Malware & Threats

Issued by: DataBreach Today

The ransomware attack on a key U.K. National Health Service IT vendor has forced two London hospitals to reschedule around 1,500 medical appointments including critical cancer treatments and organ transplant surgeries. The June 3 attack is disrupting operations at NHS King’s College and Guy’s and St. Thomas’ in London. Attackers compromised servers of Synovia, the…

Malware & Threats

Issued by: DataBreach Today

Cybersecurity researchers said an experiment in developing a fake, malicious extension for the world’s most popular integrated development environment succeeded beyond their wildest expectations. Researchers Amit Assaraf, Itay Kruk, and Idan Dardikman uploaded an extension to Microsoft source code editing platform Visual Studio Code masquerading as “Dracula Official,” a color theme that records nearly 7.2…

Vulnerabilities

Issued by: Dark Reading

Among the more dangerous of the flaws for which Microsoft released a patch this week on Patch Tuesday is a denial-of-service (DoS) vulnerability publicly disclosed back in February in the Domain Name System Security Extensions (DNSSEC) protocol. The vulnerability, identified as CVE-2023-50868 exists in a third-party DNSSEC mechanism called Next Secure Hash 3 (NSEC3) for…

Malware & Threats

Issued by: CSO Online

Cyber criminals are beginning to use artificial intelligence to make their operations more effective — and their use goes way beyond creating better bait for phishing. Just as in legitimate business, discussions about AI among criminals have accelerated this year compared to 2023, researchers from cybersecurity group Intel 471 reported in a new study published…

Vulnerabilities

Issued by: DataBreach Today

A ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical-severity vulnerability in Window installations of web-scripting language PHP. Imperva Threat Research in a Monday report said TellYouThePass ransomware operators began exploiting the PHP bug, tracked as CVE-2024-4577, hours after researchers released a proof of concept…

News

Issued by: DataBreach Today

Privacy regulators in the U.K. and Canada have launched a joint investigation into 23andMe following the direct-to-consumer genetic testing service suffering a massive data breach in October 2023. Britain’s Information Commissioner’s Office, and the Office of the Privacy Commissioner of Canada, said they’ll jointly investigate the publicly traded company’s compliance with their respective data protection…

Vulnerabilities

Issued by: SecurityWeek

Tracked as CVE-2024-4610, the bug is described as a use-after-free issue that could be exploited by local users to make improper GPU memory processing operations. Successful exploitation of the flaw allows a non-privileged attacker to access previously freed memory, Arm explains in an advisory. “Arm is aware of reports of this vulnerability being exploited in…

News

Issued by: DataBreach Today

An investigation into infostealer-driven attacks on Snowflake customers shows that approximately 165 clients potentially had data stolen by financially-motivated hackers, says cyber threat intel firm Mandiant. Snowflake, an data management platform provider, disclosed the campaign earlier this month along with a warning that customers without multifactor authentication enabled are vulnerable (see: Snowflake Clients Targeted With…