At least 69,000 people have been impacted by a data breach at Kaiser Permanente, a long-running managed healthcare consortium. The latest in a long-running series of healthcare attacks, the road to stolen data began on April 5 this year with an email compromise. The direct path to data A “substitute breach notice” posted June 3 revealed details of t

Physical objects as security threats are in the news at the moment. The oft-touched upon tale of rogue USB sticks is a common one. Being wary of random devices found on the floor, or handed out at events is a smart move. You simply don’t know what’s lurking, and it’s hard to find out safely without the right tools available. Even then, something can slip by

APT28, also known as FancyBear, is at the heart of another targeted campaign. This time, it’s sniffing around users of Google services. Some 14,000 people have been notified about a spear phish attempt looking to compromise accounts and access their files. When did this happen? Sometime late September, according to the folks at Google. They didn’t go i

It all started on July 2, when attackers targeted the popular remote management and monitoring (RMM) software from a Florida-based IT services company called Kaseya. By taking advantage of a flaw in Kaseya VSA software, ransomware authors gained access to the RMM system and were able to use it to install ransomware on some of Kaseya’s customers network

The REvil ransomware (AKA Sodinokibi, which operates as a Ransomware as a Service) is adopting some outreach techniques after initial compromise, designed to shame victims into paying up. Shaming victims into action Malware authors and social engineers have relied on shame and the threat of exposure for years. Nothing encourages potential victims to p

Kentucky Fried Chicken (KFC) has told members of its Colonel’s Club to change their passwords following an attack against its website.The fast food giant confirmed that the attack affected only Colonel’s Club users. The loyalty program allows its 1.2 million registered members to collect Chicken Stamps and exchange them for rewards like meals.KFC

By Robert Westervelt Privacy and safety concerns associated with the billions of connected devices known as the Internet of Things could prompt some innovative approaches to data protection, attack prevention and antifraud measures. But as state and federal regulators in the U.S. mull over whether restrictions are required it is becoming increasingly clear t

This post was authored by Alex Chiu and Xabier Ugarte Pedrero.Talos recently spotted a targeted phishing attack with several unique characteristics that are not normally seen. While we monitor phishing campaigns used to distribute threats such as Dridex, Upatre, and Cryptowall, targeted phishing attacks are more convincing because the format of the message i

Popular British parenting site Mumsnet has been targeted by a series of attacks, including a DDoS attack and even a “swatting” attack, which led armed officers to the home of founder, Justine Roberts, in the middle of the night.The Twitter account @DadSecurity (which has since been suspended) claimed responsibility for the attacks, and published a database c

A group of security researchers and computer scientists have recently uncovered a vulnerability in how a Diffie-Hellman key exchange is deployed on the web. Dubbed as Logjam, the vulnerability affects home users and corporations alike, and over 80,000 of the top one million domains worldwide were found to be vulnerable. The original report on Logjam can be f

If you look for the term zero-day attack in your home dictionary, you probably won’t find it.Go ahead and check…I’ll wait.You might not even find the term in some online dictionaries (though to be fair, it does appear in others.).Nevertheless, if you google the term, you’ll find thousands of references to it, many of them from mainstream sources including Fo

 It’s not your identity they want, or even your credit card number. Those numbers are hard to exploit for quick cash. Banks and card companies have systems that quickly detect fraud.So, why go after an insurance company? Because it’s easy, and they can get away with really good stuff. What the Anthem hackers are after is your medical provider acco

A group of hackers were able to penetrate at least 30 financial institutions around the world and steal upwards of one billion dollars, making this attack one of the most advanced the world has yet seen.According to a report published by security firm Kaspersky Lab and sent to the New York Times, the cyber criminals, which have since been named the “Carbanak