1 min read
Articles of interest from the week of April 15, 2024
John Frasier Apr 17, 2024 10:54:02 AM
The Database You Don’t Want To Need: Check To See if Your Health Data Was Hacked
More than 144 million Americans' medical information was stolen or exposed last year in a record-breaking number of healthcare data breaches, a USA TODAY analysis of Health and Human Services data found. (USA TODAY)
Cisco Duo's Multifactor Authentication Service Breached
A third-party provider that handles telephony for Cisco's Duo multifactor authentication (MFA) service has been compromised by a social engineering cyberattack. Now Cisco Duo customers have been warned to be on alert for follow-on phishing schemes. (Dark Reading)
Hackers Deploy Python Backdoor in Palo Alto Zero-Day Attack
Threat actors have been exploiting the newly disclosed zero-day flaw in Palo Alto Networks PAN-OS software dating back to March 26, 2024, nearly three weeks before it came to light last week. (The Hacker News)
Apple Drops Term ‘State-Sponsored’ Attacks From Its Threat Notification Policy
Apple Inc. has warned its users in India and 91 other countries that they were possible victims of a "mercenary spyware attack," dropping the word "state-sponsored" it used in its previous alerts to refer to such malware attacks. (Reuters)
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys. (The Hacker News)
Cagey Phishing Campaign Delivers Multiple RATs to Steal Windows Data
Various anti-detection features, including the use of the ScrubCrypt antivirus-evasion tool, fuel an attack that aims to take over Microsoft Windows machines. (Dark Reading)
New Windows 10 Prices Show Microsoft Is Getting Desperate in Pushing Users to the Latest Operating System
Microsoft will be doubling the price of its Extended Security Updates (ESU) every year after Windows 10 reaches end-of-support in 2025, signaling a desperate push to prompt upgrades to Windows 11. (IT Pro)
Raspberry Robin Returns: New Malware Campaign Spreading Through WSF Files
Cybersecurity researchers have discovered a new Raspberry Robin campaign wave that has been propagating the malware through malicious Windows Script Files (WSFs) since March 2024. (The Hacker News)
LG Smart TVs at Risk of Attacks, Thanks to 4 OS Vulnerabilities
Scans showed that 91,000 devices are exposed and at risk for unauthorized access and TV set takeover. (Dark Reading)