Daily Cyber Brief
FBI warns of vulnerabilities in medical devices, GhostSec hacks 55 Berghof PLCs in Israel, and U-haul discloses a breach that exposed customer driver licenses...
Cybersecurity
As the war in Ukraine progresses, there have been several offensive cyber operations linked to Russian organizations against Ukrainian civil, military, and corporate infrastructures. Cybersecurity and intelligence professionals were initially surprised by the lack of large-scale…
Eighty-nine percent of healthcare organizations surveyed have experienced an average of 43 attacks in the past 12 months — almost one attack per week — a new report by cybersecurity firm Proofpoint and the Ponemon Institute finds. The most common consequences of…
The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks. Arctic Wolf Labs security researchers spotted this new tactic after observing a…
The FBI on Monday warned that hundreds of vulnerabilities in widely used medical devices are leaving a door open for cyberattacks. In a white notice from the FBI’s Internet Crime Complaint Center (IC3), the law enforcement agency said it has identified “an increasing…
Hackers are launching new attacks to steal Steam credentials using a Browser-in-the-Browser phishing technique that is rising in popularity among threat actors. The Browser-in-the-Browser technique is a trending attack method involving the creation of fake browser...
A hacktivist collective called GhostSec has claimed credit for compromising as many as 55 Berghof programmable logic controllers (PLCs) used by Israeli organizations as part of a "Free Palestine" campaign. Industrial cybersecurity firm OTORIO, which dug deeper into the…
Moving and storage giant U-Haul International (U-Haul) disclosed a data breach after a customer contract search tool was hacked to access customers' names and driver's license information. Following an incident investigation started on July 12 after discovering the…
A pair of critical security vulnerabilities in Google's Pixel mobile phone line could lead to privilege escalation and device takeover. The Pixel bugs, tracked as CVE-2022-20231 and CVE-2022-20364, are in the Trust and Kernel components, respectively, according to…
Cisco has confirmed that the data leaked yesterday by the Yanluowang ransomware gang was stolen from the company network during a cyberattack in May. However, the company says in an update that the leak does not change the initial assessment that the incident has no…
Apple has released security updates to address the eighth zero-day vulnerability used in attacks against iPhones and Macs since the start of the year. In security advisories issued on Monday, Apple revealed they're aware of reports saying this security flaw "may have been…