New Malware Campaign Exploits Avast Driver to Bypass Security Systems
Security researchers have identified a sophisticated malware campaign using Bring Your Own Vulnerable Driver (BYOVD) technique to disable antivirus protections. By exploiting a legitimate Avast driver, the malware can terminate security processes and gain elevated system control.
Microsoft Under FTC Investigation for Cloud Services in Government Contracts
The Federal Trade Commission launches probe into Microsoft's potential anticompetitive practices in cloud computing, focusing on $150 billion government security upgrade deal. Questions arise over contract bidding processes and hidden costs in seemingly generous offerings.
Meta Cracks Down on 'Pig Butchering' Crypto Scams, Removes 2M+ Fraudulent Accounts
Meta has taken decisive action against sophisticated cryptocurrency investment scams by removing over 2 million deceptive accounts across its platforms. The company's enhanced security measures target 'pig butchering' schemes originating from Southeast Asia that build trust before defrauding victims.
Minneapolis Parks Department Hit by Phone System-Disrupting Cyberattack
A cyberattack on the Minneapolis Park and Recreation Board has caused an ongoing phone system outage, though core systems remain uncompromised. The incident highlights growing cybersecurity challenges facing public institutions as technical teams work to restore services and investigate potential data breaches.
US Authorities Dismantle PopeyeTools Cybercrime Marketplace, Charge Three Administrators
The U.S. Department of Justice has shut down PopeyeTools, a major cybercrime platform trafficking stolen financial data from over 227,000 individuals. Three administrators from Pakistan and Afghanistan face criminal charges for running the $1.7 million illegal operation since 2016.
Healthcare Under Siege: The Alarming Rise of Ransomware Attacks on Medical Systems
Ransomware attacks on healthcare organizations doubled in 2023, with LockBit responsible for 25% of incidents. Beyond financial losses, these cyberattacks directly impact patient care, highlighting the critical need for robust backup systems and comprehensive security measures in protecting sensitive medical data.
FBI Charges Five Members of Scattered Spider Gang in MGM Resorts Cyberattack
Federal prosecutors have charged five hackers allegedly responsible for sophisticated phishing attacks against MGM Resorts and cryptocurrency theft. The suspects, including a British national and four US citizens, face up to 27 years in prison for wire fraud conspiracy and identity theft.
Major French Hospital Data Breach Exposes Medical Records of 750,000 Patients
A devastating cyberattack at a Paris-area hospital has compromised two decades of sensitive patient data, including medical records and personal information of 750,000 individuals. French authorities are investigating as the stolen data surfaces on the dark web, prompting renewed focus on healthcare cybersecurity.
Iranian Hackers Exploit Legitimate Remote Management Tools in Sophisticated Phishing Campaign
Sophos MDR team uncovers cyber campaign using legitimate remote monitoring software for malicious purposes, linked to Iranian threat group MuddyWater. The attackers deploy tools like Atera and Level RMM through sophisticated phishing techniques targeting organizations in Israel and the US.
MITRE's 2024 Top 25 Software Vulnerabilities: Out-of-Bounds Write Tops Critical Security Threats
MITRE Corporation unveils its 2024 ranking of the most dangerous software weaknesses, with out-of-bounds write claiming the top spot followed by cross-site scripting and improper input validation. The annual list serves as a crucial guide for organizations to prioritize cybersecurity efforts and strengthen their software development practices.