Millions of Americans had their sensitive medical and health information stolen after hackers exploited a zero-day vulnerability in the widely used MOVEit file transfer software raided systems operated by tech giant IBM.
In a data breach notification to those affected, Colorado’s HCPF said that the data was compromised because IBM, one of the state’s vendors, “uses the MOVEit application to move HCPF data files in the normal course of business."
North Korean Hackers Suspected in New Wave of Malicious npm Packages
"Due to the sophisticated nature of the attack and the small number of affected packages, we suspect this is another highly targeted attack, likely with a social engineering aspect involved in order to get targets to install these packages," the company said .
The malware then pings and waits for further instructions every 45 seconds, which are subsequently decoded and executed.
Lapsus$ hackers took SIM-swapping attacks to the next level
The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with a strong security posture.
Lapsus$ is described as a loosely-organized group formed mainly of teenagers, with members in the U.K. and Brazil that acted between 2021 and 2022 for notoriety, financial gain, or for fun. However, they also combined techniques of various complexity with “flashes of creativity.
Bugs in transportation app Moovit gave hackers free rides | TechCrunch
Hackers could have hijacked the user accounts of a popular transportation app and used them to get free rides and access people's personal information, according to a security researcher.
This whole chain of exploits could have been performed without the target ever finding out, apart from seeing unwanted charges on their credit card. Attias called it "the perfect attack."
No comments:
Post a Comment