techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

4.6K
active users

#socialengineering

25 posts14 participants3 posts today

DATE: July 22, 2025 at 05:36PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

Another Medical Practice Closes Its Doors After #Cyberattack t.co/APEpf1Tde4 #Ascension #AlphaMedical #AlphaWellness #RansomHub

Here are any URLs found in the article text:

t.co/APEpf1Tde4

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

DATE: July 22, 2025 at 09:03AM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

What makes #managedfiletransfer, or #MTF, software a favorite target for #hackers? t.co/oISX0WvdpL

Here are any URLs found in the article text:

t.co/oISX0WvdpL

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

🔎 Why Do Hackers Still Use Phishing Links in 2025?

Because they work.

Despite advances in cybersecurity tools, phishing remains a primary vector for initial compromise — targeting not systems, but people.

Here’s what phishing links are really used for 👇

🧠 Credential harvesting — email, cloud, and corporate logins are sold or used for lateral movement.
💰 Financial theft — fake payment pages steal card or crypto wallet data.
🏢 Corporate infiltration — a single click by an employee can expose internal systems.
🦠 Malware delivery — links often lead to silent installs of trojans, stealers, or ransomware.
🧪 User profiling — mass phishing helps attackers identify easy future targets.

🔐 Defense starts with awareness:

✔ Check URLs before clicking
✔ Use phishing-resistant MFA
✔ Educate staff continuously
✔ Monitor for social engineering attempts

Phishing is low-cost, scalable, and increasingly convincing. Organizations can’t afford to rely solely on filters — training and vigilance matter just as much.

Let’s build a safer digital environment, one educated user at a time.

DATE: July 21, 2025 at 05:03PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

#CleoCommunications #FileTransfer Flaw Blamed in #HealthDataBreach Affecting 233,000 t.co/4QnX1jf2mr

Here are any URLs found in the article text:

t.co/4QnX1jf2mr

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

DATE: July 21, 2025 at 08:26AM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

What makes #hacks on #drug and #alcohol testing firms so concerning? t.co/ECMMH6hrUL

Here are any URLs found in the article text:

t.co/ECMMH6hrUL

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

theregister.com/2025/07/18/app

> Unfortunately for Lipnik, Apple said he bore some responsibility for the leak because he hadn't properly secured his development device, "according to Apple's policies." Because of this, Lipnik was fired.

So kids, if you work at Apple and do something stupid and get hacked, don't report it.

The Register · YouTuber leaked iOS secrets via friend spying on dev's phone, Apple lawsuit claimsBy Brandon Vigliarolo
#ios#iphone#hacking

It's been a bit light on news over the last 24 hours, but we've still got some critical updates on active exploits, supply chain attacks, and evolving threat actor tradecraft. Let's dive in:

Popular npm Linter Packages Hijacked via Phishing ⚠️
- Two widely used JavaScript libraries, eslint-config-prettier and eslint-plugin-prettier, were compromised in a supply chain attack after their maintainer fell victim to a targeted phishing campaign.
- The attackers used stolen npm credentials to publish malicious versions (eslint-config-prettier: 8.10.1, 9.1.1, 10.1.6, 10.1.7; eslint-plugin-prettier: 4.2.2, 4.2.3) containing a DLL that executes as a trojan via `rundll32` on Windows machines.
- Developers should immediately verify `package-lock.json` or `yarn.lock` files, check CI logs for signs of compromise, and consider rotating secrets if builds were deployed after July 18th.

🤖 Bleeping Computer | bleepingcomputer.com/news/secu

PoisonSeed Phishing Bypasses FIDO2 MFA 🔒
- The PoisonSeed phishing campaign is now abusing WebAuthn's legitimate cross-device sign-in feature to bypass FIDO2 security key protections.
- Attackers use an Adversary-in-the-Middle (AiTM) setup to display a QR code from the legitimate login portal on their phishing page, tricking users into approving the attacker's login attempt via their smartphone or authentication app.
- To mitigate, organisations should limit geographic login locations, routinely check for unknown FIDO key registrations, and consider enforcing Bluetooth-based authentication for cross-device sign-ins.

🤖 Bleeping Computer | bleepingcomputer.com/news/secu

CrushFTP Zero-Day Under Active Exploitation 🛡️
- CrushFTP is warning customers about active exploitation of a zero-day vulnerability, CVE-2025-54309, which grants administrative access via the web interface.
- The flaw affects versions prior to CrushFTP v10.8.5 and v11.3.4_23, with exploitation detected since July 18th, potentially earlier, by threat actors who reverse-engineered a prior fix.
- Indicators of compromise include unexpected entries in `MainUsers/default/user.XML` and new, unrecognised admin-level usernames. Admins should restore user configs from pre-July 16th backups, review logs, and consider IP whitelisting or DMZ instances.

🤖 Bleeping Computer | bleepingcomputer.com/news/secu

Social Engineering: The New Zero-Day? 🧠
- Ariel Parnes, former IDF cyber chief, suggests that social engineering, not zero-days, is becoming the primary concern for cyber defenders, as demonstrated by groups like Scattered Spider and Iranian APTs.
- Generative AI significantly enhances social engineering capabilities by automating reconnaissance and enabling the creation of highly convincing phishing emails, fake documents, and spoofed websites at scale.
- This shift means attackers don't need advanced cyber weapons; they just need to understand target organisations, people, language, and culture, making the threat more scalable and effective.

🕵🏼 The Register | go.theregister.com/feed/www.th

Alright team, a busy 24 hours in the cyber world! We've got some significant updates on nation-state activity, a couple of actively exploited vulnerabilities, a new ransomware decryptor, and a reminder about the ever-evolving privacy landscape. Let's dive in.

Russian Alcohol Retailer Hit by Ransomware ⚠️

- WineLab, a major Russian alcohol retailer and part of Novabev Group, has shut down its stores and online operations following a cyberattack.
- The company confirmed a ransom demand was made but stated they would not comply, indicating potential data theft or system encryption.
- While most major Russian-origin ransomware groups typically avoid targeting entities within Russia or CIS, this incident highlights a growing trend of smaller RaaS operations or non-Russian actors breaching such targets.

🤖 Bleeping Computer | bleepingcomputer.com/news/secu

Actively Exploited Vulnerabilities

CrushFTP Zero-Day Under Active Exploitation 🛡️

- CrushFTP is warning customers about a zero-day vulnerability, CVE-2025-54309, actively exploited to gain administrative access via the web interface.
- The flaw affects versions prior to CrushFTP v10.8.5 and v11.3.4_23, with exploitation detected since July 18th, potentially earlier.
- Indicators of compromise include unexpected entries in MainUsers/default/user.XML and new, unrecognised admin-level usernames like "7a0d26089ac528941bf8cb998d97f408m". Admins should review logs and consider IP whitelisting or DMZ instances.

🤖 Bleeping Computer | bleepingcomputer.com/news/secu

Hackers Scanning for TeleMessage Signal Clone Flaw 🔒

- Researchers are observing active exploitation attempts for CVE-2025-48927 in the TeleMessage SGNL app, a Signal clone, which can expose usernames, passwords, and other sensitive data.
- The vulnerability stems from exposing the '/heapdump' endpoint from Spring Boot Actuator without authentication, allowing attackers to download a full Java heap memory dump.
- Organisations using on-premise installations of TeleMessage SGNL should immediately disable or restrict access to the '/heapdump' endpoint and limit exposure of all Actuator endpoints.

🤖 Bleeping Computer | bleepingcomputer.com/news/secu

Nation-State Activity, Malware, and Ransomware Updates

UK Sanctions Russian GRU for Cyber Operations and Murders 🚨

- The UK government has sanctioned 18 Russian military intelligence officers and three GRU units (26165, 29155, 74455) for cyber reconnaissance operations linked to civilian targeting in Ukraine and destabilisation efforts in Europe.
- Unit 26165 (Fancy Bear/APT28) is specifically attributed to deploying 'Authentic Antics' malware, a sophisticated credential stealer for Microsoft 365 accounts that exfiltrates data by sending emails from the victim's own account without appearing in the sent folder.
- This action underscores the UK's commitment to exposing and countering hybrid threats, with international allies like the EU and NATO issuing solidarity statements.

🗞️ The Record | therecord.media/uk-sanctions-g
🤫 CyberScoop | cyberscoop.com/uk-sanctions-ru
🤖 Bleeping Computer | bleepingcomputer.com/news/secu

Singapore Accuses Chinese APT of Critical Infrastructure Attacks 🇨🇳

- Singapore's Minister for National Security, K. Shanmugam, has publicly accused Chinese espionage group UNC3886 of actively targeting the nation's critical infrastructure.
- UNC3886 is known for exploiting routers and network security devices (like Juniper, Fortinet, VMware) to deploy custom backdoors, focusing on stealth and long-term persistence in defence, technology, and telecommunication sectors.
- This ongoing threat highlights the potential for cascading impacts on business operations and supply chains, urging a re-evaluation of vendor trust and system security.

🗞️ The Record | therecord.media/singapore-accu

Free Decryptor Released for Phobos and 8Base Ransomware 🔓

- The Japanese National Police Agency, in collaboration with Europol and the FBI, has released a free decryptor for victims of Phobos and its spin-off, 8Base ransomware.
- This tool supports files encrypted with extensions like ".phobos", ".8base", ".elbie", ".faust", and ".LIZARD", and is believed to be possible due to information obtained during recent law enforcement disruptions and arrests of key operators.
- Victims are strongly encouraged to try the decryptor, available on the Japanese police website and NoMoreRansom platform, even if their file extensions aren't explicitly listed, as it has been confirmed to successfully decrypt files from recent variants.

🤖 Bleeping Computer | bleepingcomputer.com/news/secu
🗞️ The Record | therecord.media/decryptor-phob

Arch Linux AUR Packages Spread Chaos RAT Malware 🐧

- Arch Linux has removed three malicious packages ("librewolf-fix-bin", "firefox-patch-bin", "zen-browser-patched-bin") from its Arch User Repository (AUR) that were installing the CHAOS remote access trojan (RAT).
- The packages, uploaded by user "danikpapas", contained a source entry pointing to a GitHub repository with malicious code executed during the build/installation phase.
- Users who installed these packages should immediately check for and delete a suspicious "systemd-initd" executable, potentially located in the /tmp folder, and take further measures to ensure their systems are not compromised.

🤖 Bleeping Computer | bleepingcomputer.com/news/secu

Social Engineering and AI: The New Zero-Day? 🧠

- Former IDF cyber chief Ariel Parnes highlights that social engineering, rather than zero-days, is increasingly the primary concern for cyber defenders, as demonstrated by groups like Scattered Spider and Iranian APTs.
- Generative AI significantly enhances social engineering capabilities by automating reconnaissance and enabling the creation of highly convincing phishing emails, fake documents, and spoofed websites at scale.
- This shift means attackers don't need advanced cyber weapons; they just need to understand target organisations, people, language, and culture, making the threat more scalable and effective.

🕵🏼 The Register | go.theregister.com/feed/www.th

Data Privacy and AI Terms of Service

AI and Terms of Service: A Privacy Minefield ⚖️

- Companies integrating AI are updating their Terms of Service (ToS), causing user backlash over data usage for AI model training, as seen with WeTransfer.
- WeTransfer faced significant user anger after a ToS change granted broad licensing permissions for content, including for "improving performance of machine learning models," despite denying intent to use files for AI training.
- This incident highlights the "AI trust crisis" where users are wary of how their data is used, underscoring the need for clear, transparent communication from companies regarding AI features and data handling.

🕵🏼 The Register | go.theregister.com/feed/www.th

DATE: July 18, 2025 at 04:26PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

Texas #Drug, #Alcohol Testing Firm Hack Affects Nearly 750,000 t.co/M2845DU3Pt #databreach

Here are any URLs found in the article text:

t.co/M2845DU3Pt

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

DATE: July 18, 2025 at 08:36AM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

What two #healthcare entities just reported #databreaches that combined affected more than 3.3 million patients? t.co/GDGCsaBd2r

Here are any URLs found in the article text:

t.co/GDGCsaBd2r

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

DATE: July 17, 2025 at 04:36PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

#Dermatology, #MedicalImaging Hacks Expose 3.3 Million Patients' PHI t.co/J4DtMQJRd4 #HIPAA #databreach

Here are any URLs found in the article text:

t.co/J4DtMQJRd4

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

Evolution of macOS Odyssey Stealer: New Techniques & Signed Malware

A new variant of the Odyssey infostealer for macOS has been discovered, featuring code signing, notarization, and a persistent backdoor. The malware mimics a Google Meet updater and uses a SwiftUI-based 'Technician Panel' for social engineering. It steals sensitive data, including passwords, browser information, and cryptocurrency wallet contents. The stealer now includes a second-stage payload that establishes persistence and communicates with a command-and-control server. Notable features include dynamic command execution, network tunneling capabilities, and self-termination mechanisms. The malware also employs anti-analysis techniques to evade researchers. Multiple signed and notarized samples have been identified in the wild, indicating an evolution in the threat actor's tactics.

Pulse ID: 68792679d13c814d91c9c973
Pulse Link: otx.alienvault.com/pulse/68792
Pulse Author: AlienVault
Created: 2025-07-17 16:36:09

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

DATE: July 17, 2025 at 09:08AM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

What are the top mistakes entities make that often leads to major #email #phishing #databreaches? t.co/ZiCbeLdKHl

Here are any URLs found in the article text:

t.co/ZiCbeLdKHl

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

DATE: July 16, 2025 at 04:05PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

#Email Hack Affects at Least 24 #CancerCare Practices t.co/ar8ErhqBiS #ION #CardinalHealth #IntegratedOncologyNetwork #Navista

Here are any URLs found in the article text:

t.co/ar8ErhqBiS

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering

UNG0002 (Unknown Group 0002): Espionage Campaigns Uncovered

UNG0002, an espionage-focused threat group, has been conducting campaigns across Asian jurisdictions including China, Hong Kong, and Pakistan. The group employs sophisticated multi-stage attacks using LNK files, VBScript, and custom RAT implants. Their operations span two major campaigns: Operation Cobalt Whisper and Operation AmberMist, targeting various sectors such as defense, aviation, gaming, and academia. UNG0002 utilizes social engineering techniques like ClickFix and abuses DLL sideloading to evade detection. The group demonstrates high adaptability, evolving from using Cobalt Strike to developing custom implants like Shadow RAT and INET RAT. Attribution challenges persist, but the group is assessed to originate from South-East Asia with a focus on espionage activities.

Pulse ID: 6877c4526c004d0e49615050
Pulse Link: otx.alienvault.com/pulse/6877c
Pulse Author: AlienVault
Created: 2025-07-16 15:25:06

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

Crypto Wallets Continue to be Drained in Elaborate Social Media Scam

An ongoing social engineering campaign is targeting cryptocurrency users through fake startup companies impersonating AI, gaming, and Web3 firms. The scammers create elaborate facades using spoofed social media accounts and project documentation on platforms like Notion and GitHub. They contact victims offering to pay them to test software, which is actually malware designed to steal crypto wallet contents. The campaign uses both Windows and macOS malware, including information stealers like Atomic Stealer. The threat actors go to great lengths to appear legitimate, even creating fake conference photos and merchandise stores. Multiple fake company identities have been identified as part of this campaign.

Pulse ID: 6877cefd95d4f7f393a22c79
Pulse Link: otx.alienvault.com/pulse/6877c
Pulse Author: AlienVault
Created: 2025-07-16 16:10:37

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

LevelBlue Open Threat ExchangeLevelBlue - Open Threat ExchangeLearn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

DATE: July 16, 2025 at 02:33PM
SOURCE: HEALTHCARE INFO SECURITY

Direct article link at end of text block below.

Why #ScatteredSpider Persists as Major #CyberThreat to #Insurers t.co/cWfBWemZfa #westmonroe

Here are any URLs found in the article text:

t.co/cWfBWemZfa

Articles can be found by scrolling down the page at healthcareinfosecurity.com/ under the title "Latest"

-------------------------------------------------

Private, vetted email list for mental health professionals: clinicians-exchange.org

Healthcare security & privacy posts not related to IT or infosec are at @HIPAABot . Even so, they mix in some infosec with the legal & regulatory information.

-------------------------------------------------

#security #healthcare #doctors #itsecurity #hacking #doxxing #psychotherapy #securitynews #psychotherapist #mentalhealth #psychiatry #hospital #socialwork #datasecurity #webbeacons #cookies #HIPAA #privacy #datanalytics #healthcaresecurity #healthitsecurity #patientrecords @infosec #telehealth #netneutrality #socialengineering