Latest News

2020/09/11

Cyber-Risks Explode With Move to Telehealth Services

The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest.
The mass adoption of telehealth applications and services in the months since the COVID-19 outbreak began has introduced new cyber-risks within the healthcare industry.

New research by SecurityScorecard and Dark Owl found that the rapid onboarding of technologies for enabling the delivery of health services online has significantly broadened the attack surface at many healthcare organizations, putting both patient and provider data at risk.
2020/09/11

United Airlines’ website bug exposed traveler ticket data

A bug in United Airlines’ website let anyone access the ticket information for travelers who requested a refund.

The airline’s website lets users check their refund status by entering their ticket number and last name. But the website wasn’t validating the last name, making it possible to access other travelers’ refund information by changing the ticket number.

IT security expert Oliver Linow, who found the bug, told TechCrunch that he could see traveler surnames, the payment type and currency used to buy the ticket, and the refund amount.

United, like most other airlines, lets passengers access and modify their upcoming flights using only a passenger’s ticket number and last name.
2020/09/02

Pioneer Kitten APT Sells Corporate Network Access

An APT group known as Pioneer Kitten, linked to Iran, has been spotted selling corporate-network credentials on hacker forums. The credentials would let other cybercriminal groups and APTs perform cyberespionage and other nefarious cyber-activity.

Pioneer Kitten is a hacker group that specializes in infiltrating corporate networks using open-source tools to compromise remote external services. Researchers observed an actor associated with the group advertising access to compromised networks on an underground forum in July, according to a blog post Monday from Alex Orleans, a senior intelligence analyst at CrowdStrike Intelligence.
2020/09/02

U.S. Voter Databases Offered for Free on Dark Web, Report

Personal information for several million American voters has turned up on a Russian underground cybercrime forum, according to reports – and users are purportedly looking to monetize it using a recently launched State Department program meant to prevent election-meddling.

The personal information includes names, dates of birth, gender, physical addresses and email addresses, and election-specific data – such as when an individual registered to vote, voter registration numbers and polling stations – according to Kommersant, a Moscow-based newspaper.
2020/08/24

Top exploits used by ransomware gangs are VPN bugs, but RDP still reigns supreme

Ransomware attacks targeting the enterprise sector have been at an all-time high in the first half of 2020.

While ransomware groups each operate based on their own skillset, most of the ransomware incidents in H1 2020 can be attributed to a handful of intrusion vectors that gangs appear to have prioritized this year.

The top three most popular intrusion methods include unsecured RDP endpoints, email phishing, and the exploitation of corporate VPN appliances.