Cybersecurity

Iranian Hacking Group Among Those Exploiting Recently Disclosed VMWare RCE Flaw

An Iranian cyber espionage group that some vendors track as Rocket Kitten has begun exploiting a recently patched critical vulnerability in VMWare Workspace ONE Access/Identity Manager technology to deliver the Core Impact penetration testing tool…

$3 million in NFTs stolen as a result of Bored Ape Yacht Club Instagram hack

Another day, another crypto scam. This time, however, the targets were the $5 billion-valued Bored Ape Yacht Club (BAYC) and holders of its NFT apes. On Monday, the Bored Ape Yacht Club's official Twitter account announced that the company's Instagram account was…

Russian hackers are seeking alternative money-laundering options

The Russian cybercrime community, one of the most active and prolific in the world, is turning to alternative money-laundering methods due to sanctions on Russia and law enforcement actions against dark web markets. Although the options are few…

Researchers Report Critical RCE Vulnerability in Google's VirusTotal Platform

Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE). The flaw, now patched, made it possible to "execute commands remotely within VirusTotal platform…

Kansas Hospital Discloses Data Breach

Email accounts at a Kansas hospital were compromised for nearly a year in a prolonged data breach affecting more than 52,000 individuals. Emporia-based Newman Regional Health was breached by an unauthorized threat actor last year. In a data security notice on its website…

North Dakota-Based Healthcare Billing Services Group Hacked

Federal investigators say a cyber attack on a North Dakota-based company that provides software and billing services for doctors and healthcare professionals affected more than a half-million customers. Adaptive Health Integrations of Williston was the target of a…

CISA adds 7 vulnerabilities to list of bugs exploited in attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added seven vulnerabilities to its list of actively exploited security issues, including those from Microsoft, Linux, and Jenkins. The 'Known Exploited Vulnerabilities Catalog' is a list of vulnerabilities…

Critical Bug in Everscale Wallet Could've Let Attackers Steal Cryptocurrencies

A security vulnerability has been disclosed in the web version of the Ever Surf wallet that, if successfully weaponized, could allow an attacker to gain full control over a victim's wallet. "By exploiting the vulnerability, it's possible to decrypt the private keys and seed phrases that…

North Korean hackers targeting journalists with novel malware

North Korean state-sponsored hackers known as APT37 have been discovered targeting journalists specializing in the DPRK with a novel malware strain. The malware is distributed through a phishing attack first discovered by NK News, an American news site dedicated to…

Ukraine Invasion Driving DDoS Attacks to All-Time Highs

The first quarter of 2022 saw a 46% increase in distributed denial-of-service (DDoS) attacks over Q4 2021, which a new report attributes to a community of "hacktivists" intent on disrupting Russian state interests in retaliation for the Ukraine invasion…