Cyber Security Threats

Unite Here Data Breach And Lurie Children’s Hospital Cyberattack

791,000 People Affected by UNITE HERE Data Breach The labor Union, UNITE HERE, located in New York has 300,000 working individuals all over the United States and Canada. It recently filed a breach report to the HHS’ Office for Civil … Read more

Anonymous Leak Reveals China’s Cyber Operations

Documents purporting to have been stolen from a subcontractor of China’s Ministry of Public Security have been published on GitHub. These commercial documents (whose authenticity, impossible to confirm completely, is nevertheless highly probable, given their nature and volume) describe a … Read more

A Global Offensive Neutralized The LockBit Ransomware Group

The LockBit ransomware group, identified as one of the most prolific cybercriminal organizations, has been neutralized through a coordinated international law enforcement effort. Emerging in 2020, LockBit quickly ascended to infamy by deploying a ransomware-as-a-service model. This approach enabled affiliates … Read more

US Federal Authorities Announced the Takedown of Warzone RAT Malware Service

The US Department of Justice (DoJ) recently announced the takedown of the Warzone RAT malware service as part of a coordinated international response to cybercrime. This malware, known for allowing unauthorized remote access to victims’ computers, has been used in … Read more

FBI Targets Chinese KV Botnet in Cybersecurity Crackdown

FBI says a December 2023 court-authorized operation has successfully dismantled the KV Botnet, a network of infected routers controlled by the Chinese hacker group Volt Typhoon. This botnet was a critical tool for Volt Typhoon, enabling them to conduct covert … Read more

Patch for Fortra GoAnywhere Critical Vulnerability and Unauthorized Remote Access Using the ScreenConnect Tool

Fortra has announced a critical vulnerability identified in its GoAnywhere Managed File Transfer (MFT) solution and also issued a patch. Vulnerability CVE-2024-0204 is an authentication bypass bug caused by a path traversal weakness. An unauthenticated user can exploit the vulnerability … Read more

A Cybersecurity Vulnerability in TeamViewer used for Ransomware Attacks

TeamViewer, the world famous remote access tool, has emerged as a significant vulnerability in the cybersecurity landscape. Recent investigations have highlighted its exploitation in deploying ransomware, particularly the notorious LockBit 3.0. These incidents underscore an ongoing challenge: balancing the convenience … Read more

Unauthorized Use of Software and Cloud Services is a Major Security Risk

Many businesses concentrate on technical measures to protect them against cyberattacks. They invest in firewalls, multifactor authentication, advanced email security solutions, and web filters to block attacks at source, yet often neglect the human factor and do not provide adequate … Read more

Urgent Action Needed on Citrix Bleed Vulnerability as Ransomware Attacks Increase

Ransomware groups are exploiting a critical vulnerability identified in NetScaler ADS (earlier known as Citrix ADC) and NetScaler Gateway (Citrix Gateway) devices, referred to as Citrix Bleed. On October 10, 2023, Citrix released a security alert concerning the vulnerability and … Read more

Advisories on Critical ownCloud Vulnerabilities, Critical FortiSIEM Vulnerability and Emotet Malware Threat

HC3 Alerts HPH Sector Regarding Critical FortiSIEM Vulnerability and Ongoing Emotet Malware Threat The Health Sector Cybersecurity Coordination Center (HC3) has alerted healthcare companies that utilize Fortinet’s FortiSIEM platform to fix a critical vulnerability that is probably exploited by malicious … Read more

Malvertising Campaign Leads to Cactus Ransomware Attack

There are many ways that cybercriminals gain access to business networks, including phishing attacks and exploiting unpatched vulnerabilities. Many businesses now provide security awareness training to employees to improve phishing awareness, but it is also important to teach the workforce … Read more

Sentinel Event Alert and State of External Exposure Management

Joint Commission Issues Guidance on Ensuring Patient Safety After a Cyberattack The Joint Commission has published a Sentinel Event Alert offering guidance on keeping patient safety after a cyberattack. There has been an increase in sophisticated healthcare cyberattacks. The question … Read more

Email Sextortion Scams are on the Rise

Email is commonly used by threat actors for initial contact with victims and while most attacks attempt to steal credentials or distribute malware distribution, another type of scam has been steadily increasing. Sextortion scams have increased by 178% year over … Read more

Vulnerabilities Found in 1,900 Citrix NetScaler Devices and Limited Use of Generative AI by Malicious Actors

Malicious Actors Still Limit the Use of Generative AI It is feared that malicious actors will take advantage of generative AI to support their malicious pursuits; nevertheless, the use of generative AI by malicious actors seems to be minimal, definitely … Read more

Cybercriminals Turn to Web Browsing to Deliver Ransomware

Ransomware attacks have increased significantly in 2023 and the file encrypting malware is now used in around 20% of cyberattacks. Ransomware is used to encrypt business-critical files to prevent access, and a ransom demand is issued for the keys to … Read more

Top Industries Targeted by Cyber Threat Actors and 2022’s Most Often Exploited Vulnerabilities

Top Targets for Cyber Threat Actors According to Blackberry’s most recent Global Threat Intelligence Report, the two most attacked sectors are healthcare and financial services. The information for the report was gathered between March and May 2023 from its cybersecurity … Read more

Search Engine Ads Abused to Gain Initial Access to Business Networks

Employees are being targeted in a new malvertising campaign that uses Google and Bing Ads offering a variety of trojanized installers for software solutions such as AnyDesk, Cisco AnyConnect VPN, and WinSCP. These campaigns deliver malware that establishes initial access … Read more

New MOVEit Zero-Day Vulnerability, Critical Vulnerability in VMware Aria Operations for Networks, and CISCO AnyConnect Secure Vulnerability

Progress Software Alerts of New MOVEit Zero-Day Vulnerability – Quick Action Necessary Progress Software has released an alert concerning a new vulnerability identified in its MOVEit Transfer file transfer software program. It is an exploit that is available in the … Read more

Malicious Ads and Phishing Emails Used to Distribute RomCom Malware

RomCom malware is being distributed via a range of websites that claim to offer downloads of popular software solutions such as AstraChat, GIMP, Go To Meeting, and ChatGPT, and traffic is being sent to those websites by malicious Google Ads … Read more

Threat Actors Increasingly Using Google Ads for Malware Distribution

Malicious actors are abusing Google Ads to drive traffic to malicious websites where malware is downloaded, and abuse of Google Ads for malware distribution is increasing. Google places its Ad blocks at the top of the page, so the adverts … Read more

Major Phishing Campaign Targets Facebook Credentials

While many phishing scams target Microsoft 365 credentials due to the usefulness of the accounts and the data they hold, social media credentials are also highly prized. If a phisher is able to steal Facebook credentials, they can gain access … Read more

Increase in Adversary-in-the-Middle Phishing Attacks That Allow MFA to be Bypassed

Security experts have long recommended that multi-factor authentication be implemented to protect against phishing attacks and for good reason. Single-factor authentication – a password – provides a degree of protection against unauthorized account access; however, with modern GPUs, it is … Read more

Data Breaches Reported by Dental Health Management Solutions, Nursing Rehab Centre, The Chautauqua Center, Northeast Surgical Group, and White Bird Clinic

Dental Health Management Solutions Alerted Patients About Historic Data Breach Dental Health Management Solutions (DHMS) based in Cedar Park, TX provides the military/government and private individuals with dental services. It recently reported the exposure of the protected health information (PHI) … Read more

HPH Sector Warned Against Clop Cyberattacks and MedusaLocker Ransomware Attacks

At the beginning of February, attackers exploited a zero-day vulnerability (CVE-2023-0669) found in Fortra’s GoAnywhere MFT secure file transfer software on over 130 companies, which include a few companies in the healthcare sector, for instance, Community Health Systems (CHS) in … Read more

Cyber Attacks on VMware ESXi Servers, Sharp HealthCare, Regal Medical Group, and Southeast Colorado Hospital District

The French Computer Emergency Response Team (CERT-FR) issued a warning regarding a persistent ransomware campaign attacking VMware ESXi hypervisors without patching against the critical heap-overflow vulnerability monitored as CVE-2021-21974. VMware released a patch on February 3, 2021, to resolve the … Read more

Cybercriminals Turn to Malvertising for Malware Distribution Now Microsoft Blocks Macros

Now that Microsoft has started blocking macros in Office documents delivered via the Internet, distributing malware via email has become more difficult and hackers have been forced to change their tactics, techniques, and procedures. This has been seen in phishing … Read more

2022 Phishing Trends and the Outlook for 2023

Several new phishing trends were evident in 2022 as cybercriminals changed their tactics for stealing credentials and distributing malware. The same tried and tested techniques were used in many phishing campaigns, including delivery failure notifications, fictitious charges to accounts, security … Read more

HPH Sector Cautioned About Pro-Russian Hacktivist Group’s DDoS Attacks

The healthcare and public health (HPH) industry has been cautioned regarding the likelihood of cyberattacks conducted by a pro-Russian hacktivist gang called KillNet, after a new cyberattack on a U.S. healthcare group. KillNet started its operations during the time when … Read more

Automation Can Aid Network Defenders to Accomplish More Quickly and Be Ahead of Hackers

Automation reduces expenses and enhances productivity. It is vital in cybersecurity just like in manufacturing. A lot of labor-intensive security work may be automated to enable network defenders to accomplish more quicker, such as port scanning, monitoring, scanning vulnerability, and … Read more

Healthcare Sector Impending Risk Due to Cuba Ransomware Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have released a joint cybersecurity warning concerning the Cuba Ransomware and have provided information on the tactics, techniques, and procedures (TTPs) utilized by the ransomware group, … Read more

Data Exposed at Alta Forest Products, Hilario Marilao, M.D, and Three Rivers Provider Network

Alta Forest Products based in Chehalis, WA has encountered a cyberattack where the protected health information (PHI) of around 2,100 Alta Forest Products Health and Welfare Plan members was compromised. The company detected the security breach on September 1, 2022, … Read more

CISA Wants Companies to Use Phishing-Resistant Multifactor Authentication

MFA is one of the most essential steps to take to stop unauthorized account access; on the other hand, it doesn’t give total security and certain types of MFA could be circumvented. Any type of MFA is significantly better than … Read more

Hacking Incidents and Improper Disposal Incidents Reported

Hacking Incident at Country Doctor Community Clinic, WA On October 19, 2022, Country Doctor Community Clinic based in Seattle, WA reported that attackers had acquired access to its digital system and viewed and likely acquired files comprising the protected health … Read more

Wisconsin Department of Health Services, Detroit Health Department, and Smith, Gambrell & Russell, LLP Announce Data Breaches

Wisconsin Department of Health Services Reports Accidental Disclosure of PHI through Email The Wisconsin Department of Health Services (DHS) has just announced that there was an accidental disclosure of protected health information (PHI) via its email. Based on the breach … Read more

Cyberattack on FMC Services, Kaye-Smith and Johnson Memorial Hospital

FMC (Family Medicine Centers) Services based in Amarillo, TX recently reported a hacking incident it discovered and blocked on July 26, 2022. A third-party cybersecurity company conducted a forensic investigation to find out the nature and extent of the cyberattack. … Read more

Healthcare Companies Targeted by Monkeypox Phishing Campaign

An alert was given to the healthcare and public health (HPH) industry regarding a Monkeypox phishing campaign directed at U.S. healthcare companies that tries to steal Office 365, Gmail, and other email account credentials. Monkeypox is a remarkably transmittable viral … Read more

Henderson & Walton Women’s Center & Genesis Health Care Inc. Report Data Breaches

Henderson & Walton Women’s Center (HWWC) based in Birmingham, AL lately advised 34,306 patients about the potential compromise of some of their protected health information (PHI) due to a hacker getting access to an employee’s email account. HWWC stated the … Read more

Relatively Simple Smishing Attack Compromised 130 Organizations

Phishing can take many forms and while email phishing is by far the most common way that threat actors phish for sensitive information and distribute malware, other forms of phishing are increasingly being used in attacks on businesses. Cybercriminals are … Read more

LastPass Data Breach Results in Source Code Theft

LastPass, the company offering the most widely used password management solution worldwide, reported a cyberattack and security breach. As per LastPass, there are close to 30 million users of its password manager tool globally, which include 85,000 business clients. Notifications … Read more

Data Breaches at Healthback Holdings, City of Newport, and OrthoArizona

Healthback Holdings has begun sending notifications to 21,114 persons regarding the likely access and theft of some of their protected health information (PHI) by unauthorized individuals. The Oklahoma City home health provider noticed odd activity inside its email account on … Read more

Data Breaches Announced by Blue Cross and Blue Shield of Massachusetts and Blue Shield of California

Blue Cross and Blue Shield of Massachusetts (BCBSofMA) has lately affirmed that a data breach at a business associate led to the compromise of the protected health information (PHI) of several of its health plan members. The breach took place … Read more

Cyber Safety Review Board Claims Log4j Vulnerabilities Very Prevalent and Will Remain for Years

The Cyber Safety Review Board (CSRB), started by President Biden last February 2022, has released a report about the Log4j vulnerability (CVE-2021-44228) as well as linked vulnerabilities that were identified at the end of 2021. The vulnerabilities have an impact … Read more

President Biden Approves Executive Order to Keep Access to Reproductive Healthcare Services Safe

President Biden has approved an executive order that aspires to safeguard access to reproductive healthcare assistance. This happened right after the SCOTUS ruling that vetoed Roe v. Wade, which provided women the right to decide on their own reproductive healthcare … Read more

Santa Barbara County Department and Baptist Health Report Cyberattack

Medical Record Breach at Santa Barbara County Department of Behavioral Wellness Santa Barbara County Department of Behavioral Wellness located in California has lately reported that an employee viewed the medical files of patients with no authorization. On March 30, 2022, … Read more

HHS Alerts the HPH Sector Regarding Hive Ransomware

The HHS’ Office of Information Security Health Sector Cybersecurity Coordination Center (HC3) has given a TLP: White alert concerning the Hive ransomware group – An especially violent cybercriminal operation that has greatly targeted the healthcare market in the United States. … Read more

Advisory Issued Regarding Phishing Campaigns Involving Trusted Email Marketing Platforms

Because of a recent data breach at Mailchimp, the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) issued a warning about the risk of phishing attacks using this email marketing platform. The breach was discovered when … Read more

Sea Mar Community Health Centers Confronting Class Action Lawsuit Because of 688,000-Record Data Breach

Sea Mar Community Health Centers located in Seattle, WA is confronted with a class-action lawsuit because of a cyberattack that led to the exposure of the protected health information (PHI) of 688,000 persons. The breach was uncovered in June 2021 … Read more

Data Breaches Announced by Suncoast Skin Solutions, South City Hospital, The Colorado DHS and Raveco Medical

Suncoast Skin Solutions, a network comprised of 22 medical, surgical, and cosmetic dermatological care clinics based in Florida, lately commenced informing 57,730 patients regarding a ransomware attack it uncovered on July 14, 2021. Suncoast stated upon discovery of the attack, … Read more

Data Breaches Reported by True Health New Mexico & Educators Mutual Insurance Association

The medical insurance company True Health New Mexico located in Albuquerque, NM began alerting selected health plan members concerning the breach and likely theft of their protected health information (PHI). The data breach incident was discovered by True Health New … Read more

Tardigrade Malware Used in Targeted Attacks on Vaccine Manufacturers and Biomedical Firms

Biomedical firms and their partners are being targeted by an Advanced Persistent Threat (APT) actor in a campaign that delivers Tardigrade malware. Initial analyses of Tardigrade malware suggest it is a sophisticated threat from the SmokeLoader malware family. SmokeLoader is … Read more