More Than 114,000 Patients Affected by Wilmington Surgical Associates Ransomware Attack

In October 2020, the NetWalker ransomware gang claimed responsibility for a ransomware attack on the North Carolina-based surgical center, Wilmington Surgical Associates. The gang claimed to have stolen around 13GB of data prior to deploying NetWalker ransomware and encrypting files. The stolen batch of data included thousands of documents containing sensitive information. HIPAA Journal has […]

140GB of Confidential Information Leaked on the Hacker Forum from the US-Based Door Parts Distributor

On a famous dark web hacker website, a 140 GB archive that purportedly belongs to Door Controls USA, a US-based door parts store, has been leaked. The archive contains internal business records and classified documentation relating to Door Controls USA, including production blueprints, machine-readable production code, financial and accounting records, as well as numerous legal […]

Kaspersky lists its industrial cybersecurity threat predictions for 2021

Security company Kaspersky announced its list of industrial cybersecurity threat challenges and predictions on what can be expected from cybercriminals active in the OT/ICS sector in 2021. Infections will tend to be less random or have focused follow-ups, as cybercriminals have spent the past several years profiling randomly infected computers that are connected to industrial […]

Your boss could be the number one security threat in the office

Senior management’s password practices are ‘shocking’, experts say. (Image credit: Image source: Shutterstock/Ai825) Senior management’s password practices are “shocking”, a new report from identity and access management firm OneLogin claims. Polling 2,000 remote workers in the UK and the US on cybersecurity practices in the workplace, the company found that senior management was a significantly […]

CERT and Cybersecurity Agencies Disclosed Denial-of-Service (DoS) Vulnerability Affecting OpenSSL

Computer emergency response teams (CERTs) and other cybersecurity organisations around the world have issued notifications and advisories about OpenSSL’s newly discovered denial-of-service (DoS) vulnerability, and manufacturers have begun to analyse the effects of the bug on their items. This week the OpenSSL Project reported that OpenSSL 1.1.1i patches a vulnerability of high severity which can […]

Six More Healthcare Providers Impacted by Ransomware Attacks

GBMC HealthCare in Maryland, Golden Gate Regional Center in California, and Dyras Dental in Michigan have recently suffered ransomware attacks and Allegheny Health Network, AMITA Health, and Bayhealth have announced they have been affected by the ransomware attack on Blackbaud Inc. GBMC HealthCare Towson, MD-based GBMC HealthCare has announced it suffered a ransomware attack on […]

Russia-linked APT28 uses COVID-19 lures to deliver Zebrocy malware

Russia-link cyberespionage APT28 leverages COVID-19 as phishing lures to deliver the Go version of their Zebrocy (or Zekapab) malware. Russia-linked APT28 is leveraging COVID-19 as phishing lures in a new wave of attacks aimed at distributing the Go version of their Zebrocy (or Zekapab) malware. The APT28 group (aka Fancy Bear, Pawn Storm, Sofacy Group, Sednit, and STRONTIUM) has been active since at least 2007 […]

Criminals are getting better at spoofing banking services

(Image credit: Image Credit: Gustavo Frazao / Shutterstock) Covid-19 continues to provide inspiration for cybercriminals and fraudsters looking to scam people out of their hard-earned money. A new report from cybersecurity firm Bitdefender claims that, with Covid-19 forcing people indoors, online shopping and banking is surging. Criminals are well aware of this fact and have […]

WordPress Easy WP SMTP zero-day potentially exposes hundreds of thousands of sites to hack

Threat actors are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin installed on more than 500,000 sites. Hackers are actively exploiting a zero-day vulnerability in the popular Easy WP SMTP WordPress plugin to reset passwords for admin accounts. The SMTP WordPress plugin is installed on more than 500,000 sites, but […]

PgMiner botnet exploits disputed CVE to hack unsecured PostgreSQL DBs

Researchers have discovered a botnet dubbed PgMiner that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. Security researchers from Palo Alto Networks have discovered a new botnet, tracked as PgMiner, that targets PostgreSQL databases running on Linux servers to install a cryptocurrency miner. PostgreSQL, also known as Postgres, is one of […]