Microsoft Rolls Out Default NTLM Relay Attack Mitigations
Microsoft has announced new default security protections meant to make it more difficult for threat actors to mount NTLM relay attacks against on-premises Exchange servers. As part of such attacks, threat actors target the NTLM (New Technology LAN Manager) authentication protocol by tricking the victim into authenticating to an arbitrary endpoint and then relaying the […]
Read More
$50 Million Radiant Capital Heist Blamed on North Korean Hackers
A North Korean threat actor was responsible for the $50 million heist that Radiant Capital fell victim to in October, the decentralized finance (DeFi) project says. The incident occurred on October 16, after three developers got infected with malware and their devices were used to sign fraudulent transactions during a routine multi-signature emissions adjustment process. […]
Read More
Critical OpenWrt Flaw Exposes Firmware Update Server to Exploitation
The OpenWrt Project, an open-source initiative providing a Linux-based operating system for embedded devices, has pushed a critical patch to cover flaws that expose its firmware update server to malicious exploitation. The vulnerability, tracked as CVE-2024-54143, affects the OpenWrt sysupgrade server and exposes users to potential risks of installing compromised firmware images. An OpenWrt bulletin […]
Read More
Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack
Medical devices company Artivion on Monday disclosed a ransomware attack that knocked some of its systems offline, causing disruption to order and shipping processes. Headquartered in Atlanta, Georgia, Artivion manufactures and distributes aortic-centric cardiac and vascular medical products, including mechanical human heart valves, implantable cardiac and vascular human tissues, stent grafts, and surgical sealants. The […]
Read More
QNAP Patches Vulnerabilities Exploited at Pwn2Own
Taiwan-based QNAP Systems over the weekend announced patches for multiple QTS and QuTS Hero vulnerabilities demonstrated at the Pwn2Own Ireland 2024 hacking contest. At Pwn2Own, participants earned tens of thousands of dollars for QNAP product exploits, and one entry even earned white hat hackers $100,000, but it involved chaining not only QNAP but also TrueNAS […]
Read More
Blue Yonder Probing Data Theft Claims After Ransomware Gang Takes Credit for Attack
The ransomware attack that hit Blue Yonder last month may have also involved the theft of a significant amount of files. Arizona-based Blue Yonder, whose supply chain management software is used by major companies in the US and elsewhere, revealed on November 21 that its managed services hosted environment had been experiencing disruptions due to […]
Read More
Deloitte Responds After Ransomware Group Claims Data Theft
Deloitte has issued a statement in response to a ransomware group’s claims regarding the theft of a significant amount of information belonging to the company. The ransomware group calling itself Brain Cipher listed Deloitte UK on its Tor-based website last week, claiming to have obtained over one terabyte of data (they claim this is the […]
Read More
Eight Suspected Phishers Arrested in Belgium, Netherlands
Belgian and Dutch authorities announced the arrest of eight individuals suspected of participating in a fraud scheme that included phishing, online scams, money laundering, and other illegal activities. On December 3, as part of an investigation started in 2022, law enforcement agencies in the two countries conducted 17 searches and seized electronic devices, cash, luxury […]
Read More
Anna Jaques Hospital Data Breach Impacts 316,000 People
Anna Jaques Hospital is notifying over 316,000 individuals that their personal information was compromised in a December 2023 data breach. The incident was identified on Christmas day last year and resulted in the hospital diverting patients from its emergency rooms after its health record system was shut down. Anna Jaques initially disclosed the data breach […]
Read More
The EU Makes an Urgent TikTok Inquiry on Russia’s Role in Romanian Election Turmoil
The European Union said Friday it sent TikTok an urgent request for more information about Romanian intelligence files suggesting that Moscow coordinated influencers on its platform to promote an election candidate who became the surprise front-runner in the nation’s presidential election. The 27-nation bloc’s executive branch is using its sweeping digital rulebook to scrutinize the […]
Read More