North Korean espionage group TA406, aka the Konni Group, deployed information-stealing malware on a Russian government-owned software to spy on the country's foreign ministry officials. This is the latest attack in a North Korean campaign that targets Russian diplomatic activities.
Healthcare industry groups are urging their members to take certain precautionary actions in the wake of the attack last week on Change Healthcare, a unit of Optum. The advisories come as some researchers say the incident appears to involve exploitation of flaws in ConnectWise's ScreenConnect tool.
The Russian intelligence hacking group known as APT29 or Cozy Bear is responding to the corporate migration to the cloud with matching hacking techniques, says an alert from international cyber agencies. Threat intelligence firms warn that APT29 has amplified its global cyberespionage operations.
Russian-speaking ransomware operation LockBit reestablished a dark web leak site Saturday afternoon and posted a lengthy screed apparently authored by its leader, who vowed not to retreat from the criminal underground world. The FBI had no comment.
Pharmacies at U.S. military hospitals and clinics worldwide are among the entities affected by the cyberattack on Optum's Change Healthcare this week, which has forced the IT services company to take many of its applications offline. Change Healthcare disconnected its IT systems on Wednesday.
As the volume of major health data breaches rises, the federal agency charged with investigating those incidents told Congress this week that it lacks the needed funding to keep up with its mounting workload. The agency also separately announced its second ransomware HIPAA breach settlement.
Cryptocurrency trading platform Binance restricted access to 85 accounts as part of an action against the LockBit ransomware affiliates, and authorities estimated that members of the now-defunct ransomware-as-a-service operation had pocketed "hundreds of millions" in ransom.
In the latest weekly update, Jeremy Grant of Venable LLP joins editors at ISMG to discuss the state of secure identity in 2024, the challenges in developing next-generation remote ID proofing systems, and the potential role generative AI can play in both compromising and protecting identities.
Hackers are on a tear to exploit unpatched ConnectWise ScreenConnect remote connection software to infect systems with ransomware, info stealers and persistent backdoors. The attacks observed by researchers include ransomware deployments tied to the now-defunct LockBit ransomware operation.
It's not just medical device cybersecurity that's keeping some healthcare security leaders up at night - it's also the risks posed by other critical connected gear that patients and clinicians depend upon, said Ali Youssef, director of medical device and emerging tech security at Henry Ford Health System.
Once the dust settles on the LockBit disruption, what will be the state of ransomware? Expect attackers to continue refining their tactics for maximizing profits via a grab bag of complementary strategies, including crypto-locking shakedowns and data-theft extortion.
Change Healthcare - a unit of Optum that provides IT services and applications to hundreds of U.S. pharmacies, payers and healthcare providers - is dealing with a cyber incident that has forced the company to take its applications offline enterprisewide. The company said is triaging the situation.
This week, FixedFloat lost $26 million in a hack, the U.K. Financial Conduct Authority found illegal promotions of cryptocurrency, GoFundMe shuttered a Tornado Cash fundraiser, and an Australian cop allegedly stole $4 million worth of bitcoins.
This week: more fallout from LockBit, Avast to pay $16.5M, Russia-linked group targeted mail servers, no indication that AT&T was hacked, analysis of a patched Apple flaw, Microsoft enhanced logging, an Android banking Trojan, North Korean hackers and a baking giant fell to ransomware.
The notorious ransomware-as-a-service group LockBit, disrupted by law enforcement this week, was developing a new version of its crypto-locking malware prior to being shut down, security researchers reported. Even so, experts say it's unlikely the group would be able to successfully reboot.