Just over 77,000 individuals will be receiving news from Fidelity Investments that their personal information has been compromised in a data security incident. The breach itself occurred between Aug. 17 and Aug. 19, when an unauthorized third-party gained access to two customer accounts and obtained private information. When the activity was detected on Aug. 19, access was terminated and an investigation began. READ MORE...
Marriott International and its subsidiary Starwood Hotels and Resorts have agreed to a settlement with the federal and state authorities over three separate data breaches between 2014 and 2020. In a 16-page proposed consent order with the Federal Trade Commission, the hotel chains agreed to a series of compulsory actions to improve the way they handle, store and protect personal customer data. READ MORE...
Using ChatGPT to research cyber threats has backfired on bad actors, OpenAI revealed in a report analyzing emerging trends in how AI is currently amplifying online security risks. Not only do ChatGPT prompts expose what platforms bad actors are targeting-and in at least one case enabled OpenAI to link a covert influence campaign on X and Instagram for the first time-but they can also reveal new tools that threat actors are testing to evolve their deceptive activity online, OpenAI claimed. READ MORE...
Imagine a vast and invisible army silently infiltrating your organization's digital defenses. No, this isn't the plot of a sci-fi thriller - it's the reality of non-human identities (NHIs) in today's cybersecurity landscape. As a seasoned security architect, I've watched this hidden force grow from a manageable contingent to a sprawling, often ungoverned multitude that's keeping chief information security officers (CISOs) awake at night. READ MORE...
Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. Code White security researcher Florian Hauser found that the security flaw, now tracked as CVE-2024-40711, is caused by a deserialization of untrusted data weakness that unauthenticated threat actors can exploit in low-complexity attacks. READ MORE...
The FBI created its own cryptocurrency so it could watch suspected fraudsters use it - an idea that worked so well it produced arrests in three countries. News of the Feds' currency, an Ethereum-based instrument named NexFundAI, appeared in a Wednesday Department of Justice announcement that eighteen individuals have been charged "for widespread fraud and manipulation in the cryptocurrency markets." READ MORE...
Of the more than 14,000 IPs of exposed and vulnerable medical devices, health care login portals, and databases throughout the world, nearly half are found in the U.S., according to a report released Thursday. Censys - a search platform that can identify internet-connected devices - scoured the public net and categorized the vast medical playground used by malicious hackers that partly explains why the industry is beset with so many attacks. READ MORE...