Accounting Firm WMDDH Discloses Data Breach Impacting 127,000
Public accounting firm Wright, Moore, DeHart, Dupuis & Hutchinson (WMDDH) is notifying over 127,000 individuals that their personal information was stolen in a July 2023 data breach. The incident, the company wrote in notification letters to the impacted individuals, was identified on July 11, 2023, when unusual network activity was observed on WMDDH's network. READ MORE...
Deepfake Ukrainian diplomat targeted US senator on Zoom call
The chair of the United States Foreign Relations Committee was targeted by a sophisticated deepfake operation which impersonated a top Ukrainian official in what was an apparent attempt at election interference. The office of Ben Cardin, the Democratic Senator for Maryland, reportedly received an email on Thursday September 19 from someone claiming to be former Ukrainian Foreign Affairs Minister Dmytro Kuleba, requesting a Zoom call. READ MORE...
US Charges 3 Iranians Over Presidential Campaign Hacking
The United States on Friday announced charges, sanctions and rewards in response to recent Iranian hacking operations targeting the 2024 election. It came to light in recent months that Iran has been running a cyber campaign targeting the upcoming US presidential election. Hackers linked to Iran have targeted the Biden, Trump and Harris campaigns, and they even offered sensitive information stolen from the Trump campaign to the Biden campaign. READ MORE...
AI code helpers just can't stop inventing package names
AI models just can't seem to stop making things up. As two recent studies point out, that proclivity underscores prior warnings not to rely on AI advice for anything that really matters. One thing AI makes up quite often is the names of software packages. As we noted earlier this year, Lasso Security found that large language models (LLMs), when generating sample source code, will sometimes invent names of software package dependencies that don't exist. READ MORE...
Meta pays the price for storing hundreds of millions of passwords in plaintext
Officials in Ireland have fined Meta $101 million for storing hundreds of millions of user passwords in plaintext and making them broadly available to company employees. Meta disclosed the lapse in early 2019. The company said that apps for connecting to various Meta-owned social networks had logged user passwords in plaintext and stored them in a database that had been searched by roughly 2,000 company engineers, who collectively queried the stash more than 9 million times. READ MORE...
British man used genealogy websites to fuel alleged hacking and insider trading scheme
A London-based man is facing extradition to the United States after allegedly masterminding a scheme to hack public companies prior to their earnings announcements and use the secrets he uncovered to make millions of dollars on the stock market. 39-year-old Robert Westbrook is said to have used genealogy websites to gather personal information about company executives, which he then used to break into their email accounts and steal confidential corporate data. READ MORE...
Could APIs be the undoing of AI?
Application programming interfaces (APIs) are essential to how generative AI (GenAI) functions with agents (e.g., calling upon them for data). But the combination of API and LLM issues coupled with rapid rollouts is likely to see numerous organizations having to combat security failings. While GenAI is susceptible to the usual security issues associated with APIs, there are also AI-specific concerns which have been well-documented by the OWASP Project. READ MORE...
Critical flaw in NVIDIA Container Toolkit allows full host takeover
A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. The security issue is tracked as CVE-2024-0132 and allows an adversary to perform container escape attacks and gain full access to the host system, where they could execute commands or exfiltrate sensitive information. The particular library comes pre-installed in many AI-focused platforms and virtual machine images. READ MORE...
Novel Exploit Chain Enables Windows UAC Bypass
Researchers have flagged a weakness they're tracking as CVE-2024-6769, calling it a combination user access control (UAC) bypass/privilege escalation vulnerability in Windows. It could allow an authenticated attacker to obtain full system privileges, they warned. That's according to Fortra, which assigned the issue a medium severity score of 6.7 out of 10 on the Common Vulnerability Scoring System (CVSS) scale. READ MORE...
- ...in 1927, Babe Ruth hits his 60th home run of the 1927 season and with it sets a record that would stand for 34 years.
- ...in 1954, the USS Nautilus, the world's first nuclear submarine, is commissioned by the U.S. Navy.
- ...in 1972, Pro baseball great Roberto Clemente hits his 3,000th and final hit of his career
- ...in 1980, the original specifications for Ethernet computer networking technologies are published by Xerox with Intel and Digital Equipment Corporation.
