Microsoft on Thursday published details about Skeleton Key - a technique that bypasses the guardrails used by makers of AI models to prevent their generative chatbots from creating harmful content. As of May, Skeleton Key could be used to coax an AI model into explaining how to make (for example) a Molotov cocktail. The recipe for this not exactly a well-kept secret, but AI companies have insisted they're working to suppress harmful content buried within AI training data. READ MORE...
The U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency prior to invading the country. The announcement from the Department of Justice (DoJ) says that in January 2022 Stigal and members of the GRU used a U.S.-based company to distribute the WhisperGate pseudo-ransomware to systems at dozens of Ukrainian government entities to destroy data. READ MORE...
Ann & Robert H. Lurie Children's Hospital of Chicago is informing hundreds of thousands of individuals that their personal and health information has been compromised as a result of a ransomware attack. The children's hospital took many of its systems offline in late January in response to a cyberattack. The incident resulted in limited access to medical records, disruptions to a patient portal, and hampered communications. READ MORE...
Swaths of personal data and documents belonging to users of the world's most popular apps have been exposed online for well over a year now, and may have leaked to cybercriminals a while ago. The company responsible for the leak, AU10TIX, is based in a suburb of Tel Aviv and specializes in identity verification via personal documents, biometrics, and more. Its customers include major companies like X, TikTok, LinkedIn, Coinbase, eToro, PayPal, Fiverr, Upwork, Bumble, Uber, and others. READ MORE...
The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group. "On Wednesday, 26 June 2024, our security team detected an irregularity in TeamViewer's internal corporate IT environment," TeamViewer said in a post to its Trust Center. "We immediately activated our response team and procedures." READ MORE...
Fortra this week announced patches for a critical-severity SQL injection vulnerability in FileCatalyst Workflow that could allow attackers to create administrative user accounts. Tracked as CVE-2024-5276 (CVSS score of 9.8) and affecting FileCatalyst Workflow version 5.1.6 Build 135 and earlier, the issue could also be exploited to modify application data, Fortra noted in an advisory. READ MORE...
The majority of CDK Global's car dealership customers are still operating without critical services in the wake of fallout from a cyberattack, which has had consequences extending into a second week. CDK Global said it's making progress recovering, but services won't be restored for all of its customers until June 30, according to an automated voice message service it set up to provide updates to customers. READ MORE...
Just over half of critical open source projects are written in code using memory-unsafe languages, the FBI and Cybersecurity and Infrastructure Security Agency said in a report released Wednesday. The largest projects are disproportionately reliant on memory-unsafe languages, the agencies found. The report analyzed a total of 172 critical projects from the Open Source Security Foundation's Critical Projects Working Group. READ MORE...