Skip to content
U. of Washington Medicine learned it exposed info on 974k people after a patient found their data on GoogleMedical data about nearly 1 million patients of the University of Washington Medicine was exposed online for at least three weeks in December, the school said in a statement this week. Data about approximately 974,000 individuals was included, the school announced Wednesday. UW Medicine is sending letters to the affected patients and has notified the…
This tool allows you to check the code powering Chrome extensionsBrowser extensions, like any other piece of software, can be abused or manipulated by hackers for malicious purposes. Duo Security wants to make it harder for that to happen. The company on Thursday released a beta version of a tool, CRXcavator, that screens extensions for Google Chrome, the world’s most popular web browser, for malicious code. “As…
Blind Eagle, a new APT group, poses as Colombia's Cyber Police to steal business secretsCyberwar is intensifying in South America. A new hacking group researchers have dubbed Blind Eagle is carrying out targeted attacks against Colombian government agencies, financial companies and corporations with a presence in Colombia. Blind Eagle has been active since April 2018, posing as Colombian institutions like the National Cyber Police and the Office of the…
These scammers claim to have videos of your most private momentsCybercriminals have scammed people out of $332,000 since July 2018 by threatening to publish footage of the individuals engaging in some kind of sexual act, according to research published Thursday. The threat intelligence company Digital Shadows examined 790,000 “sextortion” attempts sent to 89,000 email recipients to find that digital con artists typically build their bogus stories on existing information about…
Complex court battle for Methbot, 3ve cybercrime suspects only is getting startedAlleged perpetrators of the Methbot and 3ve cybercrime rings have started to arrive in the U.S. to face accusations that they orchestrated a broad conspiracy to defraud advertisers for millions of dollars. Yevgeniy Timchenko, a 30-year-old citizen of Kazakhstan, appeared Wednesday in federal district court in Brooklyn alongside Aleksandr Zhukov, a Russian national, in a short status hearing. Both men had bald heads…
Researchers paint different portraits of hackers behind Ryuk ransomwareAnalysts poring over the Ryuk ransomware are coming to different conclusions about the hackers responsible and the victims they’re targeting, highlighting the subjective side of cyberthreat studies. One thing, however, is clear: the infectious malware pays. Newly published research from McAfee and Coveware finds that the average ransom payment involving Ryuk is more than 10 times…
As Europe prepares to vote, Microsoft warns of Fancy Bear attacks on democratic think tanksThree months before parliamentary elections in Europe, Microsoft says it has detected hacking attempts on democracy-focused think tanks from the Russian hacking group that breached the Democratic National Committee in 2016. From September to December 2018, hackers conducted cyberattacks on employees of the Aspen Institutes in Europe, the German Council on Foreign Relations, and the…
Kaspersky sales in North America fell by 25 percent in 2018, despite global revenue growthGlobal revenue for Moscow-based cybersecurity vendor Kaspersky Lab increased by 4 percent last year despite sales in North America falling by 25 percent, the company said. The privately-owned Kaspersky reported an unaudited revenue of $726 million in 2018, thanks mostly to 27 percent growth in the Middle East, Turkey and Africa. Kaspersky also reported 55…
Password manager report gets researcher booted from BugcrowdThe author of newly-published research that examines flaws in password managers has been kicked off Bugcrowd, a popular vulnerability-reporting platform, after one of the companies named in the research reported the author for violating Bugcrowd’s terms of service. Bugcrowd shut down Adrian Bednarek’s account after he violated the company’s rules on “unauthorized disclosure” by telling a…
Hacking tools used by North Korea's Lazarus Group aimed at Russian targetsOne of the United States’ biggest cyber adversaries has been targeting another, according to new research. Security vendor Check Point Technologies on Tuesday published findings in which its researchers “were observing what seemed to be a coordinated North Korean attack against Russian entities.” The company cautions that it’s “problematic” to definitively pinpoint who’s responsible for…
Serious flaw found and patched in WordPress, but it might lurk in pluginsWordPress recently patched a long-running, potentially serious vulnerability in its core code. But a similar flaw in third-party plugins could still allow hackers to take over websites that use the popular publishing software, according to German web security company RIPS Technologies. Exploiting the vulnerability requires an attacker to have access to an account with “author” privileges for the target website —…
Threatpost News Wrap Podcast For Feb. 22From password manager vulnerabilities to 19-year-old flaws, the Threatpost team broke down this week's biggest news stories.
Threatpost Poll: Are Password Managers Too Risky?Weigh in on password managers with our Threatpost poll.
ThreatList: Porn-Focused Malware Triples, Dark Web Loves ItPremium-access credentials to porn sites are hot in the cyber-underground, as credential-harvesting malware proliferates.
Adobe Re-Patches Critical Acrobat Reader FlawAdobe has issued yet another patch for a critical vulnerability in its Acrobat Reader - a week after the original fix.
Highly Critical Drupal RCE Flaw Affects Millions of WebsitesAdmins should update immediately to fix a remote code-execution vulnerability.
19-Year-Old WinRAR Flaw Plagues 500 Million UsersUsers of the popular file-compression tool are urged to immediately update after a serious code-execution flaw was found in WinRAR.
Researcher: Not Hard for a Hacker to Capsize a Ship at SeaCapsizing a ship with a cyberattack is a relatively low-skill enterprise, according to an analysis from Pen Test Partners.
Separ Malware Plucks Hundreds of Companies’ Credentials in Ongoing PhishAn ongoing phishing campaign is targeting hundreds of businesses to steal their email and browser credentials using a simply - but effective - malware.
Apple’s Shazam App Boots Facebook Ads and Other Third-Party SDKsThe music-recognition app that Apple bought for $400 million is removing Facebook Ads, DoubleClick, Facebook Analytics and more.
Password Manager Firms Blast Back at ‘Leaky Password’ Revelations1Password, Dashlane, KeePass and LastPass each downplay what researchers say is a flaw in how the utilities manage memory.
GitHub Increases Rewards, Scope For Bug-Bounty ProgramGitHub is offering unlimited rewards for critical vulnerabilities - and has added "safe harbor" terms to its bug bounty program.
Microsoft: Russia’s Fancy Bear Working to Influence EU ElectionsAs hundreds of millions of Europeans prepare to go to the polls in May, Fancy Bear ramps up cyber-espionage and disinformation efforts.
Microsoft to Kill Updates for Legacy OS Using SHA-1Windows 7 and Windows Server 2008 users are being asked to upgrade their encryption support.
ThreatList: APT Adversaries Up the Ante on Speed, Target TelecomRussia-linked actors need just 18 minutes to go from compromise to lateral movement.
New GandCrab Decryptor Unlocks Files of Updated RansomwareThis is the third update to the prolific GandCrab malware within the past year.
CreativeMinds WordPress Plugin Curated RSS Aggregator
