Baltic countries blame Russia for GPS jamming of commercial flights
State officials from Lithuania and Estonia are among those raising the alarm about Russian interference with navigation signals.
France seeks new EU sanctions to target Russian disinformation
A draft proposal, offered ahead of European elections in June, reportedly would allow the EU to impose tougher restrictions on individuals and entities involved in Russia-backed influence operations worldwide.
'Crude' ransomware tools proliferating on the dark web for cheap, researchers find
Cheap ransomware is being sold for one-time use on dark web forums, allowing inexperienced freelancers to get into cybercrime without any interaction with affiliates. Researchers at the intelligence unit at the cybersecurity firm Sophos found 19 ransomware varieties being offered for sale or advertised as under development on four forums from June 2023 to February 2024.
Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion
he ransomware attack on a company owned by healthcare giant UnitedHealth Group (UHG) has so far caused $872 million in losses, according to the corporation’s latest earnings report. UnitedHealth owns Change Healthcare, a key cog in the U.S. healthcare industry that was crippled by a ransomware attack in February. Change Healthcare and UHG subsidiary Optum took hundreds of systems offline as a result of the incident and faced criticism from the White House and Congress over its handling of the ransomware attack.
Cisco: Hacker breached multifactor authentication message provider on April 1
Cisco said one of the providers it uses to send multifactor authentication (MFA) messages was breached by a threat actor on April 1. In emails to customers, Cisco said the incident specifically affected Duo — a multifactor authentication company it acquired in 2018. The attacker breached the system of a telephony supplier that Duo uses to send MFA messages through texts and phone calls to its customers.
Over 500 people targeted by Pegasus spyware in Poland, officials say
Prosecutor General Adam Bodnar says an investigation into Pegasus use by current and former government officials has expanded to hundreds more people than initially reported.
CISA: Email from federal agencies possibly accessed in Russian breach of Microsoft
CISA publicly released an emergency directive issued to federal agencies earlier this month, detailing how a breach at Microsoft could have affected the government.
Researchers discover new ransomware gang ‘Muliaka’ attacking Russian businesses
A previously unknown ransomware gang has been attacking Russian businesses with malware based on the leaked source code from the Conti hacking group. The gang, which researchers at the Moscow-based cybersecurity company F.A.C.C.T. have dubbed “Muliaka," or Muddy Water in English, has left minimal traces from its attacks but has likely been active since at least December 2023.
Romania-linked ‘Rubycarp’ hackers look for cryptomining, phishing DDoS opportunities
Rubycarp has been in operation for at least a decade, and its campaigns appear to overlap with other cybercrime groups, according to researchers at Sysdig.
Russian developer of Trickbot malware sentenced to five years in prison
A Russian developer of Trickbot malware has been sentenced to five years and four months in prison, the U.S. Department of Justice said on Thursday.
SEC says X account hack was due to SIM swapping
An “unauthorized party” hijacked the cell phone number of the person running the SEC’s X account before taking over the social media feed and posting messages. In a statement on Monday, an SEC spokesperson explained that two days after the January 9 account takeover, the government agency spoke to its telecom carrier and discovered that someone “obtained control of the SEC cell phone number associated with the account in an apparent ‘SIM swap’ attack.”
Technology News Government News Get more insights with the Recorded Future Intelligence Cloud. Learn more. In alerting about two Citrix bugs, CISA recommends immediate attention for one
Two bugs in Citrix technology are drawing serious attention this week from the Cybersecurity and Infrastructure Security Agency. CISA says federal agencies much patch one of the vulnerabilities — tagged as CVE-2023-6548 — by January 24. It’s one of the rare times the cyber agency has put a remediation date of less than three weeks on a vulnerability. CISA did not respond to requests for comment about why the remediation timeline was shorter than most. The other bug — listed as CVE-2023-6548 — must be fixed by February 7. CISA’s alerts are aimed at federal agencies but often serve as general warnings for the public.
Further analysis of Denmark attacks leads to warning about unpatched network gear
What happened in Denmark can also happen to you, cybersecurity researchers are warning in a new report that examines attacks against the country’s energy sector last year. Waves of incidents in May that seemed like a highly-targeted effort by a nation-state actor — perhaps Russia’s Sandworm hacking group — might have been less connected than originally thought, according to a new report by Forescout. The researchers say their analysis found two distinct waves against Danish energy providers, and evidence suggests they were unrelated.
Ransomware gang takes credit for Christmas attack on global Lutheran organization
The World Council of Churches reported an incident in December, and the Lutheran World Federation said it experienced a related incident. The Rhysida gang claimed it carried out the attack on the federation.
After ransomware claims, Xerox says subsidiary hit with cyberattack
The printing and business services giant said its XBS division "experienced a security incident." A cybercrime gang called INC said it was responsible.
FBI: Play ransomware gang has attacked 300 orgs since 2022
Since it appeared in July 2022, Play ransomware has launched devastating attacks on municipalities and critical infrastructure, agencies said.
Ukraine’s intelligence claims cyberattack on Russia’s state tax service
Ukraine's defense intelligence directorate (GUR) said it infected thousands of servers belonging to Russia's state tax service with malware, and destroyed databases and backups.
UK names FSB unit behind hack-and-leak campaigns, summons Russian ambassador
The British government accused a unit of Russia’s Federal Security Service (FSB) on Thursday of using cyberattacks in a “sustained but unsuccessful” campaign to undermine democratic institutions in the country.
Researchers discover dozens of new bugs affecting Sierra Wireless routers
The company’s AirLink cellular routers are often used in critical infrastructure sectors, such as government and emergency services.
Report claims to reveal identity of Russian hacktivist leader
Killmilk is a 30-year-old Russian citizen, according to the news site Gazeta.ru. The report has drawn extra scrutiny to Killnet, known for DDoS attacks on Western targets.
Nearly 9 million patients' records compromised in data breach
The attack on a medical transcription company is one of the worst healthcare-related data breaches in recent years, according to U.S. Department of Health and Human Services records.
Atlassian confirms ransomware is exploiting latest Confluence bug
An Atlassian spokesperson said the company had evidence to support what cybersecurity researchers reported over the weekend: A vulnerability affecting the Confluence Data Center and Confluence Server products was being used in cybercrime.
Cyber experts and officials raise alarms about exploits against Citrix and Apache productsoited vulnerability (KEV) list.
Several new vulnerabilities with critical severity scores are causing alarm among experts and cyber officials. Zero-day bugs affecting products from Citrix and Apache have recently been added to the Cybersecurity and Infrastructure Security Agency’s (CISA) known exploited vulnerability (KEV) list. Incident responders at the cybersecurity company Rapid7 warned of hackers connected to the HelloKitty ransomware exploiting a vulnerability affecting Apache ActiveMQ, classified as CVE-2023-46604. Apache ActiveMQ is a Java-language open source message broker that facilitates communication between servers.
Massive ransomware attack hinders services in 70 German municipalities
Hackers encrypted the servers of the municipal service provider Südwestfalen IT, leading the company to restrict access to its infrastructure for over 70 municipalities in western Germany.
Vulnerability in popular ‘libwebp’ code more widespread than expected
Initial alerts about a bug in the obscure but widely used libwebp library have expanded into concerns that it affects not only web browsers like Chrome, but also many other common pieces of software.
What's in a NoName? Researchers see a lone-wolf DDoS group
Every morning at roughly the same time, a Russian hacker group known as NoName057(16) carries out distributed denial-of-service (DDoS) attacks on European financial institutions, government websites or transportation services.
Pay our ransom instead of a GDPR fine, cybercrime gang tells its targets
A group that operates through a data leak blog called Ransomed tells its alleged victims that shelling out an extortion payment is smarter than facing a government fine for a data breach.
Hackers modify open-source ‘SapphireStealer’ malware, leading to multiple variants
Hackers are modifying the open source code of a popular malware strain, adding tools and functions that make it easier to steal data.
British court convicts two teen Lapsus$ members of hacking tech firms
Two teenagers, ages 18 and 17, were found guilty of hacking into major corporations. The cases involved Uber, Nvidia and more.
Ecuador’s national election agency says cyberattacks caused absentee voting issues
Absentee voters flooded social media to express their frustration at not being able to cast votes through an online system created by the government.