Iran was the victim of serious cyberattacks on Saturday that interfered with government functions and targeted nuclear installations, amidst escalating tensions in the Middle East. After Israel promised to retaliate against Iran’s missile onslaught on October 1, these assaults took place. Sensitive material was stolen as a result of cyberattacks targeting Iran’s judiciary, legislative, and executive departments, according to Abolhassan Firouzabadi, the former secretary of the country’s Supreme Council for Cyberspace. Transportation, fuel delivery, and nuclear plants are examples of critical infrastructure that was attacked. Furthermore, walkie-talkies and pagers were prohibited aboard Iranian aircraft after sabotage strikes in Lebanon that claimed the lives of 39 Hezbollah fighters using these devices.
Chicago Children’s hospital confirms cyberattack, continues to provide care | Published Feb. 9, 2024, | Emily Olsen
Lurie Children’s Hospital confirmed its network had been accessed by a “known criminal threat actor,” more than a week after the Chicago-based provider was forced to take its computer systems offline.
The hospital shut down its phone, email, electronic health record system, and MyChart patient portal on January 31 to protect its data. It has been working with teams of internal and external experts in responding to the incident and law enforcement, including the FBI.
The hospital has been without computer system access for over a week following the incident. Phone, email, and electronic systems at Lurie Children’s Hospital were offline, the pediatric provider reported. The hospital had initially reported the network outage on January 31.
Lurie said it provides care for more than 239,000 children each year and hence is still accepting patients. It has been operating under “downtime procedures” to continue providing care during system outages.
The US Department of Justice has arrested 18 individuals and entities in a series of fraud operations, involving manipulation to market digital assets. The FBI made its own cryptocurrency token and company, codenamed Operation Token Mirrors (Operation Mirror Tokens) or NexFundAI. The company decided to develop a cryptocurrency that would be operated as secure storage for value, and most importantly — trigger changes in the AI domain. The publication notes that ZM Quant, CLS Global, and MyTrade market makers are indicted in Malaysia court for allegedly part-taking or plotting to be involved in wash trading activities with their employees on behalf of NexFund.AI. Over $25 million in cryptocurrency has been seized and various bots that were involved in wash trading have been disabled as well.
Star Health Insurance, a leading health insurance provider in India, confirmed a data breach that compromised information of approximately 31 million customers. The hacker, known as xenZen, claims to have accessed 7.24 terabytes of data, including sensitive personal and medical details, and is reportedly selling it online. The hacker also accused Star Health’s Chief Information Security Officer (CISO), Amarjeet Khanuja, of involvement in the breach, alleging that Khanuja sold the data. However, the company stated that there is no evidence of his wrongdoing and that he is cooperating with the investigation. Star Health has initiated a forensic investigation with cybersecurity experts and filed legal actions against the hacker and Telegram, where data was allegedly leaked using chatbots. The company has assured customers that its operations remain unaffected and is working to comply with a court order to disable access to the leaked data
Cisco investigating data breach: what we know so far
IntelBroker is a black hat hacker (criminals who infamous for it’s high profile attacks (Europol, Apple, and others) offering data taken from Cisco on October 6th. The alleged data stolen from Cisco included files such as GitHub, source code, Cisco confidential documents, API tokens, and many more. With this type of information, hackers can gain unauthorized entry to a company’s systems, disrupt operations, and steal valuable data. In a post by IntelBroker information on seven Cisco employees was included, with names, usernames, email addresses, and hashed passwords revealed. The post also consisted of screenshots of Excel sheet presentations, infrastructure panels, and similar information. However,IntelBroker has intention of selling this data so only limited data samples were included in the original post. The hackers’ claims are still unconfirmed but the Cybernews research team has concluded that the attackers’ claims seem “believable”.
A report published this week by OpenAI reveals that the artificial intelligence company has disrupted more than 20 cyber and covert influence operations since the beginning of the year, including the activities of Iranian and Chinese state-sponsored hackers.
TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns:
New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device’s unlock pattern or PIN.
First spotted in the wild in 2019, TrickMo is so named for its associations with the TrickBot cybercrime group and is capable of granting remote control over infected devices, as well as stealing SMS-based one-time passwords (OTPs) and displaying overlay screens to capture credentials by abusing Android’s accessibility services.
Some of the new variants of the malware have also been equipped to harvest the device’s unlock pattern or PIN by presenting to the victim a deceptive User Interface (UI) that mimics the device’s actual unlock screen.
The UI is an HTML page that’s hosted on an external website and displayed in full-screen mode, thus giving the impression that it’s a legitimate unlock screen.
India came out as the top target for mobile attacks during the time frame, experiencing 28% of all attacks, followed by the U.S., Canada, South Africa, the Netherlands, Mexico, Brazil, Nigeria, Singapore, and the Philippines.
Yash Mane says
Iran was the victim of serious cyberattacks on Saturday that interfered with government functions and targeted nuclear installations, amidst escalating tensions in the Middle East. After Israel promised to retaliate against Iran’s missile onslaught on October 1, these assaults took place. Sensitive material was stolen as a result of cyberattacks targeting Iran’s judiciary, legislative, and executive departments, according to Abolhassan Firouzabadi, the former secretary of the country’s Supreme Council for Cyberspace. Transportation, fuel delivery, and nuclear plants are examples of critical infrastructure that was attacked. Furthermore, walkie-talkies and pagers were prohibited aboard Iranian aircraft after sabotage strikes in Lebanon that claimed the lives of 39 Hezbollah fighters using these devices.
https://securityaffairs.com/169693/cyber-warfare-2/cyber-attack-hit-iranian-nuclear-facilities.html
Clement Tetteh Kpakpah says
Chicago Children’s hospital confirms cyberattack, continues to provide care | Published Feb. 9, 2024, | Emily Olsen
Lurie Children’s Hospital confirmed its network had been accessed by a “known criminal threat actor,” more than a week after the Chicago-based provider was forced to take its computer systems offline.
The hospital shut down its phone, email, electronic health record system, and MyChart patient portal on January 31 to protect its data. It has been working with teams of internal and external experts in responding to the incident and law enforcement, including the FBI.
The hospital has been without computer system access for over a week following the incident. Phone, email, and electronic systems at Lurie Children’s Hospital were offline, the pediatric provider reported. The hospital had initially reported the network outage on January 31.
Lurie said it provides care for more than 239,000 children each year and hence is still accepting patients. It has been operating under “downtime procedures” to continue providing care during system outages.
https://www.cybersecuritydive.com/news/lurie-childrens-hospital-cyberattack/707094/
Daniel Akoto-Bamfo says
The US Department of Justice has arrested 18 individuals and entities in a series of fraud operations, involving manipulation to market digital assets. The FBI made its own cryptocurrency token and company, codenamed Operation Token Mirrors (Operation Mirror Tokens) or NexFundAI. The company decided to develop a cryptocurrency that would be operated as secure storage for value, and most importantly — trigger changes in the AI domain. The publication notes that ZM Quant, CLS Global, and MyTrade market makers are indicted in Malaysia court for allegedly part-taking or plotting to be involved in wash trading activities with their employees on behalf of NexFund.AI. Over $25 million in cryptocurrency has been seized and various bots that were involved in wash trading have been disabled as well.
https://thehackernews.com/2024/10/fbi-creates-fake-cryptocurrency-to.html
Sara Sawant says
Star Health Insurance, a leading health insurance provider in India, confirmed a data breach that compromised information of approximately 31 million customers. The hacker, known as xenZen, claims to have accessed 7.24 terabytes of data, including sensitive personal and medical details, and is reportedly selling it online. The hacker also accused Star Health’s Chief Information Security Officer (CISO), Amarjeet Khanuja, of involvement in the breach, alleging that Khanuja sold the data. However, the company stated that there is no evidence of his wrongdoing and that he is cooperating with the investigation. Star Health has initiated a forensic investigation with cybersecurity experts and filed legal actions against the hacker and Telegram, where data was allegedly leaked using chatbots. The company has assured customers that its operations remain unaffected and is working to comply with a court order to disable access to the leaked data
https://www.reuters.com/technology/cybersecurity/indias-star-health-probes-alleged-role-security-chief-data-leak-2024-10-10/
Lily Li says
Cisco investigating data breach: what we know so far
IntelBroker is a black hat hacker (criminals who infamous for it’s high profile attacks (Europol, Apple, and others) offering data taken from Cisco on October 6th. The alleged data stolen from Cisco included files such as GitHub, source code, Cisco confidential documents, API tokens, and many more. With this type of information, hackers can gain unauthorized entry to a company’s systems, disrupt operations, and steal valuable data. In a post by IntelBroker information on seven Cisco employees was included, with names, usernames, email addresses, and hashed passwords revealed. The post also consisted of screenshots of Excel sheet presentations, infrastructure panels, and similar information. However,IntelBroker has intention of selling this data so only limited data samples were included in the original post. The hackers’ claims are still unconfirmed but the Cybernews research team has concluded that the attackers’ claims seem “believable”.
https://cybernews.com/news/cisco-investigating-data-breach-what-we-know/
Rohith says
A report published this week by OpenAI reveals that the artificial intelligence company has disrupted more than 20 cyber and covert influence operations since the beginning of the year, including the activities of Iranian and Chinese state-sponsored hackers.
https://www.securityweek.com/openai-says-iranian-hackers-used-chatgpt-to-plan-ics-attacks/
Parth Tyagi says
TrickMo Banking Trojan Can Now Capture Android PINs and Unlock Patterns:
New variants of an Android banking trojan called TrickMo have been found to harbor previously undocumented features to steal a device’s unlock pattern or PIN.
First spotted in the wild in 2019, TrickMo is so named for its associations with the TrickBot cybercrime group and is capable of granting remote control over infected devices, as well as stealing SMS-based one-time passwords (OTPs) and displaying overlay screens to capture credentials by abusing Android’s accessibility services.
Some of the new variants of the malware have also been equipped to harvest the device’s unlock pattern or PIN by presenting to the victim a deceptive User Interface (UI) that mimics the device’s actual unlock screen.
The UI is an HTML page that’s hosted on an external website and displayed in full-screen mode, thus giving the impression that it’s a legitimate unlock screen.
India came out as the top target for mobile attacks during the time frame, experiencing 28% of all attacks, followed by the U.S., Canada, South Africa, the Netherlands, Mexico, Brazil, Nigeria, Singapore, and the Philippines.
Read more at https://thehackernews.com/2024/10/trickmo-banking-trojan-can-now-capture.html