Fortinet’s security researchers have shared information on three new ransomware families named Aerst, ScareCrow, and Vohuk.
Users Warned of New Aerst, ScareCrow, and Vohuk Ransomware Families
Python, JavaScript Developers Targeted With Fake Packages Delivering Ransomware
Phylum security researchers warn of a new software supply chain attack relying on typosquatting to target Python and JavaScript developers.
Healthcare Organizations Warned of Royal Ransomware Attacks
The US Department of Health and Human Services (HHS) is warning healthcare organizations of the threat posed by ongoing Royal ransomware attacks.
Initially spotted in September 2022, the ransomware family is employed by a financially-motivated threat actor that also uses known tools for persistence, credential exfiltration, and lateral movement.
Apple Scraps CSAM Detection Tool for iCloud Photos
Apple has scrapped plans to ship a controversial child pornography protection tool for iCloud Photos, a concession to privacy rights advocates who warned it could have been used for government surveillance.
Iranian Hackers Deliver New ‘Fantasy’ Wiper to Diamond Industry via Supply Chain Attack
An Iran-linked advanced persistent threat (APT) actor named Agrius is using a new wiper in attacks targeting entities in South Africa, Israel and Hong Kong, cybersecurity firm ESET reports.
Apple Adding End-to-End Encryption to iCloud Backup
Apple on Wednesday announced plans to beef up data security protections on its flagship devices with the addition of new encryption tools for iCloud backups and a feature to help users verify identities in the Messages app.
Google Documents IE Browser Zero-Day Exploited by North Korean Hackers
Google’s Threat Analysis Group (TAG) has shared technical details on an Internet Explorer zero-day vulnerability exploited in attacks by North Korean hacking group APT37.
Big Tech Vendors Object to US Gov SBOM Mandate
The U.S. government’s mandates around the creation and delivery of SBOMs (software bill of materials) to help mitigate supply chain attacks has run into strong objections from big-name technology vendors.
Investors Pour $200M Into Compliance Automation Startup Drata
High-flying security compliance and automation startup Drata continues to attract major venture capital investor interest, banking $200 million in Series C funding that values the company north of $2 billion.
Self-Propagating ‘Zerobot’ Botnet Targeting Spring4Shell, IoT Vulnerabilities
A newly observed botnet capable of self-replicating and self-propagation is targeting multiple Internet of Things (IoT) vulnerabilities for initial access, cybersecurity solutions provider Fortinet warns.