Universal Health Services lost $67 million due to Ryuk ransomware attack

Universal Health Services (UHS) said that the Ryuk ransomware attack it suffered during September 2020 had an estimated impact of $67 million. [...]

https://www.bleepingcomputer.com/news/security/universal-health-services-lost-67-million-due-to-ryuk-ransomware-attack/

Hackers use black hat SEO to push ransomware, trojans via Google

The delivery system for the Gootkit information stealer has evolved into a complex and stealthy framework, which earned it the name Gootloader, and is now pushing a wider variety of malware via hacked WordPress sites and malicious SEO techniques for Google results. [...]

https://www.bleepingcomputer.com/news/security/hackers-use-black-hat-seo-to-push-ransomware-trojans-via-google/

World's leading dairy group Lactalis hit by cyberattack

Lactalis, the world's leading dairy group, has disclosed a cyberattack after unknown threat actors have breached some of the company's systems. [...]

https://www.bleepingcomputer.com/news/security/worlds-leading-dairy-group-lactalis-hit-by-cyberattack/

European e-ticketing platform Ticketcounter extorted in data breach

A Dutch e-Ticketing platform has suffered a data breach after a database was stolen from an unsecured staging server. [...]

https://www.bleepingcomputer.com/news/security/european-e-ticketing-platform-ticketcounter-extorted-in-data-breach/

Working Windows and Linux Spectre exploits found on VirusTotal

Working exploits targeting Linux and Windows systems not patched against a three-year-old vulnerability dubbed Spectre were found by security researcher Julien Voisin on VirusTotal. [...]

https://www.bleepingcomputer.com/news/security/working-windows-and-linux-spectre-exploits-found-on-virustotal/

Malicious NPM packages target Amazon, Slack with new dependency attacks

Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using the new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. [...]

https://www.bleepingcomputer.com/news/security/malicious-npm-packages-target-amazon-slack-with-new-dependency-attacks/

Microsoft announces Windows Server 2022 with new security features

Microsoft says that Windows Server 2022 will come with security improvements and will bring Secured-core to the Windows Server platform for added protection against a wide range of threats.  [...]

https://www.bleepingcomputer.com/news/security/microsoft-announces-windows-server-2022-with-new-security-features/

Oxfam Australia confirms data breach after stolen info sold online

Oxfam Australia has confirmed a data breach after suffering a cyberattack and their donor databases put up for sale on a hacker forum in January. [...]

https://www.bleepingcomputer.com/news/security/oxfam-australia-confirms-data-breach-after-stolen-info-sold-online/

SolarWinds reports $3.5 million in expenses from supply-chain attack

SolarWinds has reported expenses of $3.5 million from last year's supply-chain attack, including costs related to incident investigation and remediation. [...]

https://www.bleepingcomputer.com/news/security/solarwinds-reports-35-million-in-expenses-from-supply-chain-attack/

Malaysia Airlines discloses a nine-year-long data breach

​Malaysia Airlines has suffered a data breach spanning nine years that exposed the personal information of members in its Enrich frequent flyer program. [...]

https://www.bleepingcomputer.com/news/security/malaysia-airlines-discloses-a-nine-year-long-data-breach/

Payroll giant PrismHR outage likely caused by ransomware attack

Leading payroll company PrismHR is suffering a massive outage after suffering a cyberattack this weekend that looks like a ransomware attack from conversations with customers. [...]

https://www.bleepingcomputer.com/news/security/payroll-giant-prismhr-outage-likely-caused-by-ransomware-attack/

Google fixes second actively exploited Chrome zero-day bug this year

Google has fixed an actively exploited zero-day vulnerability in the Chrome 89.0.4389.72 version released today, March 2nd, 2021, to the Stable desktop channel for Windows, Mac, and Linux users. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-second-actively-exploited-chrome-zero-day-bug-this-year/

Microsoft fixes actively exploited Exchange zero-day bugs, patch now

Microsoft has released emergency out-of-band security updates for Microsoft Exchange that fix four zero-day vulnerabilities actively exploited in targeted attacks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-actively-exploited-exchange-zero-day-bugs-patch-now/

Cash App phishing kit deployed in the wild, courtesy of 16Shop

The developer of the 16Shop phishing kit has added a new component that targets users of the popular Cash App mobile payment service. [...]

https://www.bleepingcomputer.com/news/security/cash-app-phishing-kit-deployed-in-the-wild-courtesy-of-16shop/

Microsoft starts force installing Windows 10 20H2 on more devices

Microsoft is ramping up the forced rollout of Windows 10, version 2004 to more devices approaching end of service (EOS), as part of a new rollout phase. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-starts-force-installing-windows-10-20h2-on-more-devices/

State hackers rush to exploit unpatched Microsoft Exchange servers

Multiple state-sponsored hacking groups are actively exploiting critical Exchange bugs Microsoft patched Tuesday via emergency out-of-band security updates. [...]

https://www.bleepingcomputer.com/news/security/state-hackers-rush-to-exploit-unpatched-microsoft-exchange-servers/

Cybersecurity firm Qualys likely latest victim of Accellion hacks

Cybersecurity firm Qualys is the latest victim to have suffered a data breach after a zero-day vulnerability in their Accellion FTA server was exploited to steal hosted files. [...]

https://www.bleepingcomputer.com/news/security/cybersecurity-firm-qualys-likely-latest-victim-of-accellion-hacks/

US government warns of Social Security scams using fake federal IDs

Government imposter scams now come with a new twist that has the potential to make them even more effective, as the Inspector General for the Social Security Administration (SSA) warns. [...]

https://www.bleepingcomputer.com/news/security/us-government-warns-of-social-security-scams-using-fake-federal-ids/

GRUB2 boot loader reveals multiple high severity vulnerabilities

GRUB, a popular Linux boot loader project has fixed multiple high severity vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/grub2-boot-loader-reveals-multiple-high-severity-vulnerabilities/

BEC scammers are targeting investors for massive payouts

Business email compromise (BEC) scammers are utilizing a new type of attack targeting investors that could leverage payouts seven times greater than average. [...]

https://www.bleepingcomputer.com/news/security/bec-scammers-are-targeting-investors-for-massive-payouts/

Hackers share methods to bypass 3D Secure for payment cards

Cybercriminals are constantly exploring and documenting new ways to go around the 3D Secure (3DS) protocol used for authorizing online card transactions. [...]

https://www.bleepingcomputer.com/news/security/hackers-share-methods-to-bypass-3d-secure-for-payment-cards/