InfoSecBulletin Cybersecurity for mankind
It is no secret that medical records are a valuable asset for cybercriminals. Unfortunately, the threat continues to grow as a dental firm confirmed that the personal information of almost nine million people was compromised in a data breach in February. Adding to the woes of crypto investors, Jimbox Protocol was hacked during the weekend, resulting in a loss of approximately $ 7.5 million in Ethereum. Your browsing history is also at risk of being stolen by attackers. How? This is possible via a new ‘Hot Pixels’ attack uncovered by researchers. Read along to know more.
01
Managed Care of North America (MCNA) Dental disclosed that the personal information of almost nine million people was compromised in a data breach that occurred in February. Patients, parents, guardians, and guarantors were among the impacted ones.
02
Jimbox Protocol was hacked to steal approximately $7.5 million (4000 Ether). It is the latest victim in the growing number of DeFi protocol attacks, wherein attackers exploited a vulnerability related to the lack of slippage control of liquidity conversions.
03
An investigation revealed that the Meta Pixel tracking tool used by medical websites under NHS trusts is leaking details about patients’ medical conditions, appointments, and treatments on Facebook.
04
JPCERT/CC confirmed that attackers are using a new Golang malware, dubbed, GobRAT, to infect Linux routers. The attack leverages known vulnerabilities for propagation and targets users across Japan.
05
The U.S. Department of Defense is prepping up to bolster cyber defense as it sent its new classified cyber strategy to Congress. The new strategy is the first since 2018 and follows the National Cybersecurity Strategy, which was released in March.
06
A group of academics discovered the new Hot Pixels attack that can enable attackers to exfiltrate information from Chrome and Safari browsers. It works by analyzing frequency, power, and temperature on modern system-on-a-chip (SoCs) and graphics processing units (GPUs).
07
A new phishing technique was found leveraging the ‘File Archiver in the Browser’ exploit to trick users into downloading malicious files (by masking under the .zip domain) onto their systems. This comes to light as Google recently released eight new TLDs, including .mov and .zip.
08
Kyocera, a global electronics manufacturer, was one of several companies that were impacted due to a breach at Fujitsu last year. LockBit is suspected to be behind the attack, wherein the gang has demanded an unspecified ransom to be paid by June 9.
09
The Python Package Index (PyPI) announced the mandatory use of 2FA for all software publishers, by the end of the year. This will enhance the security of the platform and prevent accounts from being compromised to launch supply chain attacks.
10
Suffolk County, New York, is struggling to recover from an eight-month-old ransomware attack that crippled its digital systems. So far, the incident has cost the County almost $18 million for investigation and restoration.
