Phishers Spoof Google Calendar Invites in Fast-Spreading, Global Campaign
Source: Dark Reading
Attackers are spoofing Google Calendar invites in a phishing campaign to steal user credentials. They use malicious links in calendar invitations to evade detection. Over 4,000 phishing emails referencing 300 brands were sent in a month, exploiting Google Calendar’s vast user base. Users can protect themselves by enabling Google’s "known senders" setting and being cautious with unexpected invites.
CISA urges switch to Signal-like encrypted messaging apps after telecom hacks
Source: Bleeping Computer
CISA has urged senior officials to switch to end-to-end encrypted messaging apps like Signal after Chinese-linked hackers breached multiple U.S. telecom providers, including T-Mobile and Verizon. These breaches, attributed to the Salt Typhoon group, allowed attackers prolonged access. CISA warns that all mobile communications may be vulnerable and recommends encrypted apps to protect sensitive conversations.
Texas Tech University Data Breach Impacts 1.4 Million
Source: Infosecurity Magazine
A ransomware attack on Texas Tech University Health Sciences Center (TTUHSC) exposed the personal and medical data of 1.4 million individuals. The Interlock group claimed responsibility, stealing 2.6TB of data, including Social Security numbers, medical records, and financial information. The breach disrupted services, and TTUHSC is offering free credit monitoring to affected individuals.
FBI Warns of HiatusRAT Targeting Vulnerable IoT Devices
Source: Info Risk Today
The FBI has issued a warning about the HiatusRAT malware, which is targeting vulnerable Internet of Things (IoT) devices. The malware primarily exploits devices with weak security to create botnets, potentially leading to cyber espionage and system compromise. The FBI urges organizations to strengthen security on IoT devices by updating software, using strong passwords, and limiting remote access.
CISA’s pre-ransomware alerts nearly doubled in 2024
Source: Cybersecurity Dive
The article discusses the FDA urging blood suppliers to enhance their cybersecurity measures, following concerns over increasing cyber threats targeting critical healthcare infrastructure. The agency emphasizes the importance of addressing potential vulnerabilities in systems that manage blood donations and distribution. Guidance includes recommendations for adopting robust security protocols and preparing for potential cyberattacks to protect public health and ensure the safety of blood supplies.