Insurance company Globe Life is notifying 850,000 individuals of a data breach that might have involved their personal, health, and insurance information. The data breach, Globe Life told the Securities and Exchange Commission in October 2024, was discovered after a threat actor attempted to extort the company, demanding a ransom payment in exchange for not publishing stolen information. READ MORE...
Asheville Eye Associates and Delta County Memorial Hospital District last week disclosed separate data breaches that impacted hundreds of thousands of individuals. On Friday, Asheville Eye Associates said the personal and medical information of a subset of its patients was compromised as a result of a cybersecurity incident. The potentially compromised information, the North Carolina eye care center said, includes names, addresses, medical treatment information, and health insurance information. READ MORE...
?Mizuno USA, a subsidiary of Mizuno Corporation, one of the world's largest sporting goods manufacturers, confirmed in data breach notification letters that unknown attackers stole files from its network between August and October 2024. Headquartered in Peachtree Corners, Georgia, Mizuno USA manufactures and distributes golf, running, baseball, volleyball, softball, swimming, and tennis equipment, apparel, and footwear for North America. READ MORE...
WhatsApp said Friday that it had disrupted a spyware campaign that targeted 90 people, including journalists and activists. The company tied to the campaign, according to WhatsApp, is Israeli firm Paragon, which last fall signed a $2 million contract with Immigration and Customs Enforcement and recently was purchased by U.S. private equity giant AE International. "We've reached out directly to people who we believe were affected," said a WhatsApp spokesperson. READ MORE...
During the past several months there have been numerous malware campaigns that use a technique something referred to as "ClickFix". It often consists of a fake CAPTCHA or similar traffic validation page where visitors are instructed to paste and execute code in order to proceed. We have started to see ClickFix attacks more and more via malicious Google ads as well. This is in contrast to typical phishing pages where victims download a so-called installer that contains malware. READ MORE...
Modern technology is far from foolproof - as we can see with, for example, the numerous vulnerabilities that keep cropping up. While designing systems that are secure by design is a tried-and-true best practice, doing so can divert resources from other areas, such as user experience (UX) design, performance optimization, and interoperability with other solutions and services. Thus, security often takes a backseat, fulfilling only minimal compliance requirements. READ MORE...
It's become almost a cliché to say that cybercriminals are remarkably quick to latch onto the latest trends and technologies and exploit them for their own nefarious gains. The buzz around DeepSeek and its state-of-the-art AI models is no exception. In fact, the past few days have provided a stark reminder that while the tech world is evolving at a breakneck speed, the tactics of online scammers often remain strikingly familiar. READ MORE...
Multiple state-sponsored groups are experimenting with the AI-powered Gemini assistant from Google to increase productivity and to conduct research on potential infrastructure for attacks or for reconnaissance on targets. Google's Threat Intelligence Group (GTIG) detected government-linked advanced persistent threat (APT) groups using Gemini primarily for productivity gains rather than to develop or conduct novel AI-enabled cyberattacks that can bypass traditional defenses. READ MORE...
Researchers have tricked DeepSeek, the Chinese generative AI (GenAI) that debuted earlier this month to a whirlwind of publicity and user adoption, into revealing the instructions that define how it operates. DeepSeek, the new "it girl" in GenAI, was trained at a fractional cost of existing offerings, and as such has sparked competitive alarm across Silicon Valley. his has led to claims of intellectual property theft from OpenAI, and the loss of billions in market cap for AI chipmaker Nvidia. READ MORE...
The Food and Drug Administration has released a safety communication about the cybersecurity vulnerabilities of certain patient monitors from Contec and Epsimed. The notice, which the FDA published Thursday, describes three vulnerabilities that can allow people to gain access to remote monitoring technology and potentially manipulate the devices. The FDA is not aware of cybersecurity incidents, injuries or deaths linked to the vulnerabilities. READ MORE...