UK Blood Stocks Drop After Ransomware Hack
The U.K. National Health Service is urging hospitals across the country to limit the use of rare O-negative type blood after a ransomware attack on a British laboratory service provider crippled blood donations across the country. The NHS Blood and Transplant service on Thursday issued an amber alert to hospitals stating that the combination of…
Breach Roundup: North Korean Hackers Target macOS Users
North Korean Hackers Target macOS Users North Korean state-sponsored hackers are targeting macOS users with a new variant of their BeaverTail malware, spreading it through a malicious version of the video-calling service Microtalk. Cybersecurity researcher Patrick Wardle revealed that the attackers trick victims into downloading the infected software by posing as recruiters offering job interviews….
What’s the Best Strategy for Exploiting Flaws in Ransomware?
What’s the best strategy for handling a known vulnerability in ransomware that helps victims decrypt their files for free? Security researchers and law enforcement have two options: stealth or reach. Stealth prolongs the life of the vulnerability and the ability of security teams to exploit it. Reach makes sure that more people know about it,…
How CISA Plans to Measure Trust in Open-Source Software
The United States cyber defense agency is creating a new framework to answer a critical question in cybersecurity: How can the trustworthiness of open-source security projects be accurately measured and transparently communicated? The Cybersecurity and Infrastructure Security Agency is in the second phase of its open-source software security road map, according to a Monday blog…
Cisco Patches an Exploited Zero-Day Vulnerability
Cisco on Monday patched a zero-day vulnerability discovered months ago that allowed a China-nexus hacker to execute arbitrary commands as root on the compromised devices. The threat group, dubbed Velvet Ant, remotely connected to Cisco’s NX-OS software used in switches and executed malicious code. The networking giant in an advisory attributes the discovery to cybersecurity…
Groups Ask HHS for Guidance on Massive Change Breach Reports
Two weeks ago, Change Healthcare began notifying thousands of medical practices about a massive data breach affecting millions of patients. The healthcare software firm says it will handle breach notifications, but industry groups want to guarantee the government will go along with that plan. If not, the groups fear that small medical practices, hospitals and…
No Patches for Hospital Temperature Monitors’ Critical Flaws
Vulnerabilities in internet-connected temperature monitoring devices mainly used in hospitals, and their accompanying desktop application, could allow hackers to gain administrator privileges to the technology. Researchers at Nozomi Networks uncovered four vulnerabilities in Sensor Net Connect and three flaws in the Thermoscan IP desktop application, both made by a division of French firm Proges Plus….
Bogus: LockBit’s Claimed Federal Reserve Ransomware Hit
More reasons to beware breathless reporting about a ransomware group’s latest supposed victim: LockBit’s claim to have breached the U.S. Federal Reserve Bank. The Fed, based in Washington, is America’s central bank. It works with 12 regional Fed banks. If any aspect of that system fell victim to ransomware-wielding groups – or had data exfiltrated,…
European Union Sanctions Russian State Hackers
The European Union sanctioned four Russian domestic intelligence agency hackers including two military officers who participated in what researchers have described as “hack and leak” operations against Western governments. The two officers are part of a Federal Security Service hacking group known as Callisto Group and Coldriver and formerly tracked by Microsoft as Seaborgium. The…
Biden Administration Bans Kaspersky Antivirus Software
The U.S. federal government is banning Russian cybersecurity firm Kaspersky Labs from selling antivirus software in the United States, officials announced Thursday, citing significant national security risks. Department of Commerce officials urged current Kaspersky customers to “immediately find alternatives” after an investigation determined that Russian state hackers could turn the cybersecurity software against their users….
