The Department of Health and Human Services Cybersecurity Coordination Center (HC3) has issued a warning to larger, enterprise healthcare organizations about the Lorenz ransomware threat group. The human-operated campaign is well-known for going after…

Cyberattacks have succeeded by exploiting gaps in corporate Information Technology (IT) environments, endpoints, and identities through social engineering and spear-phishing. They often immediately launch persistent threats and then steal credentials to…

Security researchers at Proofpoint warn that a new red-teaming tool dubbed “Nighthawk” may soon be leveraged by threat actors.  Created in late 2021 by MDSec, the tool is best described as an advanced C2 framework, which functions like Cobalt Strike…

IronNet researchers discovered a likely China-based threat actor that had infiltrated a US software company using legacy infrastructure from a previous company acquisition. Before deploying the Shack2 and China Chopper web shells, the threat actor used…

More than 1,500 apps have been discovered to be leaking the Algolia Application Programming Interface (API) key and application ID, potentially exposing user data. Researchers at CloudSEK discovered 32 applications with hard-coded critical admin secrets…

Security researchers at CloudSEK have recently identified thousands of applications leaking Algolia API keys and tens of applications with hardcoded admin secrets, which could allow attackers to steal the data of millions of users.  The researchers…

Security researchers at Nozomi Networks have discovered more than a dozen vulnerabilities in baseboard management controller (BMC) firmware.  BMC is a specialized processor that allows administrators to remotely control and monitor a device without…

Every year, organizations pay $1,197 per employee to address successful cyber incidents involving email services, cloud collaboration apps or services, and web browsers. According to a new Osterman Research survey for Perception Point, a 500-employee…

The Department of Justice (DOJ) announced the seizure of seven domain names used in "pig butchering" schemes, in which cybercriminals develop relationships with victims before exploiting them. According to the US Attorney's Office for the Eastern…

The National Security Agency's (NSA) Cybersecurity Collaboration Center has released a video as part of its Cybersecurity Speaker Series on how 5G security relates to national security. Through the Speaker Series, NSA shares insights, lessons, and…

The FBI and Estonian police recently arrested two Estonian citizens for their alleged involvement in a $575 million cryptocurrency fraud scheme.  Sergei Potapenko and Ivan Turõgin, both 37, are charged with conspiracy to commit wire fraud, 16 counts…

Proofpoint researchers have warned of the return of the Emotet malware, observing a high-volume malspam campaign delivering payloads such as IcedID and Bumblebee in early November. The Emotet banking Trojan has been around since at least 2014, and the…