Cerber ransomware seems to have re-emerged as one of the critical cyber threats for healthcare organizations. According to a report, the ransomware, which had disappeared in 2018, has been held responsible for the maximum number of attacks against hospitals in 2020.
The ruthless and never-ending evolution in the cyber threat landscape witnessed a new DDoS attack vector in the form of Plex Media servers. Nearly 27,000 servers exposed to the internet are vulnerable to such attacks. Meanwhile, Google has patched a zero-day heap overflow vulnerability in Chrome that is being actively exploited in the wild.
Top Breaches Reported in the Last 24 Hours
Electric companies suffer attacks
Centrais Eletricas Brasileiras (Eletrobras) and Companhia Paranaense de Energia (Copel), two major electric utility companies in Brazil, have suffered ransomware attacks over the past week. The attacks disrupted operations and forced the companies to suspend some of their systems. In the case of Copel, the attack is the work of the Darkside ransomware gang.
Plex Media servers for DDoS attacks
Researchers have highlighted that Plex Media servers are the new attack vectors for DDoS attacks. Nearly 27,000 such servers exposed to the internet are vulnerable to these attacks.
Spotify suffers another attack
Online music streaming service, Spotify
, has suffered another credential stuffing attack within a span of three months. As a result, the service has forced password resets for impacted users.
Top Malware Reported in the Last 24 Hours
A fake version of the WhatsApp messaging app
is suspected of snooping upon individuals and stealing their sensitive information. The app comes with in-built spyware linked to an Italian firm Cy4gate.
Cerber ransomware returns
has been identified as the most common ransomware that targeted healthcare organizations during 2020. It is primarily distributed via phishing emails and compromised websites.
Top Vulnerabilities Reported in the Last 24 Hours
Faulty Geeni security cameras
and Mercury-branded security cameras and smart doorbells are riddled with flaws that could allow attackers to take full control of devices. Moreover, the flaws can be abused to expose customers’ sensitive information.
Google patches a zero-day flaw
Google has patched a zero-day vulnerability in Chrome web browser
Top Scams Reported in the Last 24 Hours
A phishing campaign
designed to steal Microsoft login credentials is using Google Firebase to bypass email security measures in Office 365. It is carried out via a phishing email that has a subject line reading, “TRANSFER OF PAYMENT NOTICE FOR INVOICE.” The email contains a link to download an invoice from the cloud.