The ransomware attack on a key U.K. National Health Service IT vendor has forced two London hospitals to reschedule around 1,500 medical appointments including critical cancer treatments and organ transplant surgeries. The June 3 attack is disrupting operations at NHS King’s College and Guy’s and St. Thomas’ in London. Attackers compromised servers of Synovia, the…
Cybersecurity researchers said an experiment in developing a fake, malicious extension for the world’s most popular integrated development environment succeeded beyond their wildest expectations. Researchers Amit Assaraf, Itay Kruk, and Idan Dardikman uploaded an extension to Microsoft source code editing platform Visual Studio Code masquerading as “Dracula Official,” a color theme that records nearly 7.2…
Among the more dangerous of the flaws for which Microsoft released a patch this week on Patch Tuesday is a denial-of-service (DoS) vulnerability publicly disclosed back in February in the Domain Name System Security Extensions (DNSSEC) protocol. The vulnerability, identified as CVE-2023-50868 exists in a third-party DNSSEC mechanism called Next Secure Hash 3 (NSEC3) for…
The security risks posed by the Pickle format have once again come to the fore with the discovery of a new “hybrid machine learning (ML) model exploitation technique” dubbed Sleepy Pickle. The attack method, per Trail of Bits, weaponizes the ubiquitous format used to package and distribute machine learning (ML) models to corrupt the model…
Cyber criminals are beginning to use artificial intelligence to make their operations more effective — and their use goes way beyond creating better bait for phishing. Just as in legitimate business, discussions about AI among criminals have accelerated this year compared to 2023, researchers from cybersecurity group Intel 471 reported in a new study published…
A ransomware operation with a history of exploiting widespread internet vulnerabilities lost little time in making use of a critical-severity vulnerability in Window installations of web-scripting language PHP. Imperva Threat Research in a Monday report said TellYouThePass ransomware operators began exploiting the PHP bug, tracked as CVE-2024-4577, hours after researchers released a proof of concept…
Privacy regulators in the U.K. and Canada have launched a joint investigation into 23andMe following the direct-to-consumer genetic testing service suffering a massive data breach in October 2023. Britain’s Information Commissioner’s Office, and the Office of the Privacy Commissioner of Canada, said they’ll jointly investigate the publicly traded company’s compliance with their respective data protection…
Tracked as CVE-2024-4610, the bug is described as a use-after-free issue that could be exploited by local users to make improper GPU memory processing operations. Successful exploitation of the flaw allows a non-privileged attacker to access previously freed memory, Arm explains in an advisory. “Arm is aware of reports of this vulnerability being exploited in…
How in the world has Microsoft’s leadership managed to get the debut of its forthcoming Recall feature for Windows so wrong on the security and privacy fronts? Recall for Copilot+ is designed to capture screenshots of everything a user does on their Windows PC for potential replay later. To give Microsoft the benefit of the…
An investigation into infostealer-driven attacks on Snowflake customers shows that approximately 165 clients potentially had data stolen by financially-motivated hackers, says cyber threat intel firm Mandiant. Snowflake, an data management platform provider, disclosed the campaign earlier this month along with a warning that customers without multifactor authentication enabled are vulnerable (see: Snowflake Clients Targeted With…
NHS Ransomware Hack: 1,500 Medical Appointments Rescheduled
