Lifeboat Foundation

Nokia’s investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted.

The statement comes in response to threat actor IntelBroker earlier this week releasing data belonging to Nokia, allegedly stolen after breaching a third-party vendor’s server.

The hacker tried to sell the data, claiming that it includes SSH keys, source code, RSA keys, BitBucket logins, SMTP accounts, webhooks, and hardcoded credentials, but they decided to leak it after Nokia denied the breach.

A new phishing campaign dubbed ‘CRON#TRAP’ infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.

Using virtual machines to conduct attacks is nothing new, with ransomware gangs and cryptominers using them to stealthily perform malicious activity. However, threat actors commonly install these manually after they breach a network.

A new campaign spotted by Securonix researchers is instead using phishing emails to perform unattended installs of Linux virtual machines to breach and gain persistence on corporate networks.

Healthcare start-up Tennr reports a $37 million Series B fundraising round – nine months after raising an $18 million Series A funding round. The young company plans to use machine learning in order to improve patient record keeping, prevent medical error and reduce waiting times for patients. The Series B round was led by Lightspeed Ventures, together with existing investors Andreessen Horowitz and Foundation Capital, and raises the total amount of money raised by the company to $61 million.

Several US healthcare providers have already begun working with the firm, both private doctors’ practices and major clinics and hospitals. These providers receive referrals from primary care providers in different formats to register patients and document their case history. Since providers often compete with each other for patients, there is no standard format used in the industry nationwide, with many companies relying on handwritten documents, messages from private email accounts, and some even using such outdated technology as fax machines. This causes significant delays in the provision of treatment, and increases the likelihood that patients will be misdiagnosed, referred to the wrong clinic or denied access to a specialist whose expertise they require.

Tennr has made it its mission to solve these problems by automating this process: it extracts the relevant information from referrals, no matter what form they’re received in or what technology was used to generate the documents, which not only enables more rapid response times but also creates an unprecedented level of standardization in the medical field, nationally and in the future perhaps globally as well. The company has already processed tens of millions of referrals for patients in the USA, ensuring an appointment with a specialist in a few hours, instead of having to wait several weeks and at times months.

A phishing campaign dubbed ‘Phish n’ Ships’ has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items.

Unsuspecting users clicking on those products are redirected to a network of hundreds of fake web stores that steal their personal details and money without shipping anything.

According to HUMAN’s Satori Threat Intelligence team that discovered Phish n’ Ships, the campaign has impacted hundreds of thousands of consumers, causing estimated losses of tens of millions of dollars.

Companies must adapt their security postures to keep pace with the rapid innovation of technologies affecting operational security. — by Chuck Brooks / Brooks Consulting International.

OpenAI claims cyber threats are easier to detect when attackers use ChatGPT.

Media Advisory: Cybersecurity & Emerging Tech Expert and Georgetown professor Chuck Brooks Media Availability.

By Chuck Brooks, Skytop Contributor / October 25, 2024

Chuck Brooks serves as President and Consultant of Brooks Consulting International. Chuck also serves as an Adjunct Professor at Georgetown University in the Cyber Risk Management Program, where he teaches graduate courses on risk management, homeland security, and cybersecurity.

Chuck has received numerous global accolades for his work and promotion of cybersecurity. Recently, he was named the top cybersecurity expert to follow on social media, and also as one top cybersecurity leaders for 2024. He has also been named “Cybersecurity Person of the Year” by Cyber Express, Cybersecurity Marketer of the Year, and a “Top 5 Tech Person to Follow” by LinkedIn” where he has 120,000 followers on his profile.

As a thought leader, blogger, and event speaker, he has briefed the G20 on energy cybersecurity, The US Embassy to the Holy See, and the Vatican on global cybersecurity cooperation. He has served on two National Academy of Science Advisory groups, including one on digitalizing the USAF, and another on securing BioTech. He has also addressed USTRANSCOM on cybersecurity and serves on an industry/government Working group for DHS CISA focused on security space systems.

SEC charges four companies for misleading disclosures regarding the SolarWinds cyberattack, imposing fines totaling $6 million.