Google has issued a warning to users of Android TV OS devices to be aware that some TV boxes are not what they appear, certainly when it comes to the security implications for their users.

In an official Google Android TV OS support forum posting, a Google employee confirms that the company has “recently received questions regarding TV boxes that are built with Android Open Source Project and are being marketed to appear as Android TV OS devices.”

However, as we all know, appearances can be deceptive. Even though, the warning continues, these may have Google apps and even the Play Store installed, that doesn’t mean these are licensed by Google. Which means, it continues, “these devices are not Play Protect certified.”

Alkup.
https://support.google.com/androidtv/thread/217840369?hl=en&sjid=6644248032415929751-NA

A ransomware attack on a major dental insurance provider leaked the personal information of nearly nine million people across the United States, according to documents filed with state regulators.

Managed Care of North America (MCNA) is the largest dental insurer in the nation for government-sponsored Medicaid and Children’s Health Insurance Programs, providing services to more than five million members across eight states.

On March 6, its IT team became aware of a hack and later discovered that “certain systems within the network may have been infected with malicious code.”

On March 27, the LockBit ransomware group took credit for the attack, claiming to have stolen 700 gigabytes of data. An investigation — completed on May 3 and led by a cybersecurity firm — revealed that hackers had been in MCNA’s systems from February 26 to March 7 and had made copies of information.

LockBit published all of the files on April 6 after a $10 million ransom was not paid.

In a notice on their website, the company said the information stolen included more specific information about patient visits, like a dentist’s name, X-rays, photos, treatment and bills. Some of the information was for the parents or guardians of patients.

Ukrainian hackers have breached the systems of Skolkovo Foundation, the agency which oversees the high-tech business area located on the outskirts of Moscow.
The Foundation was founded and charged by Russian former President Dmitry Medvedev to rival Silicon Valley in the U.S.

According to Skolkovo’s statement, the hackers managed to gain limited access to certain information systems of the organization, including its file hosting service on physical servers.

A group of Ukrainian hacktivists took credit for the attack last week and shared screenshots on Telegram of systems they managed to access.

End-of-year high school exams in Greece were disrupted this week by “one of the most extensive cyberattacks in the country’s history,” according to the country’s Education Ministry.

The distributed denial-of-service attack, or DDoS, targeted Greece’s online examination platform, which is designed to set a uniform exam standard nationwide. In a DDoS attack, a server is flooded with internet traffic from a variety of sources simultaneously.

Cybersecurity researchers have found “backdoor-like behavior” within Gigabyte systems, which they say enables the UEFI firmware of the devices to drop a Windows executable and retrieve updates in an unsecure format.

Firmware security firm Eclypsium said it first detected the anomaly in April 2023. Gigabyte has since acknowledged and addressed the issue.

A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers.

The latest campaign was uncovered by Trend Micro, who have followed RomCom since the summer of 2022. The researchers report that the threat actors behind the malware have escalated its evasion by using payload encryption and obfuscation and expanded the tool’s capabilities by introducing new and powerful commands.

Most websites used for distributing RomCom to victims concern remote desktop management applications, which increases the likelihood of attackers employing phishing or social engineering to approach their targets.

The premium WordPress plugin ‘Gravity Forms,’ currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection.

Gravity Forms is a custom form builder website owners use for creating payment, registration, file upload, or any other form required for visitor-site interactions or transactions.

On its website, Gravity Forms claims it is used by a wide variety of large companies, including Airbnb, ESPN, Nike, NASA, PennState, and Unicef.