Third Party Risk Assessment

Third Party Risk Assessment Page 1

Cerebral Healthcare Patients Data Breach Medical Vendor Risk

Millions of Cerebral healthcare patients get impacted by a breach

About 3.8 million people were notified of a data breach that had recently affected a healthcare platform ‘Cerebral’ after the company detected that patients’ information had been exposed to third parties without appropriate consent. According to Cerebral’s published notice on its website, the logging features of invisible pixel trackers they use on several third parties...
Continue Reading
Colour-Blind RAT Spreads Compromised PyPI Packages Phyton

Colour-Blind RAT spreads through compromised PyPI packages

A malicious PyPI package has been currently spreading a fully featured information stealer and remote access trojan called Colour-Blind RAT. The PyPI repositories have become a frequent and easy target entity of numerous attackers since anyone could publish packages without going through reviews, code testing, or user validation. Based on reports, the RAT resides in...
Continue Reading
Attackers Vulnerability Exploit GoAnywhere Flaw Cyberattack CHS Healthcare

Attackers exploit the GoAnywhere flaw to attack CHS healthcare

One of the most prominent healthcare provider firms, Community Health Systems (CHS), confirmed that they are subject to a recent attack that exploited Fortra’s GoAnywhere secure file transfer platform. CHS admitted earlier this week that Fortra issued an update that it had suffered a security incident that led to some of its data compromises. A...
Continue Reading
Compromised NPM Packages Pose Speed Testers Fraud Prevention Vendor Risk

Compromised NPM packages pose as speed testers

Researchers identified 16 new NPM packages that pose as internet speed testers to spread coinminers that could hijack infected devices and mine crypto funds for their operators. The threat actors uploaded these malicious packages onto NPMan online repository with more than two million open-source JavaScript packages. This platform reaches numerous software developers who help hasten...
Continue Reading
QakNote Malware Brand Abuse Microsoft OneNote

QakNote operators exploit MS OneNote to infect targets

The QakBot botnet operators have executed a new malware campaign that utilises a new malicious payload called QakNote. This botnet has transformed from a banking trojan into a multi-purpose botnet that could perform a lateral movement, reconnaissance procedures, data exfiltration, stealing, and payload delivery. The new campaign started in the last weeks of January when...
Continue Reading
System Admins ESXi VMware Servers Disable OpenSLP Virtualization Vulnerability

Admins are advised to patch ESXi servers and disable OpenSLP

The surge of ransomware attacks against internet-exposed flawed ESXi servers has forced VMware to warn their customers to update their latest security updates and disable the OpenSLP service. Based on reports, threat actors cannot exploit a zero-day flaw in this service since it is disabled by default in the ESXI software release. In addition, hackers...
Continue Reading
Zero Day Flaw Vulnerability Fortra GoAnywhere MFT Exploited Data Transfer SaaS

A zero-day flaw in Fortra’s GoAnywhere MFT gets exploited

Security researchers discovered ongoing exploitation of a zero-day flaw that affected the managed file-transfer solution, GoAnywhere MFT, owned by Fortra. This issue is critical as numerous companies, local government entities, and educational institutions use the data transfer platform in daily operations. Threat actors commonly target data transfer tools such as GoAnywhere MFT, Accellion, and FileZen,...
Continue Reading
Microsoft Verified Publisher Status Exploited Hackers

Microsoft’s verified publisher status exploited by hackers

A newly discovered OAuth app campaign that exploits Microsoft’s verified publisher status is used by hackers to execute their app distribution campaign. These compromised applications obtained extensive authorised permissions that could enable their operators to gain essential abilities within a targeted system. Researchers confirmed that these attacks could allow hackers to read emails, change mailbox...
Continue Reading
OneNote Attachments Spread RAT Malware

OneNote attachments could spread RATs and malware

Malicious threat actors have now used another Microsoft feature, OneNote, to spread malware as part of their new delivery methods. Researchers initially discovered this campaign last year, where attackers use OneNote documents as attachments to disseminate the Formbook malware. Earlier this year, another set of actors used OneNote attachments in a malspam email campaign that...
Continue Reading
KeePass Flaw Vulnerability Bug Password Manager Cybersecurity SaaS

KeePass devs question a discovered flaw in its infrastructure

KeePass, a password manager platform, said in a recent statement that they are disputing a vulnerability found by security experts, which involved hackers being able to export critical databases in plain text without being detected. The vulnerability tracked as CVE-2023-24055 allows threat actors with permitted write access to alter a targeted system’s KeePass XML configuration...
Continue Reading
1 2 3 15