Latest Security News Collection
01
British Company Advanced Fined £3m Over Ransomware Attack
#Ransomware #DataBreach #Advanced #ICO #LockBit #NHS111 #PrivacyRegulation #HealthcareIT #SecurityFailings #cybercrime #cybersecurity
Advanced, an IT service provider for numerous healthcare organisations in the UK, has been fined £3.1 million by the Information Commissioner’s Office (ICO) due to a ransomware attack in 2022. Initially facing a £6 million fine, the company reached a voluntary settlement with the ICO, which stated that the security failings put the personal information of 79,404 people at risk.
The attack, suspected to be conducted by the LockBit group, exploited a customer account without multi-factor authentication, causing significant disruption, including the NHS 111 service. The ICO’s investigation revealed that personal information, including details for accessing homes of individuals receiving care, was compromised. Despite the high number of ransomware breaches, the ICO’s investigations have been decreasing, raising concerns about the regulator’s capacity to handle such incidents.
→ Read more on therecord.media
02
CISA Warns of “Resurge” Malware Following Ivanti ICS Attacks
#IvantiICS #ResurgeMalware #CISA #VPNVulnerability #SpawnChimera #Webshell #MalwareAnalysis #IndicatorsOfCompromise #YARARules #cybercrime #cybersecurity
Since January, attacks on Ivanti’s Connect Secure (ICS) VPN software have been reported, with the US Cybersecurity and Infrastructure Security Agency (CISA) discovering and analysing malware on compromised devices. The vulnerability, CVE-2025-0282, was exploited by criminals to install a malware named “Resurge,” which belongs to the Spawn-Chimera family, as reported by the Japanese CERT in February.
Resurge is a sophisticated malware capable of surviving reboots and executing various commands to alter its behaviour. It can set up a webshell to spy on credentials, create accounts, reset passwords, and escalate privileges. Additionally, it can integrate the webshell into the boot disk and Coreboot image of Ivanti ICS. CISA’s detailed analysis provides indicators of compromise (IOCs) and YARA detection rules, along with in-depth functional analyses of the malware files.
→ Read more on heise.de
03
Files Stolen from NSW Court System, Including Restraining Orders
#CyberCrime #DataTheft #CyberSecurity #NSWCourtSystem #AVOs #PrivacyRisk #CyberCrime #ReportCyber #MichaelDaley #NSWPolice #CyberSecurityNSW
Australian police are investigating a significant data theft from the New South Wales court system, where approximately 9,000 files were stolen from the NSW Online Registry website (ORW). This secure online platform provides access to civil and criminal court cases in the region. Among the stolen files were affidavits and apprehended violence orders (AVOs), which protect victims of domestic violence, child abuse, and other physical harms.
The theft, discovered on Tuesday, poses severe privacy risks as leaking AVOs could expose the names and addresses of both victims and alleged offenders. Law enforcement officials are contacting those affected and urging others to report via ReportCyber, Australia’s cybercrime reporting service. NSW’s attorney general, Michael Daley, assured that the government is taking the incident seriously and working with Cyber Security NSW and the NSW Police to maintain system integrity.
→ Read more on theregister.com
04
170,000 Impacted by Data Breach at Chord Specialty Dental Partners
#DataBreach #CyberSecurity #ChordSpecialtyDentalPartners #EmailSecurity #PersonalInformation #IdentityProtection #HealthcareIT #SecurityIncident #Numotion #PrivacyRisk #cybercrime
An email security incident at Chord Specialty Dental Partners, a Tennessee-based dental service organization, has resulted in a data breach affecting more than 170,000 people. The organization, which supports over 60 practices across six US states, discovered suspicious activity on an employee’s email account in September 2024. An investigation revealed unauthorized access to several email accounts between August 18 and September 25, 2024, compromising personal information such as names, addresses, dates of birth, SSNs, driver’s license numbers, bank account details, payment card information, medical information, and health insurance information.
Chord Specialty Dental Partners has assured that there is no evidence of fraudulent misuse of the information but has not ruled out the possibility of access. The affected individuals are being offered credit monitoring and identity protection services. This incident follows another significant email-based data breach at wheelchair provider Numotion, impacting nearly 500,000 individuals.
→ Read more on securityweek.com
05
Ransomware Gang RansomHub Takes Over LockBit’s Criminal Legacy
#Ransomware #RansomHub #LockBit #BlackCat #RaaS #EDRKillShifter #ESET #SecurityThreats #CyberCrime #cybersecurity
The threat of ransomware remains high in 2024, but the power dynamics within the scene are shifting. While former leaders like LockBit and BlackCat have been largely pushed back by international law enforcement actions, a new player, RansomHub, is emerging.
According to a detailed analysis by IT security provider ESET, RansomHub has quickly established itself as a leading Ransomware-as-a-Service (RaaS) platform. The group gained significant influence after established competitors were weakened by law enforcement operations, leading to a redistribution within the cybercrime ecosystem.
ESET researcher Jakub Souček noted that 2024 marked two turning points: the decline of the two largest ransomware groups and a 35% drop in ransom payments. However, the number of publicly reported victims increased by 15%, with a large portion attributed to RansomHub.
A particularly concerning aspect of RansomHub is its use of custom tools to disable security solutions. One key tool, the EDRKillShifter, is designed to disable protection systems on compromised computers by manipulating a faulty driver in the victim’s operating system.
→ Read more on it-daily.net
06
Thousands of Australians Have Their IDs and Bank Details Exposed
#DataLeak #CyberSecurity #VroomByYouX #SensitiveData #PrivacyRisk #Phishing #CreditCardDetails #JeremiahFowler #WebsitePlanet #FintechSecurity #CyberCrime
Australia’s largest online marketplace for car loans, Vroom by YouX, has exposed thousands of driver’s licenses and partial credit card details. The company, based in New South Wales, left a passwordless database with 27,000 records of sensitive user data accessible online. The leaked records span from 2022 to 2025 and include identity and financial documents submitted for loan approval.
The data leak was discovered by cybersecurity researcher Jeremiah Fowler, who reported it to Website Planet. The company secured access to the database following the report. Although there is no evidence of cybercriminals exploiting the data, the exposure poses significant risks to clients. Cybercriminals could launch phishing campaigns, impersonating the company to extract more sensitive information. Additionally, partial credit card numbers could be pieced together with data from past breaches to scam individuals.
Vroom by YouX has promised a post-incident review to improve communication and processes.
→ Read more on cybernews.com
07
EU Commission to Invest €1.3bn in Cybersecurity and AI
#AI #EUCommission #DigitalEurope #STEP #Innovation #TechFunding #EUProjects #FundingOpportunities #DigitalDefenses #cybercrime #cybersecurity
The EU is set to enhance its digital defenses with a substantial investment of €1.3bn ($1.4bn) to fund innovative cybersecurity and AI projects over the next three years. Announced by the EU Commission on March 28, 2025, this funding will support projects from 2025 to 2027 as part of the Digital Europe Programme (DIGITAL). Launched in 2021, DIGITAL aims to deploy tech initiatives with an initial budget of €8.1bn ($8.8bn) under the Multiannual Financial Framework 2021-2027.
The Strategic Technologies for Europe Platform (STEP), introduced in 2024, will further drive innovation by awarding the STEP Seal to promising projects. The upcoming DIGITAL calls, starting in April 2025, will provide funding opportunities for businesses and public administrations from EU Member States, EFTA/EEA countries, and associated countries. Interested parties can find information on open calls and eligibility criteria through the EU Funding & Tenders Portal, with additional calls to be published throughout the year.
→ Read more on infosecurity-magazine.com
08
New Morphing Meerkat Phishing Kit Exploits DNS to Spoof 100+ Brands
#CyberSecurity#Phishing #MorphingMeerkat #DNSVulnerabilities #PhaaS #Infoblox #SpamEmails #EmailSecurity #CredentialTheft #FakeLoginPages #cybercrime
A recent analysis by Infoblox has uncovered a sophisticated phishing operation known as Morphing Meerkat, which has been exploiting DNS vulnerabilities for years to conduct highly effective phishing campaigns. This operation uses a phishing-as-a-service (PhaaS) platform, allowing both technical and non-technical cybercriminals to launch targeted attacks.
The platform includes tools to bypass security systems, such as exploiting open redirects on adtech servers, redirecting through compromised WordPress websites, and using DNS MX records to identify victim email service providers. It employs mass spam delivery and dynamic content tailoring to evade traditional security measures. Researchers observed a centralization pattern in spam email distribution, with a significant portion originating from servers hosted by iomart (UK) and HostPapa (US), indicating a unified network.
Morphing Meerkat dynamically serves fake login pages customized to the victim’s email service provider by querying DNS MX records using Cloudflare DoH or Google Public DNS. The platform maps these records to corresponding phishing HTML files, featuring over 114 unique brand designs, ensuring a personalized phishing experience and increasing the likelihood of successful credential theft.
→ Read more on hackread.com
09
New Wave of Attacks on Encryption Heats Up
#Encryption #CyberSecurity #Privacy #EndToEndEncryption #GovernmentSurveillance #Signal #WhatsApp #SaltTyphoon #EU #USIntelligence #cybercrime
Recent months have seen a surge in government and law enforcement efforts to undermine end-to-end encryption, with the UK, France, Sweden, and the EU making moves that experts describe as more “crude” and aggressive than in recent years. Despite the widespread adoption of encrypted communication platforms like Signal, iMessage, and WhatsApp, threats to weaken encryption continue to grow.
Since the start of 2025, officials in these countries have proposed measures that could undermine or eliminate encryption protections, adding to ongoing EU plans to scan private chats and Indian initiatives that could damage encryption. Meanwhile, US intelligence agencies have reversed their anti-encryption stance, now recommending encrypted communication following the Salt Typhoon hacker group’s breach of major US telecoms. This shift comes as the second Trump administration increases surveillance of undocumented migrants and strains international intelligence-sharing agreements.
→ Read more on wired.com
10
Solar Power Gear Vulnerable to Remote Sabotage
#SolarPower #Vulnerabilities #Forescout #Sungrow #Growatt #SMA #ElectricGrid #RenewableEnergy #Dragos #RobertMLee#cybersecurity #cybercrime
Security flaws in solar inverters from leading manufacturers Sungrow, Growatt, and SMA Solar Technology have exposed vulnerabilities that could allow cyber threat actors to commandeer parts of the electric grid. Researchers from cybersecurity firm Forescout uncovered 46 vulnerabilities, including information leakage, buffer overflows, and website code defects, which could enable hackers to collect equipment details, inject data into web portals, and overwrite firmware with malicious code.
Solar inverters are crucial for converting electricity generated by solar panels into power for homes and businesses. The shift to renewable energy has increased scrutiny on the digitally connected equipment underpinning this evolution, especially as threats to the electric grid grow. Robert M. Lee, CEO of Dragos, highlighted the importance of visibility and mitigation of such vulnerabilities. Sungrow, Growatt, and SMA have since patched the identified vulnerabilities
→ Read more on cybersecuritydive.com
+49 89 360 5310 | security-awareness@metafinanz.de
The editors are not responsible for the content of each article.