11 Mar 2020

Phishers Use Fake HIV Test Results as Bait

Cybersecurity researchers have discovered a new phishing campaign that uses fake HIV test results to gather information from victims after clicking a malicious link, targeting insurance, healthcare and pharmaceutical companies around the world. Researchers at Proofpoint uncovered the campaign, stating that the cybercriminals were impersonating Vanderbilt University Medical Center and

Read More
10 Mar 2020

AMD Downplays CPU Threat Opening Chips to Data Leak Attacks

AMD has disclosed side-channel attacks in CPUs, and stated that they are not new. The company has been significantly downplaying the side-channel attacks that are capable of leaking potentially sensitive data from its processors released between 2011 and 2019. Researchers stated that these side-channel attacks extract sensitive information through signals

Read More
09 Mar 2020

T-Mobile Suffers Another Breach as Staff Emails Targeted

The phone carrier T-Mobile recently suffered a malicious cybersecurity attack that allowed the attacker access to T-Mobile customer account information. This is not the first time that T-Mobile has been the subject of such an attack; in 2018, 2 million customers had their information illegally accessed. T-Mobile is in the

Read More
09 Mar 2020

Critical Zoho Zero-Day Flaw Disclosed

The IT help desk ManageEngine software made by Zoho Corp has been compromised by a zero-day vulnerability that enables unauthenticated access to systems, allowing a remote attacker to launch attacks. Zoho has since released an update that addresses the vulnerability after it was discovered by Steven Seeley of Source Incite

Read More
09 Mar 2020

Ryuk Ransomware Behind Durham, North Carolina Cyberattack

The city of Durham, North Carolina recently shut down its network due to an attack by the Ryuk Ransomware. Ryuk is a ransomware developed by a Russian hacker that gains access to a network when someone opens a malicious email attachment. Upon gaining access, Ryuk is able to permeate network

Read More
06 Mar 2020

Transit Apps With 600,000 Installs Compromised To Target Military And Political Data

The most recent McAfee Mobile Threat Report has revealed that four Korean transit apps were compromised in what has been deemed a “MalBus” attack. The applications had been available for over five years and had been downloaded hundreds of thousands of times, but have since been removed from the Google

Read More
06 Mar 2020

54% of healthcare vendors have experienced a data breach of protected health information

According to data released by Ponemon Institute and Censinet, over half of all healthcare vendors have experienced a data breach in which protected health information was exposed. This is a costly problem that points to a flawed third party risk assessment processes. The report shows that 54% of healthcare vendors

Read More
06 Mar 2020

3 Data Breaches Disclosed This Week: J.Crew, T-Mobile, and Carnival

This week, a series of enterprise data breached were disclosed, effecting the companies T-Mobile, J.Crew, and Carnival Corp. The high toll this week underscored how cybercriminals have been targeting companies recently. J.Crew stated that its customers’ information was compromised, and email addresses and passwords were obtained by an unauthorized third

Read More
06 Mar 2020

Zoho zero-day published on Twitter

Yesterday, security researchers reported a zero-day vulnerability in a Zoho enterprise product. The zero-day impacts the Zoho ManageEngine Desktop Central, an endpoint management solution. Android smartphones, Linux servers, and Mac/Windows workstations are often all controlled by Zoho ManageEngine Desktop Central. This means that the zero-day could have a large impact

Read More
04 Mar 2020

Let’s Encrypt to revoke 3 million certificates on March 4 due to software bug

On Wednesday, March 4, the Let’s Encrypt project plans to revoke more than 3 million TLS certificates after it discovered a bug hidden within its backend’s code. The bug impacted Let’s Encrypt server software, called Boulder, that the company uses to verify users and their domains before they issue a

Read More