What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2025-04-24 16:00:00 | Automatisation zéro confiance dans les soins de santé: de la notation des risques à l'application dynamique des politiques sans refonte du réseau Automating Zero Trust in Healthcare: From Risk Scoring to Dynamic Policy Enforcement Without Network Redesign (lien direct) |
Le paysage en évolution de la cybersécurité des soins de santé
Les organisations de soins de santé sont confrontées à des défis de cybersécurité sans précédent en 2025. Avec les environnements de technologie opérationnelle (OT) de plus en plus ciblés et la convergence de l'informatique et des systèmes médicaux créant une surface d'attaque élargie, les approches de sécurité traditionnelles s'avèrent inadéquates. Selon des statistiques récentes, le secteur de la santé
The Evolving Healthcare Cybersecurity Landscape Healthcare organizations face unprecedented cybersecurity challenges in 2025. With operational technology (OT) environments increasingly targeted and the convergence of IT and medical systems creating an expanded attack surface, traditional security approaches are proving inadequate. According to recent statistics, the healthcare sector |
Legislation Medical | ★★ | |
|
2025-04-14 21:39:00 | La campagne Resolverrat cible les soins de santé, la pharma via le phishing et le chargement latéral DLL ResolverRAT Campaign Targets Healthcare, Pharma via Phishing and DLL Side-Loading (lien direct) |
Les chercheurs en cybersécurité ont découvert un nouveau cheval de Troie à distance sophistiqué appelé Resolverrat qui a été observé dans les attaques ciblant les secteurs de la santé et de la pharmaceutique.
"L'acteur de menace tire parti des leurres basés sur la peur livrés via des e-mails de phishing, conçus pour faire pression
Cybersecurity researchers have discovered a new, sophisticated remote access trojan called ResolverRAT that has been observed in attacks targeting healthcare and pharmaceutical sectors. "The threat actor leverages fear-based lures delivered via phishing emails, designed to pressure recipients into clicking a malicious link," Morphisec Labs researcher Nadav Lorber said in a report shared with The |
Threat Medical | ★★★ | |
|
2025-02-20 16:51:00 | Chinese-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware (lien direct) | A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases.
The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw
A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases. The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a new-patched security flaw |
Ransomware Threat Medical | ★★★ | |
|
2025-01-29 16:00:00 | How Interlock Ransomware Infects Healthcare Organizations (lien direct) | Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total.
This breach shows just how deeply ransomware
Ransomware attacks have reached an unprecedented scale in the healthcare sector, exposing vulnerabilities that put millions at risk. Recently, UnitedHealth revealed that 190 million Americans had their personal and healthcare data stolen during the Change Healthcare ransomware attack, a figure that nearly doubles the previously disclosed total. This breach shows just how deeply ransomware |
Ransomware Vulnerability Medical | ★★★ | |
|
2025-01-27 18:09:00 | [27 January] (lien direct) | Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we\'re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention.
As we unpack these complex topics, we\'ll equip you with sharp insights to
Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we\'re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention. As we unpack these complex topics, we\'ll equip you with sharp insights to |
Tool Vulnerability Medical | ★★ | |
|
2025-01-10 15:52:00 | Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity (lien direct) | Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints – from legacy medical devices to IoT sensors – onto their production networks.
Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints – from legacy medical devices to IoT sensors – onto their production networks. |
Medical | ★★★ | |
|
2024-12-30 18:13:00 | New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits (lien direct) | The United States Department of Health and Human Services\' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients\' data against potential cyber attacks.
The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the
The United States Department of Health and Human Services\' (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients\' data against potential cyber attacks. The proposal, which seeks to modify the Health Insurance Portability and Accountability Act (HIPAA) of 1996, is part of a broader initiative to bolster the |
Medical | ★★★ | |
|
2024-12-02 19:31:00 | SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan (lien direct) | Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware.
"SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks," Fortinet FortiGuard Labs said in a report shared with The Hacker News.
"While
Taiwanese entities in manufacturing, healthcare, and information technology sectors have become the target of a new campaign distributing the SmokeLoader malware. "SmokeLoader is well-known for its versatility and advanced evasion techniques, and its modular design allows it to perform a wide range of attacks," Fortinet FortiGuard Labs said in a report shared with The Hacker News. "While |
Malware Medical | ★ | |
|
2024-10-18 16:30:00 | Les États-Unis et les alliés mettent en garde contre les cyberattaques iraniennes sur les infrastructures critiques dans la campagne d'un an U.S. and Allies Warn of Iranian Cyberattacks on Critical Infrastructure in Year-Long Campaign (lien direct) |
Les agences de cybersécurité et de renseignement d'Australie, du Canada et des États-Unis ont mis en garde contre une campagne d'un an entreprise par les cyber-acteurs iraniens pour infiltrer les organisations d'infrastructures critiques via des attaques à force brute.
"Depuis octobre 2023, les acteurs iraniens ont utilisé la pulvérisation de force brute et de mot de passe pour compromettre les comptes d'utilisateurs et obtenir l'accès aux organisations des soins de santé et
Cybersecurity and intelligence agencies from Australia, Canada, and the U.S. have warned about a year-long campaign undertaken by Iranian cyber actors to infiltrate critical infrastructure organizations via brute-force attacks. "Since October 2023, Iranian actors have used brute force and password spraying to compromise user accounts and obtain access to organizations in the healthcare and |
Medical | ★★★ | |
|
2024-09-19 16:30:00 | Le diagnostic des soins de santé est essentiel: le remède est l'hygiène de la cybersécurité Healthcare\\'s Diagnosis is Critical: The Cure is Cybersecurity Hygiene (lien direct) |
La cybersécurité dans les soins de santé n'a jamais été aussi urgente.En tant qu'industrie la plus vulnérable et la plus grande cible pour les cybercriminels, les soins de santé sont confrontés à une vague croissante de cyberattaques.Lorsqu'un système d'hôpital est détenu en otage par ransomware, ce n'est pas seulement les données à risque - c'est le soin des patients qui dépendent de traitements vitaux.Imaginez une attaque qui oblige les soins d'urgence à s'arrêter, les chirurgies
Cybersecurity in healthcare has never been more urgent. As the most vulnerable industry and largest target for cybercriminals, healthcare is facing an increasing wave of cyberattacks. When a hospital\'s systems are held hostage by ransomware, it\'s not just data at risk - it\'s the care of patients who depend on life-saving treatments. Imagine an attack that forces emergency care to halt, surgeries |
Ransomware Medical | ★★ | |
|
2024-09-19 15:42:00 | Microsoft met en garde contre les nouveaux ransomwares Inc ciblant le secteur des soins de santé américains Microsoft Warns of New INC Ransomware Targeting U.S. Healthcare Sector (lien direct) |
Microsoft a révélé qu'un acteur de menace à motivation financière a été observé en utilisant une souche de ransomware appelée Inc pour la première fois pour cibler le secteur des soins de santé aux États-Unis.
L'équipe de renseignement sur les menaces du géant de la technologie suit l'activité sous le nom de Vanilla Tempest (anciennement Dev-0832).
"Vanilla Tempest reçoit des transferts des infections de Gootloader par l'acteur de menace Storm-0494,
Microsoft has revealed that a financially motivated threat actor has been observed using a ransomware strain called INC for the first time to target the healthcare sector in the U.S. The tech giant\'s threat intelligence team is tracking the activity under the name Vanilla Tempest (formerly DEV-0832). "Vanilla Tempest receives hand-offs from GootLoader infections by the threat actor Storm-0494, |
Ransomware Threat Medical | ★★ | |
|
2024-09-09 16:00:00 | Pulse SaaS de sécurité des ailes: sécurité continue et aperçus exploitables - gratuitement Wing Security SaaS Pulse: Continuous Security & Actionable Insights - For Free (lien direct) |
Conçu pour être plus qu'une évaluation unique - la sécurité de Wing \'s SaaS Pulse fournit aux organisations des idées exploitables et une surveillance continue de leur posture de sécurité SaaS et elle est libre!
Présentation de SAAS Pulse: Gestion des risques SaaS continue gratuits et NBSP;
Tout comme attendre qu'un problème médical devienne critique avant de voir un médecin, les organisations ne peuvent se permettre de négliger constamment
Designed to be more than a one-time assessment- Wing Security\'s SaaS Pulse provides organizations with actionable insights and continuous oversight into their SaaS security posture-and it\'s free! Introducing SaaS Pulse: Free Continuous SaaS Risk Management Just like waiting for a medical issue to become critical before seeing a doctor, organizations can\'t afford to overlook the constantly |
Medical Cloud | ★★ | |
|
2024-09-02 19:03:00 | Le groupe RansomHub Ransomware cible 210 victimes dans les secteurs critiques RansomHub Ransomware Group Targets 210 Victims Across Critical Sectors (lien direct) |
Les acteurs de la menace liés au groupe RansomHub Ransomware ont crypté et exfiltré des données d'au moins 210 victimes depuis sa création en février 2024, a déclaré le gouvernement américain.
Les victimes couvrent divers secteurs, notamment l'eau et les eaux usées, les technologies de l'information, les services gouvernementaux et les installations, les soins de santé et la santé publique, les services d'urgence, l'alimentation et l'agriculture, les services financiers,
Threat actors linked to the RansomHub ransomware group encrypted and exfiltrated data from at least 210 victims since its inception in February 2024, the U.S. government said. The victims span various sectors, including water and wastewater, information technology, government services and facilities, healthcare and public health, emergency services, food and agriculture, financial services, |
Ransomware Threat Medical | ★★ | |
|
2024-07-26 14:25:00 | Le DOJ américain inculte un piratage nord-coréen pour les attaques de ransomware contre les hôpitaux U.S. DoJ Indicts North Korean Hacker for Ransomware Attacks on Hospitals (lien direct) |
Le département américain de la Justice (MJ) a non scellé jeudi un acte d'accusation contre un agent de renseignement militaire nord-coréen pour avoir prétendument effectué des attaques de ransomwares contre les établissements de santé dans le pays et l'entraînement des paiements pour orchestrer des intrusions supplémentaires à la défense, à la technologie et aux entités gouvernementales à travers les entités de lamonde.
"Rim Jong Hyok et ses co-conspirateurs ont été déployés
The U.S. Department of Justice (DoJ) on Thursday unsealed an indictment against a North Korean military intelligence operative for allegedly carrying out ransomware attacks against healthcare facilities in the country and funneling the payments to orchestrate additional intrusions into defense, technology, and government entities across the world. "Rim Jong Hyok and his co-conspirators deployed |
Ransomware Medical | ★★★ | |
|
2024-06-05 15:40:00 | Ransomware de Knight rebaptisé ciblant les soins de santé et les entreprises du monde entier Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide (lien direct) |
Une analyse d'une souche ransomware naissante appelée RansomHub a révélé qu'il s'agissait d'une version mise à jour et renommée de Knight Ransomware, elle-même une évolution d'un autre ransomware appelé cyclope.
Le ransomware de Knight (AKA Cyclops 2.0) est arrivé pour la première fois en mai 2023, utilisant des tactiques à double extorsion pour voler et crypter les données des victimes pour le gain financier.Il est opérationnel sur plusieurs plates-formes,
An analysis of a nascent ransomware strain called RansomHub has revealed it to be an updated and rebranded version of Knight ransomware, itself an evolution of another ransomware known as Cyclops. Knight (aka Cyclops 2.0) ransomware first arrived in May 2023, employing double extortion tactics to steal and encrypt victims\' data for financial gain. It\'s operational across multiple platforms, |
Ransomware Medical | ★★ | |
|
2024-05-21 12:43:00 | Nextgen Healthcare Mirth Connect sous attaque - CISA Problèmes d'avertissement urgent NextGen Healthcare Mirth Connect Under Attack - CISA Issues Urgent Warning (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) et NBSP; le lundi & nbsp; ajout & nbsp; un défaut de sécurité ayant un impact sur la gaieté de NextGen Healthcare à son catalogue connu des vulnérabilités exploitées (KEV), citant des preuves de l'exploitation active.
Le défaut, suivi en & nbsp; CVE-2023-43208 & nbsp; (score CVSS: N / A), concerne un cas d'exécution de code distant non authentifié résultant d'un incomplet
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. The flaw, tracked as CVE-2023-43208 (CVSS score: N/A), concerns a case of unauthenticated remote code execution arising from an incomplete |
Vulnerability Medical | ★★★ | |
|
2024-05-16 15:42:00 | Les chercheurs découvrent 11 défauts de sécurité dans GE Healthcare Machines Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines (lien direct) |
Les chercheurs en sécurité ont divulgué près d'une douzaine de défauts de sécurité ayant un impact sur la famille de produits à ultrasons vifs GE Healthcare qui pourraient être exploités par des acteurs malveillants pour altérer les données des patients et même installer des ransomwares dans certaines circonstances.
"Les impacts permis par ces défauts sont multiples: de l'implant de ransomware sur la machine à ultrasons à l'accès et à la manipulation de
Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that could be exploited by malicious actors to tamper with patient data and even install ransomware under certain circumstances. "The impacts enabled by these flaws are manifold: from the implant of ransomware on the ultrasound machine to the access and manipulation of |
Ransomware Industrial Medical | ★★★★ | |
|
2024-02-28 18:36:00 | Le FBI prévient le secteur des soins de santé américains des attaques de ransomware Blackcat ciblées FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks (lien direct) |
Le gouvernement américain met en garde contre la résurgence des attaques de ransomwares BlackCat (AKA AlphV) ciblant le secteur des soins de santé aussi récemment que ce mois-ci.
"Depuis la mi-décembre 2023, sur les près de 70 victimes divulguées, le secteur des soins de santé a été le plus couramment victime", le gouvernement & nbsp; a déclaré & nbsp; dans un avis mis à jour.
"Cela est probablement en réponse à l'administrateur Alphv / BlackCat \\
The U.S. government is warning about the resurgence of BlackCat (aka ALPHV) ransomware attacks targeting the healthcare sector as recently as this month. "Since mid-December 2023, of the nearly 70 leaked victims, the healthcare sector has been the most commonly victimized," the government said in an updated advisory. "This is likely in response to the ALPHV/BlackCat administrator\'s |
Ransomware Medical | ★★★ | |
|
2024-02-21 14:50:00 | Cybersécurité pour les soins de santé diagnostiquant le paysage de la menace et prescrivant des solutions de reprise Cybersecurity for Healthcare-Diagnosing the Threat Landscape and Prescribing Solutions for Recovery (lien direct) |
Le jour de Thanksgiving 2023, alors que de nombreux Américains célébraient, les hôpitaux des États-Unis faisaient tout le contraire.Les systèmes échouaient.Les ambulances ont été détournées.Les soins ont été altérés.Les hôpitaux de trois États ont été & nbsp; frappés par une attaque de ransomware, et à ce moment-là, les répercussions du monde réel sont venues à la lumière, ce n'était pas juste des réseaux informatiques qui ont été mis en garde
On Thanksgiving Day 2023, while many Americans were celebrating, hospitals across the U.S. were doing quite the opposite. Systems were failing. Ambulances were diverted. Care was impaired. Hospitals in three states were hit by a ransomware attack, and in that moment, the real-world repercussions came to light-it wasn\'t just computer networks that were brought to a halt, but actual patient |
Ransomware Threat Medical | ★★★ | |
|
2024-01-10 14:17:00 | La FTC est interdite Outlogic (Mode X) de la vente de données de localisation sensibles FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data (lien direct) |
Mardi, la Federal Trade Commission (FTC) a interdit mardi le courtier de données Outlogic, qui était auparavant connu sous le nom de X-Mode Social, de partager ou de vendre des données de localisation sensibles avec des tiers.
L'interdiction fait partie de A & NBSP; Settlement & NBSP; sur des allégations selon lesquelles la société "a vendu des données de localisation précises qui pourraient être utilisées pour suivre les visites de personnes dans des emplacements sensibles tels que Medical et
The U.S. Federal Trade Commission (FTC) on Tuesday prohibited data broker Outlogic, which was previously known as X-Mode Social, from sharing or selling any sensitive location data with third-parties. The ban is part of a settlement over allegations that the company "sold precise location data that could be used to track people\'s visits to sensitive locations such as medical and |
Medical | ★★★ | |
|
2023-12-18 20:10:00 | Top 7 Tendances façonnant la sécurité SaaS en 2024 Top 7 Trends Shaping SaaS Security in 2024 (lien direct) |
Au cours des dernières années, le SaaS est devenu l'épine dorsale de l'informatique de l'informatique.Les entreprises de services, telles que les pratiques médicales, les cabinets d'avocats et les cabinets de services financiers, sont presque entièrement basés sur le SaaS.Les entreprises non services, y compris les fabricants et les détaillants, ont environ 70% de leur logiciel dans le cloud. & NBSP;
Ces applications contiennent une mine de données, du général peu sensible
Over the past few years, SaaS has developed into the backbone of corporate IT. Service businesses, such as medical practices, law firms, and financial services firms, are almost entirely SaaS based. Non-service businesses, including manufacturers and retailers, have about 70% of their software in the cloud. These applications contain a wealth of data, from minimally sensitive general |
Prediction Medical Cloud | ★★★ | |
|
2023-12-12 23:39:00 | Dévasser les cybermenaces pour les soins de santé: au-delà des mythes Unveiling the Cyber Threats to Healthcare: Beyond the Myths (lien direct) |
Soit \\ commencer par une question stimulante: parmi un numéro de carte de crédit, un numéro de sécurité sociale et un dossier de santé électronique (DSE), & nbsp; qui commande le prix le plus élevé sur un forum Web sombre? & Nbsp;
Étonnamment, c'est le DSE, et la différence est frappante: selon A & NBSP; étude, les DSE peuvent se vendre jusqu'à 1 000 $ chacun, contre seulement 5 $ pour un numéro de carte de crédit et 1 $ pour un social
Let\'s begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum? Surprisingly, it\'s the EHR, and the difference is stark: according to a study, EHRs can sell for up to $1,000 each, compared to a mere $5 for a credit card number and $1 for a social |
Studies Medical | ★★★ | |
|
2023-04-29 10:04:00 | CISA met en garde contre les défauts critiques dans les instruments de séquençage d'ADN d'Illumina \\ CISA Warns of Critical Flaws in Illumina\\'s DNA Sequencing Instruments (lien direct) |
L'Agence américaine de sécurité de la cybersécurité et de l'infrastructure (CISA) a publié un avertissement consultatif médical des systèmes de contrôle industriel (ICS) d'un défaut critique ayant un impact sur les dispositifs médicaux Illumina.
Les problèmes ont un impact sur le logiciel Universal Copy Service (UCS) dans l'illuminaMiseqdx, NextSeq 550DX, ISCAN, ISEQ 100, MINISEQ, MISEQ, NEXTSEQ 500, NextSeq 550, NextSeq 1000/2000 et Novaseq 6000 ADN
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an Industrial Control Systems (ICS) medical advisory warning of a critical flaw impacting Illumina medical devices. The issues impact the Universal Copy Service (UCS) software in the Illumina MiSeqDx, NextSeq 550Dx, iScan, iSeq 100, MiniSeq, MiSeq, NextSeq 500, NextSeq 550, NextSeq 1000/2000, and NovaSeq 6000 DNA |
Industrial Medical | ★★ | |
|
2023-03-08 16:04:00 | Lazarus Group Exploits Zero-Day Vulnerability to Hack South Korean Financial Entity (lien direct) | The North Korea-linked Lazarus Group has been observed weaponizing flaws in an undisclosed software to breach a financial business entity in South Korea twice within a span of a year. While the first attack in May 2022 entailed the use of a vulnerable version of a certificate software that's widely used by public institutions and universities, the re-infiltration in October 2022 involved the | Hack Vulnerability Medical | APT 38 | ★★★ |
|
2023-02-23 17:17:00 | Lazarus Group Using New WinorDLL64 Backdoor to Exfiltrate Sensitive Data (lien direct) | A new backdoor associated with a malware downloader named Wslink has been discovered, with the tool likely used by the notorious North Korea-aligned Lazarus Group, new findings reveal. The payload, dubbed WinorDLL64 by ESET, is a fully-featured implant that can exfiltrate, overwrite, and delete files; execute PowerShell commands; and obtain comprehensive information about the underlying machine. | Malware Tool Medical | APT 38 | ★ |
|
2023-02-22 16:29:00 | Hydrochasma: New Threat Actor Targets Shipping Companies and Medical Labs in Asia (lien direct) | Shipping companies and medical laboratories in Asia have been the subject of a suspected espionage campaign carried out by a never-before-seen threat actor dubbed Hydrochasma. The activity, which has been ongoing since October 2022, "relies exclusively on publicly available and living-off-the-land tools," Symantec, by Broadcom Software, said in a report shared with The Hacker News. There is no | Threat Medical | ★★ | |
|
2023-02-20 16:53:00 | Norway Seizes $5.84 Million in Cryptocurrency Stolen by Lazarus Hackers (lien direct) | Norwegian police agency Økokrim has announced the seizure of 60 million NOK (about $5.84 million) worth of cryptocurrency stolen by the Lazarus Group in March 2022 following the Axie Infinity Ronin Bridge hack. "This case shows that we also have a great capacity to follow the money on the blockchain, even if the criminals use advanced methods," the agency said in a statement. The development | Medical | APT 38 | ★★ |
|
2023-02-02 15:15:00 | North Korean Hackers Exploit Unpatched Zimbra Devices in \'No Pineapple\' Campaign (lien direct) | A new intelligence gathering campaign linked to the prolific North Korean state-sponsored Lazarus Group leveraged known security flaws in unpatched Zimbra devices to compromise victim systems. That's according to Finnish cybersecurity company WithSecure (formerly F-Secure), which codenamed the incident No Pineapple. Targets of the malicious operation included a healthcare research organization | Medical | APT 38 | ★★ |
|
2023-01-24 17:28:00 | FBI Says North Korean Hackers Behind $100 Million Horizon Bridge Crypto Theft (lien direct) | The U.S. Federal Bureau of Investigation (FBI) on Monday confirmed that North Korean threat actors were responsible for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge in June 2022. The law enforcement agency attributed the hack to the Lazarus Group and APT38, the latter of which is a North Korean state-sponsored threat group that specializes in financial cyber | Hack Threat Medical | APT 38 | ★★ |
|
2023-01-04 15:54:00 | The FBI\'s Perspective on Ransomware (lien direct) | Ransomware: contemporary threats, how to prevent them and how the FBI can help In April 2021, Dutch supermarkets faced a food shortage. The cause wasn't a drought or a sudden surge in the demand for avocados. Rather, the reason was a ransomware attack. In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, | Ransomware Threat Medical | ★★★ | |
|
2022-12-27 20:27:00 | BlueNoroff APT Hackers Using New Ways to Bypass Windows MotW Protection (lien direct) | BlueNoroff, a subcluster of the notorious Lazarus Group, has been observed adopting new techniques into its playbook that enable it to bypass Windows Mark of the Web (MotW) protections. This includes the use of optical disk image (.ISO extension) and virtual hard disk (.VHD extension) file formats as part of a novel infection chain, Kaspersky disclosed in a report published today. "BlueNoroff | Medical | APT 38 | ★★★ |
|
2022-12-07 14:52:00 | Microsoft Alerts Cryptocurrency Industry of Targeted Cyber Attacks (lien direct) | Cryptocurrency investment companies are the target of a developing threat cluster that uses Telegram groups to seek out potential victims. Microsoft's Security Threat Intelligence Center (MSTIC) is tracking the activity under the name DEV-0139, and builds upon a recent report from Volexity that attributed the same set of attacks to North Korea's Lazarus Group. "DEV-0139 joined Telegram groups | Threat Medical | APT 38 | ★★★ |
|
2022-12-05 17:54:00 | Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware (lien direct) | A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor's offices and courts. "Although it disguises itself as a ransomware and extorts money from the victim for 'decrypting' data, [it] does not actually encrypt, but purposefully destroys data in the affected system," Kaspersky researchers Fedor Sinitsyn and Janis Zinchenko said in a | Ransomware Malware Medical | APT 38 | ★★★ |
|
2022-12-05 16:00:00 | North Korean Hackers Spread AppleJeus Malware Disguised as Cryptocurrency Apps (lien direct) | The Lazarus Group threat actor has been observed leveraging fake cryptocurrency apps as a lure to deliver a previously undocumented version of the AppleJeus malware, according to new findings from Volexity. "This activity notably involves a campaign likely targeting cryptocurrency users and organizations with a variant of the AppleJeus malware by way of malicious Microsoft Office documents," | Malware Threat Medical | APT 38 | ★★★ |
|
2022-10-03 16:26:00 | Hackers Exploiting Dell Driver Vulnerability to Deploy Rootkit on Targeted Computers (lien direct) | The North Korea-backed Lazarus Group has been observed deploying a Windows rootkit by taking advantage of an exploit in a Dell firmware driver, highlighting new tactics adopted by the state-sponsored adversary. The Bring Your Own Vulnerable Driver (BYOVD) attack, which took place in the autumn of 2021, is another variant of the threat actor's espionage-oriented activity called Operation In(ter) | Vulnerability Threat Medical | APT 38 | |
|
2022-09-30 15:32:00 | North Korean Hackers Weaponizing Open-Source Software in Latest Cyber Attacks (lien direct) | A "highly operational, destructive, and sophisticated nation-state activity group" with ties to North Korea has been weaponizing open source software in their social engineering campaigns aimed at companies around the world since June 2022. Microsoft's threat intelligence teams, alongside LinkedIn Threat Prevention and Defense, attributed the intrusions with high confidence to Zinc, which is | Threat Medical | APT 38 | |
|
2022-09-09 17:06:00 | U.S. Seizes Cryptocurrency Worth $30 Million Stolen by North Korean Hackers (lien direct) | More than $30 million worth of cryptocurrency plundered by the North Korea-linked Lazarus Group from online video game Axie Infinity has been recovered, marking the first time digital assets stolen by the threat actor have been seized. "The seizures represent approximately 10% of the total funds stolen from Axie Infinity (accounting for price differences between time stolen and seized), and | Threat Medical | APT 38 | |
|
2022-09-08 17:50:00 | North Korean Lazarus Hackers Targeting Energy Providers Around the World (lien direct) | A malicious campaign mounted by the North Korea-linked Lazarus Group is targeting energy providers around the world, including those based in the United States, Canada, and Japan. “The campaign is meant to infiltrate organizations around the world for establishing long-term access and subsequently exfiltrating data of interest to the adversary's nation-state,” Cisco Talos said in a report shared | Medical | APT 38 | |
|
2022-09-07 17:40:00 | North Korean Hackers Deploying New MagicRAT Malware in Targeted Campaigns (lien direct) | The prolific North Korean nation-state actor known as the Lazarus Group has been linked to a new remote access trojan called MagicRAT. The previously unknown piece of malware is said to have been deployed in victim networks that had been initially breached via successful exploitation of internet-facing VMware Horizon servers, Cisco Talos said in a report shared with The Hacker News. "While being | Malware Medical | APT 38 | |
|
2022-08-16 23:20:26 | North Korea Hackers Spotted Targeting Job Seekers with macOS Malware (lien direct) | The North Korea-backed Lazarus Group has been observed targeting job seekers with malware capable of executing on Apple Macs with Intel and M1 chipsets. Slovak cybersecurity firm ESET linked it to a campaign dubbed "Operation In(ter)ception" that was first disclosed in June 2020 and involved using social engineering tactics to trick employees working in the aerospace and military sectors into | Malware Medical | APT 38 | |
|
2022-08-09 05:32:48 | U.S. Sanctions Virtual Currency Mixer Tornado Cash for Alleged Use in Laundering (lien direct) | The U.S. Treasury Department on Monday placed sanctions against crypto mixing service Tornado Cash, citing its use by the North Korea-backed Lazarus Group in the high-profile hacks of Ethereum bridges to launder and cash out the ill-gotten money. Tornado Cash, which allows users to move cryptocurrency assets between accounts by obfuscating their origin and destination, is estimated to have been | Medical | APT 38 | |
|
2022-07-27 23:09:54 | U.S. Offers $10 Million Reward for Information on North Korean Hackers (lien direct) | The U.S. State Department has announced rewards of up to $10 million for any information that could help disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities. "If you have information on any individuals associated with the North Korean government-linked malicious cyber groups (such as Andariel, APT38, Bluenoroff, Guardians of Peace, Kimsuky, or | Medical | APT 38 | |
|
2022-06-29 23:01:41 | North Korean Hackers Suspected to be Behind $100M Horizon Bridge Hack (lien direct) | The notorious North Korea-backed hacking collective Lazarus Group is suspected to be behind the recent $100 million altcoin theft from Harmony Horizon Bridge, citing similarities to the Ronin bridge attack in March 2022. The finding comes as Harmony confirmed that its Horizon Bridge, a platform that allows users to move cryptocurrency across different blockchains, had been breached last week. | Hack Medical | APT 38 | |
|
2022-05-20 02:23:24 | Hackers Exploiting VMware Horizon to Target South Korea with NukeSped Backdoor (lien direct) | The North Korea-backed Lazarus Group has been observed leveraging the Log4Shell vulnerability in VMware Horizon servers to deploy the NukeSped (aka Manuscrypt) implant against targets located in its southern counterpart. "The attacker used the Log4j vulnerability on VMware Horizon products that were not applied with the security patch," AhnLab Security Emergency Response Center (ASEC) said in a | Vulnerability Medical | APT 38 | |
|
2022-05-06 21:23:05 | U.S. Sanctions Cryptocurrency Mixer Blender for Helping North Korea Launder Millions (lien direct) | The U.S. Treasury Department on Friday moved to sanction virtual currency mixer Blender.io, marking the first time a mixing service has been subjected to economic blockades. The move signals continued efforts on the part of the government to prevent North Korea's Lazarus Group from laundering the funds stolen from the unprecedented hack of Ronin Bridge in late March. The newly imposed sanctions, | Hack Medical | APT 38 APT 28 | ★★★ |
|
2022-04-19 00:02:44 | FBI, U.S. Treasury and CISA Warn of North Korean Hackers Targeting Blockchain Companies (lien direct) | The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies. Calling the activity cluster TraderTraitor, the infiltrations involve the North Korean state-sponsored advanced persistent threat (APT) | Threat Medical | APT 38 APT 28 | |
|
2022-04-16 01:31:45 | Lazarus Group Behind $540 Million Axie Infinity Crypto Hack and Attacks on Chemical Sector (lien direct) | The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity's Ronin Network last month. On Thursday, the Treasury tied the Ethereum wallet address that received the stolen funds to the threat actor and sanctioned the funds by adding the address to the Office of Foreign Assets Control's (OFAC) | Hack Threat Medical | APT 38 APT 28 | |
|
2022-04-01 03:37:45 | North Korean Hackers Distributing Trojanized DeFi Wallet Apps to Steal Victims\' Crypto (lien direct) | The North Korean state-backed hacking crew, otherwise known as the Lazarus Group, has been attributed to yet another financially motivated campaign that leverages a trojanized decentralized finance (DeFi) wallet app to distribute a fully-featured backdoor onto compromised Windows systems. The app, which is equipped with functionalities to save and manage a cryptocurrency wallet, is also designed | Medical | APT 38 | |
|
2022-01-28 01:24:28 | North Korean Hackers Using Windows Update Service to Infect PCs with Malware (lien direct) | The notorious Lazarus Group actor has been observed mounting a new campaign that makes use of the Windows Update service to execute its malicious payload, expanding the arsenal of living-off-the-land (LotL) techniques leveraged by the APT group to further its objectives. The Lazarus Group, also known as APT38, Hidden Cobra, Whois Hacking Team, and Zinc, is the moniker assigned to the North | Malware Medical | APT 38 APT 28 | |
|
2021-10-27 00:14:47 | Latest Report Uncovers Supply Chain Attacks by North Korean Hackers (lien direct) | Lazarus Group, the advanced persistent threat (APT) group attributed to the North Korean government, has been observed waging two separate supply chain attack campaigns as a means to gain a foothold into corporate networks and target a wide range of downstream entities.
The latest intelligence-gathering operation involved the use of MATA malware framework as well as backdoors dubbed BLINDINGCAN |
Malware Threat Medical | APT 38 APT 28 |
To see everything:
Our RSS (filtrered)
