14 DrayTek vulnerabilities patched, including max-severity RCE flaw

DrayTek patched 14 vulnerabilities affecting 24 of its router models, including a maximum severity buffer overflow flaw that could lead to remote code execution (RCE) or denial-of-service (DoS). The two critical-, nine high- and three medium-severity DrayTek bugs were discovered by Forescout Research’s Vedere Labs and described in a report titled “DRAY:BREAK” published Thursday. Shodan […]

North Korean’s Stonefly shifts from espionage to ransomware, extortion

The North Korean-based Stonefly hacking group recently shifted gears from espionage to focus on financially motivated attacks that security pros say will ultimately lead to ransomware extortion incidents. In an Oct. 2 blog post, Symantec’s Threat Hunter Team said they found evidence of intrusions into three U.S. organizations in August, about one month after the […]

Sniper Dz PhaaS platform extensively leveraged in cyberattacks

Malicious websites created with Sniper Dz have been given custom links and obscured by the legitimate proxymesh[.]com server, which has been configured to facilitate automated phishing content loading without direct communications in a bid to prevent detection of the PhaaS platform’s backend servers. Source link

Ransomware attack disrupts UMC Health System

Texas-based UMC Health System had all its emergency and non-emergency patients diverted to other health providers following an IT outage stemming from a ransomware attack by still-unknown threat actors late last week, according to BleepingComputer. Detection of suspicious network activity has prompted UMC, which manages 30 clinics in West Texas and Eastern New Mexico, to immediately disconnect its […]

Over 123K impacted by Community Clinic of Maui hack

Infiltration of Malama’s systems between May 4 and May 7 has enabled the exfiltration of individuals’ medical treatment data, Social Security numbers, financial account numbers with CVV numbers and expiry dates, bank names, passport numbers, routing numbers, and certain biometric details, according to the clinic. Source link

CISA touts achievements of VDP program

More than 7,000 security flaws have been submitted to the Cybersecurity and Infrastructure Security Agency’s Vulnerability Disclosure Policy program in 2023, which is 132% higher than bugs submitted in 2022, when the program began, with valid disclosures and remediated flaws increasing by 82% and 78% last year, respectively, according to The Record, a news site by cybersecurity firm […]

Improved OT cybersecurity sought by Dragos’ purchase of Network Perception

SiliconAngle reports that operational technology solutions provider Network Perception has been purchased by Dragos, an industrial control system cybersecurity firm, in a bid to bolster visibility into OT networks. With the acquisition, both Network Perception’s flagship NP-View platform and the Dragos Platform would be able to identify their assets’ connections and possible pathways in real time, as well […]

Federal threat sharing system revival promised by CISA

Significant declines in participation and cyber threat information sharing through the federal Automated Indicator Sharing flagged by the Department of Homeland Security’s Office of the Inspector General have prompted the Cybersecurity and Infrastructure Security Agency to commit to revitalizing the threat sharing system, reports The Record, a news site by cybersecurity firm Recorded Future. Inadequate […]