Software solutions provider Young Consulting is notifying over 950,000 individuals that their personal information was compromised in a data breach earlier this year. The incident was discovered on April 13, when the company "became aware of technical difficulties" within its environment. The company discovered that the attackers had access to its network between April 10 and April 13. READ MORE...
BlackByte, the ransomware-as-a-service gang believed to be one of Conti's splinter groups, has (once again) created a new iteration of its encryptor. "Talos observed some differences in the recent BlackByte attacks. Most notably, encrypted files across all victims were rewritten with the file extension 'blackbytent_h', which has not yet appeared in public reporting," researchers with Cisco's threat intelligence team have shared. READ MORE...
Outdated devices are often easy targets for attackers, especially if they have vulnerabilities that can be exploited and no patches are available due to their end-of-life status. Hacks of outdated or vulnerable devices are an issue, but why would anyone attempt to hack discontinued devices or those running out-of-support software? To gain control? To spy on people? The answer is quite multifaceted. READ MORE...
Hundreds of open source large language model (LLM) builder servers and dozens of vector databases are leaking highly sensitive information to the open Web. As companies rush to integrate AI into their business workflows, they occasionally pay insufficient attention to how to secure these tools, and the information they trust them with. In a new report, Legit security researcher Naphtali Deutsch demonstrated as much by scanning the Web for two kinds of potentially vulnerable AI services. READ MORE...
Microsoft has fixed flaws in Copilot that allowed attackers to steal users' emails and other personal data by chaining together a series of LLM-specific attacks, beginning with prompt injection. Author and red teamer Johann Rehberger initially disclosed parts of the exploit to Redmond back in January, with the full attack chain following a month later. READ MORE...
Hitachi Energy is urging customers of its MicroSCADA X SYS600 product for monitoring and controlling utility power systems to immediately upgrade to a newly released version to mitigate multiple critical and high-severity vulnerabilities. In a security advisory this week, the company described the vulnerabilities as enabling attacks that could have serious confidentiality, integrity, and availability impacts on affected products. READ MORE...