Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade
Source: The Hacker News
The U.S. government on Wednesday said the Chinese state-sponsored hacking group known as Volt Typhoon had been embedded into some critical infrastructure networks in the country for at least five years. Targets of the threat actor include communications, energy, transportation, and water and wastewater systems sectors in the U.S. and Guam.
New Banking Trojan Exploits Patched Windows SmartScreen Flaw
Source: Data Breach Today
The novel variant of the banking Trojan Mispadu is targeting Latin American countries, especially Mexico, by exploiting a flaw in Windows SmartScreen. Researchers at Unit42 found the updated Trojan now exploits a Windows SmartScreen bypass vulnerability tracked as CVE-2023-36025 that Microsoft patched in November 2023.
Medical Center Fined $4.75M in Insider ID Theft Incident
Source: Info Risk Today
Federal regulators fined a New York City medical center $4.75 million and called for a correction action plan to settle potential HIPAA violations discovered during the investigation of a hospital insider who sold patient data to an identity theft ring in 2013.
New Fortinet RCE flaw in SSL VPN likely exploited in attacks
Source: Bleeping Computer
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. The flaw (tracked as CVE-2024-21762 / FG-IR-24-015) received a 9.6 severity rating and is an out-of-bounds write vulnerability in FortiOS that allows unauthenticated attackers to gain remote code execution (RCE) via maliciously crafted requests.
Super Bowl LVIII Presents a Vast Attack Surface for Threat Actors
Source: Dark Reading
The NFL's digitization of almost all aspects of the event means it has a lot more turf to protect for itself, and for the game's tens of millions of fans. The outcome of this year's Super Bowl matchup between the Kansas City Chiefs and the San Francisco 49ers on Feb. 11 at the Allegiant Stadium in Las Vegas will likely remain unknown until the last down of the game. But one thing that is already abundantly clear is that attackers will have no shortage of targets to blitz at the event.