InfoSecBulletin Cybersecurity for mankind
LockBit strikes once more! Two non-profit hospitals in New York have been targeted by a ransomware group, plunging them into a difficult struggle for recovery. The Scattered Spider threat group targeted yet another casino and hotel chain, unleashing a devastating ransomware attack. Caesars Entertainment’s loyalty program database was breached by the attackers. The consequences of previous data breaches have a way of haunting us in the present. Last year’s breach has led to a similar situation for LastPass users. Here are the top 10 highlights from the past 24 hours.
- In a recent cyberattack, the notorious LockBit ransomware group successfully infiltrated two prominent hospitals in New York: the Carthage Area Hospital and Claxton-Hepburn Medical Center. The aftermath of this malicious breach has gravely disrupted their crucial services, compelling them to divert patients and reschedule vital appointments.
ALSO READ:
FBI investigating cyberattack at Oracle, Bloomberg News reports
By infosecbulletin
/ Saturday , March 29 2025
The Federal Bureau of Investigation (FBI) is probing the cyberattack at Oracle (ORCL.N), opens new tab that has led to...
Read More
OpenAI Offering $100K Bounties for Critical Vulns
By infosecbulletin
/ Thursday , March 27 2025
OpenAI has increased its maximum bug bounty payout to $100,000, up from $20,000, to encourage the discovery of critical vulnerabilities...
Read More
Splunk Alert User RCE and Data Leak Vulns
By infosecbulletin
/ Thursday , March 27 2025
Splunk has released a security advisory about critical vulnerabilities in Splunk Enterprise and Splunk Cloud Platform. These issues could lead...
Read More
CIRT alert Situational Awareness for Eid Holidays
By infosecbulletin
/ Thursday , March 27 2025
As the Eid holidays near, cybercriminals may try to take advantage of weakened security during this time. The CTI unit...
Read More
Cyberattack on Malaysian airports: PM rejected $10 million ransom
By infosecbulletin
/ Wednesday , March 26 2025
Operations at Kuala Lumpur International Airport (KLIA) were unaffected by a cyber attack in which hackers demanded US$10 million (S$13.4...
Read More
Micropatches released for Windows zero-day leaking NTLM hashes
By infosecbulletin
/ Wednesday , March 26 2025
Unofficial patches are available for a new Windows zero-day vulnerability that allows remote attackers to steal NTLM credentials by deceiving...
Read More
VMware Patches Authentication Bypass Flaw in Windows Tool
By infosecbulletin
/ Wednesday , March 26 2025
On Tuesday, VMware issued an urgent fix for a security flaw in its VMware Tools for Windows. CVE-2025-22230 allows a...
Read More
IngressNightmare
Over 40% of cloud environments are vulnerable to RCE
By infosecbulletin
/ Tuesday , March 25 2025
Kubernetes users of the Ingress NGINX Controller are advised to fix four newly found remote code execution ( RCE) vulnerabilities,...
Read More
(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass
By infosecbulletin
/ Tuesday , March 25 2025
Next.js, a widely used React framework for building full-stack web applications, has fixed a serious security vulnerability. Used by many...
Read More
Oracle refutes breach after hacker claims 6 million data theft
By infosecbulletin
/ Sunday , March 23 2025
A hacker known as “rose87168” claims to have stolen six million records from Oracle Cloud servers. The stolen data includes...
Read More
- According to Trend Micro, the threat groups responsible for RedLine and Vidar have been employing identical techniques to propagate both ransomware and info-stealers. The attackers are using Extended Validation (EV) code signing certificates to sign the malware.
- LastPass users are in danger of falling victim to a highly persuasive phishing email, which resembles the aftermath of last year’s security breach. The email asks users to verify their personal data or risk losing access to certain features.
- The personal information of thousands of officers from Greater Manchester Police in the U.K. has been compromised due to a ransomware attack on a third-party supplier. Although sensitive details such as financial information and home addresses remained untouched, there is a possibility that the personal information of undercover officers was compromised.
