Finding Minhook in a sideloading attack – and Sweden too
Multifaceted changes in TTPs illustrate what researchers see when they start digging
Similar Posts
Oracle Health breach compromises patient data at US hospitals
Bys sOracle Health is becoming this year’s poster child for how NOT to respond to an incident. Lawrence Abrams reports: A breach at Oracle Health impacts multiple US healthcare organizations and hospitals after a threat actor stole patient data from legacy servers. Oracle Health has not yet publicly disclosed the incident, but in private communications sent to…
Expert Recommends: Prepare for PQC Right Now
Bys sIntroduction: Steal It Today, Break It in a Decade Digital evolution is unstoppable, and though the pace may vary, things tend to fall into place sooner rather than later. That, of course, applies to adversaries as well. The rise of ransomware and cyber extortion generated funding for a complex and highly professional criminal ecosystem. The…
Cloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in Russia
The threat actor known as Cloud Atlas has been observed using a previously undocumented malware called VBCloud as part of its cyber attack campaigns targeting “several dozen users” in 2024. “Victims get infected via phishing emails containing a malicious document that exploits a vulnerability in the formula editor (CVE-2018-0802) to download and execute malware code,”…
HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $10,000
Bys sSettlement with Northeast Surgical Group marks OCR’s 10th ransomware enforcement action and 4th enforcement action in OCR’s Risk Analysis Initiative. Today the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement with Northeast Surgical Group, P.C. (NESG), a provider of surgical services in Michigan, for a potential violation…
A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do
Bys sA design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway. On another Mac in the same office, file sharing…
159 CVEs Exploited in Q1 2025 — 28.3% Within 24 Hours of Disclosure
Bys sAs many as 159 CVE identifiers have been flagged as exploited in the wild in the first quarter of 2025, up from 151 in Q4 2024. “We continue to see vulnerabilities being exploited at a fast pace with 28.3% of vulnerabilities being exploited within 1-day of their CVE disclosure,” VulnCheck said in a report shared…