February’s Patch Tuesday assumes battle stations
Just 58 CVEs to spar with in February, but plenty are already under attack
Categories: Threat Research, X-ops
Tags: Patch Tuesday, Microsoft, Windows
Similar Posts
TikTok Says It Will ‘Go Dark’ Unless It Gets Clarity From Biden Following Supreme Court Ruling
Bys sTikTok said it will have to “go dark” this weekend unless Biden assures the company it won’t enforce a shutdown after the Supreme Court upheld the ban. The post TikTok Says It Will ‘Go Dark’ Unless It Gets Clarity From Biden Following Supreme Court Ruling appeared first on SecurityWeek.
North Korea-linked Supply Chain Attack Targets Developers with 35 Malicious npm Packages
Bys sCybersecurity researchers have uncovered a fresh batch of malicious npm packages linked to the ongoing Contagious Interview operation originating from North Korea. According to Socket, the ongoing supply chain attack involves 35 malicious packages that were uploaded from 24 npm accounts. These packages have been collectively downloaded over 4,000 times. The complete list of the…
Another plastic surgery practice fell prey to a cyberattack with extortion attempt
Bys sThe same threat actors who were responsible for attacks on at least three plastic surgery practices that DataBreaches knows about reportedly hit a fourth one last year. Peter Senzamici reports: Dozens of patients of a premier Manhattan plastic surgeon had their hacked nude images and social security numbers posted online — and the doctor failed……
Rockstar2FA Collapse Fuels Expansion of FlowerStorm Phishing-as-a-Service
Bys sAn interruption to the phishing-as-a-service (PhaaS) toolkit called Rockstar 2FA has led to a rapid uptick in activity from another nascent offering named FlowerStorm. “It appears that the [Rockstar2FA] group running the service experienced at least a partial collapse of its infrastructure, with pages associated with the service no longer reachable,” Sophos said in a…
Watsonville Community Hospital had a data breach — or two. It would be helpful to know which.
Bys sOn December 8, 2024, DataBreaches reported that Watsonville Community Hospital in California was continuing to respond to what they referred to as a cyberattack on November 29. No gang had claimed responsibility at that point, patients hadn’t been notified yet, and the hospital wasn’t stating whether the attack involved encryption of any files. Weeks later,……
Cl0p cybercrime gang’s data exfiltration tool found vulnerable to RCE attacks
Bys sConnor Jones reports: Security experts have uncovered a hole in Cl0p’s data exfiltration tool that could potentially leave the cybercrime group vulnerable to attack. The vulnerability in the Python-based software, which was used in the 2023-2024 MOVEit mass data raids, was discovered by Italian researcher Lorenzo N and published by the Computer Incident Response Center Luxembourg (CIRCL)….