Tag Archive for: central

Central government urges immediate action for Mozilla Firefox users amid security concerns

/in


certin, mozilla firefox, web browser, security alert, security warning, hacking attempts, hackers
Image Source : FILE Representational Image

CERT-In, the Indian Computer Emergency Response Team, has issued a security warning regarding Mozilla’s Firefox web browser. The alert mentioned potential vulnerabilities that could be exploited by hackers to access confidential user data. It’s concerning as Firefox faces not just one, but multiple security issues.

Affected Versions

  • Firefox ESR versions before 115.5.0

  • Firefox iOS versions before 120

  • Mozilla Thunderbird versions before 115.5

The Risks

The highlighted security flaws indicate the possibility of unauthorised access which poses a major threat to user security.

Protective Measures Advised by CERT-In

  1. Update Firefox Immediately: Users are strongly advised to update their Firefox browser promptly. This step is crucial in addressing and mitigating the identified security issues.

  2. Enable Automatic Updates: Ensure that automatic updates are enabled for your Firefox browser. This feature helps in keeping the browser’s security measures up-to-date.

  3. Exercise Caution with Links and Attachments: Avoid clicking on links and opening attachments from unknown senders, whether through messages or emails. This simple precaution can prevent potential security threats.

CERT-In’s Recent Alerts

In recent weeks, CERT-In has been proactive in issuing security alerts. Prior warnings included concerns about security problems in Chrome on Android and highlighted vulnerabilities in major applications developed by Adobe.

Tips to Stay Safe

Staying vigilant and taking immediate action to update software are critical steps in safeguarding against potential security breaches. As cyber threats continue to evolve, users are encouraged to follow best practices to protect their devices and sensitive information. For further details and the latest updates, users can refer to CERT-In’s official website.

ALSO READ | No charger? Check these tips to keep your iPhone alive in emergency situations

ALSO READ | Xiaomi’s HyperOS update details revealed- Is your smartphone on the…

Source…

Ransomware attack shuts down Central Florida radiology imager sites

/in


A ransomware attack shut down a medical diagnostic imaging firm in South Florida, shutting down several Central Florida locations, as well.

Earlier this month, a hacker accessed personal patient data at the Akumin site headquartered in Broward County, the firm said in a statement.

What is a ransomware attack?

A ransomware attack is a cyberattack designed to encrypt files on a device, rendering the data useless unless the owners of the data give a ransom to the hacker in exchange for a decryption or key, according to the Cybersecurity and Infrastructure Security Agency.

Healthcare facilities tend to be targets for ransomware attackers due to the sensitive information establishments have stored on vulnerable technologies, such as wireless devices that have access to the healthcare facilities, and network, according to CISA. These devices often can be viewed as backdoors into valuable information vaults.

Which Central Florida offices were affected?

The outpatient radiology and oncology service announced Tuesday it was temporarily shutting down services throughout the state including seven Central Florida locations.

• Orlando – 7960 Forest City Road and 1150 S. Semoran Boulevard

• Deltona – 1555 Saxon Boulevard

• Winter Haven – 7524 Cypress Gardens Boulevard

• Kissimmee – 1503 W. Oak Street and 819 E. Oak Street

• Mount Dora – 7524 Cypress Gardens Boulevard

Akumin has 50 locations throughout Florida and is available in several other states.

Can past records be accessed?

Regarding accessing past medical records, Akumin said certain imaging results may be unavailable.

“Our systems are being restored with differing timelines. Please check with the clinic you visited to learn more about the availability of prior studies. We will provide updates on restoration as appropriate,” it said in a statement.

Akumin also said it will alert patients once it can reschedule appointments, however, it has no timeline at this point.

Additionally, Akumin was found to have filed for Chapter 11 bankruptcy weeks after the cyberattack took place, according to a report by First Coast News, an NBC-affiliated station in Jacksonville.

Source…

Kazakhstan-based hackers targeting gov’t websites in Central Asia, Cisco says

/in


Hackers believed to be based in Kazakhstan are targeting other members of the Commonwealth of Independent States in a wide-ranging espionage campaign, according to new research.

Cisco’s Talos group has spent months tracking YoroTrooper — a hacking group focused on espionage that first emerged in June 2022. Researchers said the group’s targets, use of Kazakh currency, and fluency in Kazakh and Russian is part of what led them to believe the hackers are based in Kazakhstan.

YoroTrooper appears to have performed defensive actions in protecting the Kazakhstani state-owned email service and have only ever attacked the Kazakh government’s Anti-Corruption Agency.

Asheer Malhotra, a Cisco Talos threat researcher, told Recorded Future News that the group has actively tried to disguise its operations to make it seem like the attacks are coming from Azerbaijan in an attempt to “generate false flags and mislead attribution.”

“In terms of their modus operandi, their tactics and tools aren’t very sophisticated, however YoroTrooper has still enjoyed a substantial amount of success compromising targets in CIS [Commonwealth of Independent States] countries over the past two years, owing to their aggressive attempts to target their victims. Further, the threat actor shows no signs of slowing down in spite of Cisco Talos’ initial disclosure detailing YoroTrooper’s activities earlier this year,” Malhotra said.

Cisco Talos tracked attacks involving institutions and officials in Azerbaijan, Tajikistan, Kyrgyzstan, Uzbekistan, using VPN services to make it look like their hacks come from Azerbaijan.

The hackers compromised multiple state-owned websites and accounts belonging to government officials between May 2023 and August 2023.

Most of the attacks start with phishing emails and deploy custom-made malware that allows the group to steal data and credentials.

Screen Shot 2023-10-25 at 2.54.41 PM.png
Countries attacked by YoroTrooper. Image: Cisco Talos

Researchers found the hackers using Russian in their attempts to debug their tools while also visiting numerous websites written in Kazakh. In June the hackers began using Uzbek in their code, another language spoken widely in Kazakhstan.

The hackers use cryptocurrency…

Source…

‘Anatsa’ malware targets banking users in US, UK and Central Europe

/in


A mobile malware campaign targeting banking apps has been observed targeting users in the U.S., the U.K. and Central Europe.

Dubbed “Anatsa” by researchers at ThreatFabric B.V., the banking Trojan is distributed through malicious apps in the Google Play Store and is estimated to have had over 30,000 installations since March. Anatsa has advanced device-takeover capabilities that can circumvent existing fraud control mechanisms.

The malware is said to have been active since 2020 but has shifted focus over the years, with the current campaign targeting banking apps, particularly in Germany. According to the researchers, Anatsa’s target list includes almost 600 financial applications worldwide, with the malware stealing customers’ mobile banking application credentials to initiate fraudulent transactions.

Once installed, Anatsa makes a request to a page hosted on GitHub, where the dropper obtains a URL to download the payload, also hosted on GitHub. The payloads masquerade as an add-on to the original application.

After first detecting the campaign in March, the ThreatFabric researchers reported it to Google and it was removed from the Play Store. However, a month later, those behind Anatsa returned with a new app posing as a PDF viewer, with the malware masquerading as an add-on.

The researchers note that the choice of disguise for these malicious applications observed confirms the trend seen for droppers on Google Play. Droppers tend to impersonate file-management-related applications.

The new app was reported to Google again and removed, but in the ultimate game of Whac-A-Mole, every time the apps were removed, new apps appeared. The researchers note that the speed at which the actors return with a new dropper after the previous one is removed is notable in itself, given that the coding can take anywhere from a few days and several weeks.

“It is crucial for companies to remain vigilant regarding the ever-evolving capabilities of attackers who constantly innovate their methodologies,” Pedro Fortuna, co-founder and chief technology officer of JaveScript protection company Jscrambler S.A., told SiliconANGLE. “Similarly, users must exercise caution when…

Source…