July 2024 - Cyber Security Minute

A ransomware attack disrupted operations at OneBlood blood bank

Issued by: Security Affairs

OneBlood is a non-profit organization that provides blood and blood products to over 300 hospitals and medical facilities across the U.S. Southeast. The organization collects, tests, and distributes blood to ensure a steady supply for needy patients. A disruptive ransomware attack hit OneBlood and disrupted its medical operations. OneBlood is still operational and continues its…

Application Security, Software Security

ESET Reveals Latest Cloud-Native Authentication Solution

Issued by: Dark Reading

ESET, a global leader in cybersecurity, today announced the introduction of the cloud version of ESET Secure Authentication, the multifactor authentication module of the ESET PROTECT Platform. With the new offering, ESET customers can consolidate their security stack and have endpoint protection and multifactor authentication (MFA) provided natively from one vendor with a single pane…

Malware & Threats, Mobile Security

Mandrake Android spyware found in five apps in Google Play with over 32,000 downloads since 2022

Issued by: Security Affairs

Researchers from Kaspersky discovered a new version of the Mandrake Android spyware in five app on Google Play, totaling over 32,000 downloads between 2022 and 2024. Researchers from Bitdefender discovered the high-sophisticated Android spyware Mandrake in 2022, while investigating highly targeted attacks against specific devices. The original Mandrake campaign had two major infection waves, in…

Malware & Threats

Ransomware Gangs Exploit ESXi Bug for Instant, Mass Encryption of VMs

Issued by: Dark Reading

Multiple ransomware groups have been weaponizing an authentication bypass bug in VMware ESXi hypervisors to quickly deploy malware across virtualized environments. VMware assigned the bug (CVE-2024-37085) a “medium” 6.8 out of 10 score on the CVSS scale. The average score is largely due to the fact that it requires an attacker to have existing permissions…

Application Security

Lakera Raises $20M Series A to Secure Generative AI Applications

Issued by: Dark Reading

Lakera, the world’s leading real-time Generative AI (GenAI) Security company, has raised $20 million in a Series A funding round. Led by European VC Atomico, with participation from Citi Ventures, Dropbox Ventures, and existing investors including redalpine, this investment brings Lakera’s total funding to $30 million. This funding positions Lakera at the forefront of the…

Vulnerabilities

Ransomware gangs exploit recently patched VMware ESXi bug CVE-2024-37085

Issued by: Security Affairs

Microsoft researchers warned that multiple ransomware gangs are exploiting the recently patched vulnerability CVE-2024-37085 (CVSS score of 6.8) in VMware ESXi flaw. “Microsoft researchers have uncovered a vulnerability in ESXi hypervisors being exploited by several ransomware operators to obtain full administrative permissions on domain-joined ESXi hypervisors.” warned Microsoft. The flaw is an authentication bypass vulnerability…

Malware & Threats

UK Blood Stocks Drop After Ransomware Hack

Issued by: DataBreach Today

The U.K. National Health Service is urging hospitals across the country to limit the use of rare O-negative type blood after a ransomware attack on a British laboratory service provider crippled blood donations across the country. The NHS Blood and Transplant service on Thursday issued an amber alert to hospitals stating that the combination of…

Hamster Kombat Players Threatened by Spyware & Infostealers

Issued by: Dark Reading

Malicious actors are targeting users of a mobile currency game by using fake Android and Windows software that installs spyware and other malware. Hamster Kombat launched in March and already has more than 250 million users, likely due to the promises of winning TON-based cryptocurrency. The game is for Android users, who can earn in-game…