​#ChangeHealthcareBreach #RansomHubDataSale #CybersecurityEmergency #MedicalDataTheft #SensitiveRecordsCompromised #BlackCatRansomware #AlphVCyberAttack #USMilitaryDataLeak #HealthcarePaymentCrisis #PatientPrivacyConcerns #cybercrime #cybersecurity

Change Healthcare, a subsidiary of UnitedHealth Group, is in the midst of a cybersecurity crisis as the RansomHub group claims to be selling sensitive American medical and financial records stolen from the company.

The data purportedly includes medical records, insurance details, and personal identifiers such as Social Security numbers, with claims that it even contains information on active-duty US military personnel.

This development follows a February cyberattack by BlackCat/AlphV that severely disrupted Change Healthcare's operations and the wider US healthcare system. The company has confirmed an ongoing investigation into RansomHub's claims.

→ Read more on wired.com 

​#UnitedHealthCyberattack #AndrewWittyTestimony #ChangeHealthcareHack #HealthcareBillingDisruption #PatientCareImpact #ProviderFinancialStrain #CybersecurityHealthcare #EnergyAndCommerceCommittee #CriticalAccessThreatened #HealthTechSecurity #CybersecurityIncident #cybercrime #cybersecurity

UnitedHealth CEO Andrew Witty is set to testify before a U.S. House subcommittee on May 1 regarding a cyberattack on Change Healthcare, the company's technology unit, which occurred on February 21.

The attack disrupted healthcare billing and payments for a month, causing significant financial strain for individuals and smaller providers, and potentially impacting patient access to critical healthcare services.

The Energy and Commerce Committee announced the upcoming testimony as concerns rise over the implications of such cyberattacks on the healthcare system.

→ Read more on reuters.com 

​#MITRECyberattack #NERVENetworkBreach #IvantiVPNZeroDays #CVE202346805 #CVE202421887 #NationStateHacking #CybersecurityAlert #ChineseHackers #VolexityDisclosure #MandiantInvestigation #cybercrime #cybersecurity

MITRE Corporation faced a cyberattack in January targeting its NERVE network, used for research and development.

The breach, only discovered recently, exploited two zero-day vulnerabilities in Ivanti Connect Secure VPN devices, identified as CVE-2023-46805 and CVE-2024-21887. These vulnerabilities were publicly exposed by Volexity, linking their exploitation to Chinese government-backed hackers.

Ivanti provided initial mitigations and later released patches. With MITRE attacked before the disclosure, it's suspected that the same Chinese actors may be involved, although MITRE has only confirmed the breach as a foreign nation-state act. Mandiant has noted several China-linked groups exploiting these Ivanti VPN flaws.

→ Read more on securityweek.com 

​#LuxorDataBreach #StationerySecurityLeak #BreachForumsDisclosure #LeakbaseTelegram #SensitiveDataExposed #HashedPasswordsLeaked #IdentityTheftRisk #OperationalDisruption #APACDataConcerns #LuxorCybersecurityIncident #cybercrime #cybersecurity

Luxor International Private Limited, a leading Indian stationery manufacturer, has reportedly suffered a data breach with a database leak disclosed on BreachForums by a user named postmaster.

The breach, detected on April 19, 2024, involved 692 MB of SQL data leaked on Leakbase's Telegram channel, containing personal and sensitive information such as names, dates of birth, hashed passwords, and financial details.

The breach could have severe consequences for Luxor, including loss of trust, financial and reputational damage, and risks of identity theft and fraud for its customers. The breach's impact extends beyond India, affecting Luxor's APAC clients and partners.

→ Read more on thecyberexpress.com 

​##SafeBreachDiscovery #MicrosoftDefenderFlaw #KasperskyEDRVulnerability #BlackHatAsiaInsights #CybersecurityConcerns #RemoteFileDeletion #FalsePositiveExploit #MalwareSignatureManipulation #InfosecResearch #DataProtectionRisk #cybercrime #cybersecurity

SafeBreach researchers revealed at Black Hat Asia that security products from Microsoft and Kaspersky could be tricked into deleting legitimate files by exploiting flaws that allow remote file deletion.

Despite patches, the vulnerability persists. The method involves inserting malware signatures into non-malicious files, causing Microsoft Defender and Kaspersky's EDR to falsely identify and potentially delete important files like databases or virtual machines. This discovery raises concerns about the reliability of these security tools and the potential for data loss.

→ Read more on theregister.com 

​#Androxgh0stMalware #VeritiResearchAlert #ServerCompromiseWave #CVEExploitation #WebShellDeployment #LaravelSecurityRisk #CloudCredentialTheft #BotnetConstruction #CybersecurityAdvisory #FBICISAWarns #DanaBotInfection #cybercrime #cybersecurity

Veriti Research has identified a significant increase in attacks by the Androxgh0st malware, compromising over 600 servers across the U.S., India, and Taiwan.

The attackers exploit multiple vulnerabilities, including CVE-2021-3129 and CVE-2024-1709, to install web shells for remote control.

They target Laravel applications and Apache servers to steal cloud service credentials and establish botnets for further exploitation.

The FBI and CISA have issued an advisory on Androxgh0st's activities, highlighting the threat of credential theft and backdoor access.

→ Read more on hackread.com 

​#FrontierCommunicationsCyberattack #TelecomSecurityBreach #SECReportedIncident #OperationalDisruption #CybersecurityInvestigation #FinancialImpactUnclear #LawEnforcementNotified #ContainmentMeasures #ITSystemsCompromised #CustomerSupportChallenges #cybercrime #cybersecurity

Frontier Communications, a Texas-based telecom provider operating in over 25 states with $5.75 billion in 2023 revenues, reported a cyberattack to the SEC.

The attack, detected on April 14, led to unauthorized system access and prompted the company to shut down certain systems, causing operational disruptions. While the impact was initially deemed potentially material, Frontier later stated it doesn't expect the incident to significantly affect its financial health.

The company is investigating with the aid of cybersecurity experts and has informed law enforcement. Despite the reassurance, Frontier has not clarified the apparent contradiction regarding the attack's materiality and is facing technical issues, as noted on its website.

→ Read more on therecord.media 

​#QuishingSurge #PhishingTrends #EgressReport #CybersecurityThreats #ImpersonationAttacks #SocialEngineering #MicrosoftTeamsTargeted #SlackPhishing #AICybercrime #DeepfakeWarning #cybercrime #cybersecurity

The Egress report highlights a sharp rise in 'quishing' attacks, with QR code-based phishing jumping from 0.8% to 10.8% by 2024. Meanwhile, attachment-based phishing has dropped significantly.

Impersonation attacks remain high, with 77% posing as familiar brands like DocuSign and Microsoft. Phishing emails are becoming longer, potentially due to AI use, and social engineering is more prevalent.

Work messaging platforms, particularly Microsoft Teams and Slack, are increasingly targeted in multi-channel attacks. AI is becoming a key tool for cybercriminals, with an expected increase in deepfake use in cyberattacks.

→ Read more on infosecurity-magazine.com 

​#EuropolWarning #EndToEndEncryption #PublicSafetyConcern #SocialMediaSecurity #TechCompanyChallenges #CrimePrevention #EvidenceAccess #PrivacyVsSafety #LawEnforcementObstacles #SeriousCrimeInvestigation #cybercrime #cybersecurity

Europol has issued a warning that urgent action is needed against end-to-end encryption in social media to maintain public safety.

At a recent informal meeting in London, attended by police leaders from EU member states and Schengen-associated countries, concerns were raised about encryption hindering tech companies and law enforcement from detecting and investigating serious crimes.

Europol emphasised that while privacy measures like end-to-end encryption are being implemented, they could prevent the detection of offences on platforms and obstruct access to evidence needed to combat and prosecute crimes such as child sexual abuse, human trafficking, drug smuggling, homicide, economic crime, and terrorism.

→ Read more on heise.de 

​#SocialMediaScams #FakeExecutiveProfiles #CyberFraudTactics #DataTheftRisk #ImpersonationScams #LinkedInFraud #FacebookSecurityAlert #InstagramScamWarning #CorporateIdentityTheft #CybersecurityAwareness #cybercrime #cybersecurity

Cybercriminals are increasingly exploiting social media platforms by creating fake executive profiles on Facebook, Instagram, and LinkedIn.

These fraudulent profiles can be highly profitable, enabling scammers to steal sensitive data and profit from extortion or sale. High-profile individuals are targeted not just for the value of their data but also because their status can be used to deceive unsuspecting users.

By impersonating executives, attackers can contact potential business partners or employees without raising suspicion, coaxing them into revealing confidential information or transferring funds.

Unlike other cyberattacks, this method bypasses traditional security measures, leveraging the ease of communication on social networks to directly obtain data and resources from victims.

→ Read more on it-daily.net 

​+49 89 360 5310 | security-awareness@metafinanz.de

​The editors are not responsible for the content of each article.