Cyber Security Threats

Black Kite’s new research has revealed the evolving ransomware environment. Last year, a notable shift was seen from big ransomware groups doing many attacks to an increasing number of smaller groups conducting the attacks. The … Read more

St. Louis University and SSM Health Saint Louis University Hospital (SSM-SLUH) agreed to settle a class action lawsuit involving a data breach in 2023. The terms of the settlement required a $2 million fund to … Read more

A HIPAA security incident is defined by the HIPAA Security Rule as “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.”  It … Read more

BlackLock is a new ransomware-as-a-service (RaaS) group that has increased attacks and might become 2025’s most prominent RaaS group. Based on ReliaQuest Threat Spotlight, the BlackLock group was initially noticed in March 2024 using the … Read more

The Ponemon Institute conducted a survey recently on behalf of Illumio, a provider of a zero-trust segmentation platform. Based on the survey results, 88% of participant organizations had encountered at least one ransomware attack in … Read more

The cyberattack that compelled the deactivation of Rhode Island’s public benefits system (RI Bridges) has possibly compromised the personal information of over 50% of Rhode Island’s population, around 650,000 people, as reported by state Governor … Read more

Cisco Talos Incident Response reported that a new ransomware group has been targeting the healthcare sector and has been active since September 2024. Interlock ransomware is a threat group that claims to conduct attacks for … Read more

Despite significant efforts by organizations to fortify their defenses, the frequency of data breaches continues to rise. In fact, it is now commonly accepted that no data which is gathered or processed online can ever … Read more

The North Korean cyber group, Jumpy Pisces, recently collaborated with the Play ransomware network in an attacks. The link up is the first recorded instance of North Korean state-backed hackers using an existing ransomware infrastructure, … Read more

In the past year, the phishing-as-a-service (PhaaS) platform known as Sniper Dz has facilitated over 140,000 cyberattacks. The free platform offers tools to help cybercriminals target user credentials, making phishing campaigns easier to launch even … Read more

Linux systems have recently come under threat due to a set of Remote Code Execution (RCE) vulnerabilities identified in the Common Unix Printing System (CUPS). These vulnerabilities, classified as severe, have the potential to enable … Read more

Sparkling Pisces is a North Korean threat actor group recognized for its cyberespionage operations and spear-phishing campaigns. Unit 42 researchers recently identified two new malware variants linked to this group, named KLogEXE and FPSpy. These … Read more

The financially motivated cybercriminal group known as Storm-0501 is targeting U.S. industries, including government, manufacturing, transportation, and law enforcement, through ransomware attacks on hybrid cloud environments. Microsoft has detailed how this group’s multi-stage attack campaigns … Read more

Researchers at Unit 42 have uncovered a new campaign that involves the delivery of Linux and macOS backdoors through poisoned Python packages. These packages are uploaded to the popular PyPI repository, and have been linked … Read more

An international criminal network responsible for a large-scale phishing scheme targeting mobile phone credentials has been dismantled in a coordinated operation led by Europol and law enforcement agencies across six countries. The operation, codenamed “Operation … Read more

Recent investigations suggest that the well-known threat group “TeamTNT”, may be back in operation. The group that is infamous for targeting cloud environments like Docker, Kubernetes, and Redis, has left traces in new attacks observed … Read more

A new type of phishing attack is deceiving users into giving up sensitive login credentials without requiring any direct interaction. Researchers from Palo Alto Networks’ Unit 42 have identified phishing campaigns that use refresh entries … Read more

In a recent advisory issued on September 5th, 2024, the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the National Security Agency (NSA) discuss the cyber activities of Russia’s GRU … Read more

It is well known most data breaches come from employee error, some 88% according to Stanford University Professor Jeff Hancock in fact. As difficult as a costly mistake may be for a business to accept, … Read more

Since its emergence in early 2024, RansomHub has quickly expanded its operations and now affects over 210 victims across various sectors. This ransomware-as-a-service (RaaS) variant has become a player in the world of cybercrime, targeting … Read more

Recent cybersecurity research has uncovered an attack chain utilizing a memory-only malware downloader, known as PEAKLIGHT. This PowerShell-based downloader uses a multi-stage infection process, with a range of obfuscation techniques to evade detection and deliver … Read more

A security flaw has been discovered in millions of contactless key cards used worldwide for office and hotel access. French cybersecurity firm Quarkslab has identified a hardware backdoor in chips manufactured by Shanghai Fudan Microelectronics … Read more

The Federal Bureau of Investigation (FBI) spearheaded a global operation that successfully dismantled the infrastructure of the Radar/Dispossessor ransomware group, a criminal ransomware-as-a-service (RaaS) group led by someone known as ‘Brain’. The operation led to … Read more

Xeon Sender is a cloud-based tool that has cybersecurity experts increasingly concerned, due to its use by attackers to conduct large-scale SMS spam and phishing campaigns by exploiting legitimate software-as-a-service (SaaS) providers. The tool has … Read more

OneBlood, a nonprofit blood donation organization based in Florida, encountered a ransomware attack that is impacting its capability to supply blood to hospitals in the U.S. OneBlood supplies blood to about 250 hospitals in Alabama, … Read more

A new study by the cybersecurity company Semperis showed that companies tend to be attacked by ransomware groups several times. 74% of organizations that encountered a ransomware attack reported experiencing multiple attacks. These attacks caused … Read more

A newly discovered cyber espionage operation, referred to as “Cuckoo Spear,” has brought to light the ongoing activities of a state-backed Chinese hacking group that has been quietly infiltrating Japanese organizations. This covert campaign is … Read more

Memorial Sloan Kettering Cancer Center (MSK) based in New York City has reported the compromise of the protected health information (PHI) of 12,274 people due to a phishing attack. On April 26, 2024, MSK discovered … Read more

The 3-hospital health system has over 50 doctor clinics and numerous community satellite services in eastern Ohio, Pennsylvania, and the panhandle of West Virginia. In 2017, Heritage Valley was impacted by a worldwide malware attack. … Read more

The Qilin ransomware group, believed to be Russian, uploaded to its dark web leak site the information stolen during the attack on Synnovis because of non-payment of the $50 million ransom demand. On June 3, … Read more

ComplianceJunction, the top-rated HIPAA training vendor, has created a new training course for healthcare organizations to allow them to raise employee awareness of the common cyber threats that provide hackers with access to healthcare networks … Read more

Investigations of cyberattacks and data breaches often reveal the initial access vector to be a phishing email. Phishing provides threat actors with a foothold from where they can achieve an organziation-wide compromise, so teaching employees … Read more

The rapid digitisation of every aspect of our lives has led to an ever-increasing risk of cyber incidents for all types of business. Significant financial losses, disruptions to operations, damage to reputation, and legal consequences … Read more

On May 15, 2024, the FBI, in collaboration with international law enforcement agencies, seized the notorious cybercrime forum BreachForums. This action marks a severe blow to a site that has been a major marketplace for … Read more

On May 1st, a Texas court sentenced Yaroslav Vasinskyi, also known as “Rabotnik,” to over 13 years in prison, marking a significant chapter in the global efforts to dismantle the REvil ransomware group. At just … Read more

A sophisticated spyware attack has been uncovered, targeting certain iPhones. After Apple issued a warning, cybersecurity experts were able to trace the origins of the LightSpy malware, revealing a highly advanced spyware with potential links … Read more

791,000 People Affected by UNITE HERE Data Breach The labor Union, UNITE HERE, located in New York has 300,000 working individuals all over the United States and Canada. It recently filed a breach report to … Read more

Documents purporting to have been stolen from a subcontractor of China’s Ministry of Public Security have been published on GitHub. These commercial documents (whose authenticity, impossible to confirm completely, is nevertheless highly probable, given their … Read more

The LockBit ransomware group, identified as one of the most prolific cybercriminal organizations, has been neutralized through a coordinated international law enforcement effort. Emerging in 2020, LockBit quickly ascended to infamy by deploying a ransomware-as-a-service … Read more

The US Department of Justice (DoJ) recently announced the takedown of the Warzone RAT malware service as part of a coordinated international response to cybercrime. This malware, known for allowing unauthorized remote access to victims’ … Read more

FBI says a December 2023 court-authorized operation has successfully dismantled the KV Botnet, a network of infected routers controlled by the Chinese hacker group Volt Typhoon. This botnet was a critical tool for Volt Typhoon, … Read more

TeamViewer, the world famous remote access tool, has emerged as a significant vulnerability in the cybersecurity landscape. Recent investigations have highlighted its exploitation in deploying ransomware, particularly the notorious LockBit 3.0. These incidents underscore an … Read more

Hacking of 1,900 Citrix NetScaler Devices Hackers are carrying out a mass exploitation strategy focusing on Citrix NetScalers to take advantage of a critical vulnerability monitored as CVE-2023-3519. The programmed exploitation campaign breaches NetScalers and … Read more