, 57, to assess and remediate potential vulnerabilities in a New York-based multinational information technology infrastructure services provider. After the termination of his employment for performance reasons, on June 23, 2023, Cannady allegedly used a company-issued laptop to download proprietary and confidential information, including architectural maps, trade secrets, and lists of potential vulnerabilities, from the victim company's network, to which he still had access. The Department of Justice says Cannady threatened to publicly disclose this sensitive information unless the company agreed to pay him up to $1.5 million as a settlement for what he claimed was employment discrimination. When confron

By Solomon Klappholz, IT Pro Hackers are increasingly targeting remote desktop tools in their attacks, new research reveals, prompting warnings for enterprises globally In the era of hybrid work, remote desktop tools have become vital business enablers, but due to their pervasiveness on corporate networks they have become a popular entry point for cyber criminals. If successfully exploited, remote access tools can provide hackers with a direct pathway into a system or network, and once access is gained attackers can move laterally within the network, escalating privileges and maintaining persistence. In an investigation into which remote desktop tools are targeted the most, Jonathan Tanner, senior security researcher at Barracuda Networks, explained that remote desktop software poses a particular challenge to IT teams to secure. “Among the security challenges facing IT teams implementing remote desktop software is that there are many different tools available, each using different and

An ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor. NPM is a package manager for the JavaScript programming language maintained by Microsoft's npm, Inc. npm is the default package manager for the JavaScript runtime environment Node.js and is included as a recommended feature in the Node.js installer. Wikipedia Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors. "During these fraudulent interviews, the developers are often asked to perform tasks that involve downloading and running software from sources that appear legitimate, such as GitHub," security researchers Den Iuzvyk, Tim Peck, and Oleg Kolesnikov said . "The software contained a malicious Node JS payload that, once executed, compromised the developer's system." Details of the campaign first emerged in l

By Bill Toulas, Bleeping Computer Healthcare service provider Kaiser Permanente disclosed a data security incident that may impact 13.4 million people in the United States. Kaiser Permanente is an integrated managed care consortium and one of the largest nonprofit health plans in the U.S. It operates 40 hospitals and 618 medical facilities in California, Colorado, the District of Columbia, Georgia, Hawaii, Maryland, Oregon, Virginia, and Washington. In a statement, the organization said that information from "approximately 13.4 million current and former members and patients" was leaked to third-party trackers installed on its websites and mobile applications. “Kaiser Permanente has determined that certain online technologies, previously installed on its websites and mobile applications, may have transmitted personal information to third-party vendors Google, Microsoft Bing, and X (Twitter) when members and patients accessed its websites or mobile applications” - Kaiser Perma

By Sergiu Gatlan,  Bleeping Computer ​The United Nations Development Programme (UNDP) is investigating a cyberattack after threat actors breached its IT systems to steal human resources data. UNDP, the UN's global development network, works in over 170 countries and territories and relies on donations from UN member states and private sector/multilateral organizations to help eradicate poverty and fight inequality and exclusion. In a statement published Tuesday, the organization revealed that the attackers hacked into local IT infrastructure in UN City, Copenhagen, in late March. "On March 27, UNDP received a threat intelligence notification that a data-extortion actor had stolen data which included certain human resources and procurement information," the UN agency disclosed. "Actions were immediately taken to identify a potential source and contain the affected server as well as to determine the specifics of the exposed data and who was impacted." UNDP is now

Attackers are increasingly making use of "networkless" attack techniques targeting cloud apps and identities. Here's how attackers can (and are) compromising organizations – without ever needing to touch the endpoint or conventional networked systems and services. Before getting into the details of the attack techniques being used, let's discuss why these attacks are becoming more prevalent.

By Lawrence Abrams,  Bleeping Computer The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. In February, Change Healthcare suffered a cyberattack that caused massive disruption to the US healthcare system , preventing pharmacies and doctors from billing or sending claims to insurance companies. The attack was ultimately linked to the BlackCat / ALPHV ransomware operation, who later said they stole 6 TB of data during the attack . After facing increased pressure from law enforcement, the BlackCat gang shut down their operation . This occurred amid claims they were pulling an exit scam by stealing a $22 million Change Healthcare ransom payment from the affiliate who conducted the attack. While Change Healthcare has declined to comment on whether it has paid a ransom, the affiliate known as "Notchy" said they

By Sergiu Gatlan, Bleeping Computer CISA has issued a new emergency directive ordering U.S. federal agencies to address risks resulting from the breach of multiple Microsoft corporate email accounts by the Russian APT29 hacking group. Emergency Directive 24-02 was issued to Federal Civilian Executive Branch (FCEB) agencies on April 2. It requires them to investigate potentially affected emails, reset any compromised credentials (if any), and take measures to secure privileged Microsoft Azure accounts. CISA says Russian Foreign Intelligence Service (SVR) operatives now use information stolen from Microsoft's corporate email systems, including the authentication details shared between Microsoft and its customers by email, to gain access to certain customer systems. "This Emergency Directive requires immediate action by agencies to reduce risk to our federal systems. For several years, the U.S. government has documented malicious cyber activity as a standard part of the Russian

By Sergiu Gatlan,  Bleeping Computer LastPass revealed this week that threat actors targeted one of its employees in a voice phishing attack, using deepfake audio to impersonate Karim Toubba, the company's Chief Executive Officer. However, while 25% of people have been on the receiving end of an AI voice impersonation scam or know someone who has, according to a recent global study, the LastPass employee didn't fall for it because the attacker used WhatsApp, which is a very uncommon business channel. "In our case, an employee received a series of calls, texts, and at least one voicemail featuring an audio deepfake from a threat actor impersonating our CEO via WhatsApp," LastPass intelligence analyst Mike Kosak said. Deepfake audio LastPass CEO impersonation "As the attempted communication was outside of normal business communication channels and due to the employee’s suspicion regarding the presence of many of the hallmarks of a social engineering attempt (such a

By Ax Sharma,  Bleeping Computer The Notepad++ project is seeking the public's help in taking down a copycat website that closely impersonates Notepad++ but is not affiliated with the project. Although, at the time of writing, the lookalike website takes visitors to the official Notepad++ downloads page, there is some concern that it could pose security threats—for example, if it starts pushing malicious releases or spam someday either deliberately or as a result of a hijack. The lookalike website appears prominently in search results

Among the never-ending list of malicious software that threat actors use in cyber attacks are viruses, worms, trojans, ransomware, spyware, and adware. Today's malware is not just about causing immediate damage; some programs get embedded within systems to siphon off data over time, disrupt operations strategically, or lay the groundwork for massive, coordinated attacks.  A prime example is a recently found malicious backdoor in a popular compression tool, known as xz Utils. Thankfully the malicious code was identified early “due to bad actor sloppiness”, but the consequences could’ve been massive. Read on to get the lowdown on recent high-profile malware attacks along with strategies to help limit malware risks at your organization.  Recent High-Profile Malware Attacks Here's a detailed overview of recent malware attacks, highlighting key incidents and offering valuable insights and lessons learned from each event. StripedFly A prolific and advanced cross-platform malware fram

By Sergiu Gatlan,  Bleeping Computer Microsoft has confirmed that some Outlook.com users are experiencing issues with emails being blocked and marked as spam when trying to email Gmail accounts. This known issue only impacts users with Outlook.com country domains, according to a support document published by Redmond on Tuesday. Affected Outlook users are being told in follow-up emails from Gmail's servers that their messages were suspicious and have been stopped from reaching the recipient's inbox. "Remote server returned message detected as spam [..]. Gmail has detected that this message is likely suspicious due to the very low reputation of the sending domain. To best protect our users from spam, the message has been blocked," the replies from Gmail's mail server (mx.google.com) explain. Google's support website says that it's very likely that only a subset of these messages are being blocked because they have "a strong likelihood of being spam.&quo

By  KrebsOnSecurity Several Apple customers recently reported being targeted in elaborate phishing attacks that involve what appears to be a bug in Apple’s password reset feature. In this scenario, a target’s Apple devices are forced to display dozens of system-level prompts that prevent the devices from being used until the recipient responds “Allow” or “Don’t Allow” to each prompt. Assuming the user manages not to fat-finger the wrong button on the umpteenth password reset request, the scammers will then call the victim while spoofing Apple support in the caller ID, saying the user’s account is under attack and that Apple support needs to “verify” a one-time code. Parth Patel is an entrepreneur who is trying to build a startup in the conversational AI space. On March 23, Patel documented on Twitter/X a recent phishing campaign targeting him that involved what’s known as a “push bombing” or “MFA fatigue” attack, wherein the phishers abuse a feature or weakness of a multi-factor authen