BlackCat ransomware claims breach of healthcare giant Henry Schein

The BlackCat (ALPHV) ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes of data, including payroll data and shareholder information. [...]

https://www.bleepingcomputer.com/news/security/blackcat-ransomware-claims-breach-of-healthcare-giant-henry-schein/

 New macOS 'KandyKorn' malware targets cryptocurrency engineers

A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform. [...]

https://www.bleepingcomputer.com/news/security/new-macos-kandykorn-malware-targets-cryptocurrency-engineers/

 Ace Hardware says 1,202 devices were hit during cyberattack

Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to restore 196 servers. [...]

https://www.bleepingcomputer.com/news/security/ace-hardware-says-1-202-devices-were-hit-during-cyberattack/

 Atlassian warns of exploit for Confluence data wiping bug, get patching

Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances. [...]

https://www.bleepingcomputer.com/news/security/atlassian-warns-of-exploit-for-confluence-data-wiping-bug-get-patching/

 Okta breach: 134 customers exposed in October support system hack

Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens. [...]

https://www.bleepingcomputer.com/news/security/okta-breach-134-customers-exposed-in-october-support-system-hack/

 New Microsoft Exchange zero-days allow RCE, data theft attacks

Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations. [...]

https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/

 Google Play adds security audit badges for Android VPN apps

Google Play, Android's official app store, is now tagging VPN apps with an 'independent security reviews' badge if they conducted an independent security audit of their software and platform. [...]

https://www.bleepingcomputer.com/news/security/google-play-adds-security-audit-badges-for-android-vpn-apps/

 American Airlines pilot union hit by ransomware attack

Allied Pilots Association (APA), a labor union representing 15,000 American Airlines pilots, disclosed a ransomware attack that hit its systems on Monday. [...]

https://www.bleepingcomputer.com/news/security/american-airlines-pilot-union-hit-by-ransomware-attack/

 Dutch hacker jailed for extortion, selling stolen data on RaidForums

A former Dutch cybersecurity professional was sentenced to four years in prison after being found guilty of hacking and blackmailing more than a dozen companies in the Netherlands and worldwide. [...]

https://www.bleepingcomputer.com/news/security/dutch-hacker-jailed-for-extortion-selling-stolen-data-on-raidforums/

 The Week in Ransomware - November 3rd 2023 - Hive's Back

Over the past couple of months, ransomware attacks have been escalating as new operations launch, old ones return, and existing operations continue to target the enterprise. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-3rd-2023-hives-back/

 Apple 'Find My' network can be abused to steal keylogged passwords

Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. [...]

https://www.bleepingcomputer.com/news/apple/apple-find-my-network-can-be-abused-to-steal-keylogged-passwords/

 Discord will switch to temporary file links to block malware delivery

Discord will switch to temporary file links for all users by the end of the year to block attackers from using its CDN (content delivery network) for hosting and pushing malware. [...]

https://www.bleepingcomputer.com/news/security/discord-will-switch-to-temporary-file-links-to-block-malware-delivery/

 Socks5Systemz proxy service infects 10,000 systems worldwide

A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices. [...]

https://www.bleepingcomputer.com/news/security/socks5systemz-proxy-service-infects-10-000-systems-worldwide/

 Cybercrime service bypasses Android security to install malware

A new dropper-as-a-service (DaaS) named 'SecuriDropper' has emerged, using a method that bypasses Android 13's 'Restricted Settings' to install malware on devices and grant them access to the Accessibility Services. [...]

https://www.bleepingcomputer.com/news/security/cybercrime-service-bypasses-android-security-to-install-malware/

 QNAP warns of critical command injection flaws in QTS OS, apps

QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-of-critical-command-injection-flaws-in-qts-os-apps/

 TellYouThePass ransomware joins Apache ActiveMQ RCE attacks

Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution (RCE) vulnerability previously exploited as a zero-day. [...]

https://www.bleepingcomputer.com/news/security/tellyouthepass-ransomware-joins-apache-activemq-rce-attacks/

 US sanctions Russian who laundered money for Ryuk ransomware affiliate

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Russian national Ekaterina Zhdanova for laundering millions in cryptocurrency for various individuals, including ransomware actors. [...]

https://www.bleepingcomputer.com/news/security/us-sanctions-russian-who-laundered-money-for-ryuk-ransomware-affiliate/

 Critical Atlassian Confluence bug exploited in Cerber ransomware attacks

Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware. [...]

https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-bug-exploited-in-cerber-ransomware-attacks/

 Microsoft will roll out MFA-enforcing policies for admin portal access

Microsoft will roll out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365, Exchange, and Azure. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-will-roll-out-mfa-enforcing-policies-for-admin-portal-access/

 Hackers exploit Looney Tunables Linux bug, steal cloud creds

The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-looney-tunables-linux-bug-steal-cloud-creds/

 Veeam warns of critical bugs in Veeam ONE monitoring platform

Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical. [...]

https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-bugs-in-veeam-one-monitoring-platform/