Healthcare data breaches are getting out of hand, impacting millions of individuals every so often. One such breach at a pediatric health IT software company impacted over two million patients and their sensitive information. In another vein, a China-linked threat actor was found using USB devices for nefarious purposes. We also have an old ransomware in the garbs of a new one, which is not very sophisticated but is still a threat. Here are the top 10 highlights from the past 24 hours.
01
Connexin Software started notifying over 2.2 million individuals of a healthcare data breach in August, which impacted their SSNs, treatment information, and other personal information.
02
An alleged China-based cyberespionage gang, dubbed UNC4191, was found using USB devices as attack vectors in campaigns against Philippines-based entities.
03
IKEA confirmed suffering a cyberattack on its Kuwait and Morocco branches, disrupting several operating systems. The Vice Society ransomware group added the franchises to its leak site.
04
The Netherlands-based software firm ENC Security had leaked critical business data, including API keys, digital certificates, and configuration files, from May 27, 2021, to November 09, 2022, found Cybernews.
05
At least one threat actor operating a Russian dark web forum has started selling access to several networks compromised by abusing a critical authentication bypass flaw in Fortinet technologies.
06
A previously unidentified ransomware has reemerged as the new Trigona ransomware and launched a new Tor site to accept ransom payments in Monero.
07
The Spanish National Police took down a cybercrime operation that leveraged fake investment sites to defraud 300 victims, across Europe, and steal over $12.8 million.
08
Google’s TAG connected three exploitation frameworks—Heliconia Noise, Heliconia Soft, and Heliconia Files—to a Spanish commercial spyware vendor Variston.
09
New Jersey-based cybersecurity startup Sphere Technology Solutions raised $31 million in Series B, led by Edison Partners, with Forgepoint Capital as a participant.
10
CloudWave announced the acquisition of Sensato Cybersecurity, a cybersecurity-as-a-service platform, for an undisclosed sum.
