Healthcare Services Group Data Breach Impacts 624,000
Healthcare Services Group is notifying over 624,000 individuals that their personal information was stolen in a data breach. The incident, the organization says, was identified on October 7, 2024, and involved unauthorized access to its systems between September 27, 2024, and October 3, 2024. During the timeframe, the hackers copied certain files from the compromised machines, including files containing personal information. READ MORE...
Auchan retailer data breach impacts hundreds of thousands of customers
French retailer Auchan is informing that some sensitive data associated with loyalty accounts of several hundred thousand of its customers was exposed in a cyberattack. The company is sending data breach notifications to customers affected by the incident. "We are writing to inform you that Auchan has been the victim of a cyberattack. This attack resulted in unauthorized access to certain personal data associated with your loyalty account," reads the retailer's notification. READ MORE...
Fast-Spreading, Complex Phishing Campaign Installs RATs
A rapidly growing phishing campaign targeting Windows users across the globe is not only stealing credentials for future attacks but also spreading various remote access trojans (RATs) via malicious scripts. Researchers at Fortinet Labs detected the campaign, which is operating on what they call a "truly global scale" to target organizations across various sectors, with manufacturing, technology, healthcare, construction, and retail/hospitality taking the brunt of the attacks. READ MORE...
ClickFix Attack Tricks AI Summaries Into Pushing Malware
A new ClickFix social engineering proof-of-concept attack uses AI summaries to deliver ransomware. Threat monitoring vendor CloudSEK published research today regarding a ClickFix proof-of-concept (POC) exploit. ClickFix is an increasingly popular social engineering tactic in which an attacker displays an error message or call to action instructing the target to execute self-sabotaging commands. READ MORE...
Alleged mastermind behind K-Pop celebrity stock heist extradited to South Korea
South Korean authorities have announced the extradition from Thailand and arrest of a suspected hacker, believed to be the mastermind behind an organised campaign of attacks that stole millions of dollars worth of stocks from celebrities, including BTS singer Jung Kook. Local news reports have confirmed that the 34-year-old Chinese man, escorted from Bangkok to Incheon Airport in South Korea, is suspected of embezzling over 38 billion won (US $27 million) from wealthy individuals. READ MORE...
Credential harvesting campaign targets ScreenConnect cloud administrators
A sophisticated credential-harvesting campaign has been targeting ScreenConnect cloud administrators for years and may be opening the door to ransomware attacks, researchers at Mimecast said in a blog post released Monday. The campaign uses compromised Amazon Simple Email Service accounts to spear-phish senior IT administrators who have elevated privileges in ScreenConnect environments. READ MORE...
Malware-ridden apps made it into Google's Play Store, scored 19 million downloads
Cloud security vendor Zscaler says customers of Google's Play Store have downloaded more than 19 million instances of malware-laden apps that evaded the web giant's security scans. Zscaler's ThreatLabz spotted and reported 77 apps containing malware, many of them purporting to be utilities or personalization tools. Many contained an updated version of the Anatsa banking trojan, malware that first appeared in 2020. READ MORE...
AI browsers could leave users penniless: A prompt injection warning
Artificial Intelligence (AI) browsers are gaining traction, which means we may need to start worrying about the potential dangers of something called "prompt injection." Large language models (LLMs)-like the ones that power AI chatbots including ChatGPT, Claude, and Gemini-are designed to follow "prompts," which are the instructions and questions that people provide when looking up info or getting help with a topic. READ MORE...
OneFlip: An Emerging Threat to AI that Could Make Vehicles Crash and Facial Recognition Fail
Autonomous vehicles and many other automated systems are controlled by AI, but the AI could be controlled by malicious attackers taking over the AI's weights. Weights within AI's deep neural networks represent the models' learning and how it is used. A weight is usually defined in a 32-bit word, and there can be hundreds of billions of bits involved in this AI 'reasoning' process. It is a no-brainer that if an attacker controls the weights, the attacker controls the AI. READ MORE...
Critical Docker Desktop flaw lets attackers hijack Windows hosts
A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. The security issue is a server-side request forgery (SSRF), and it received a critical severity rating of 9.3. "A malicious container running on Docker Desktop could access the Docker Engine and launch additional containers without requiring the Docker socket to be mounted," reads Docker's bulletin. READ MORE...
- ...in 1920, the 19th Amendent is formally adopted into the U.S. Constitution, guaranteeing the right of women to vote.
- ...in 1939, the Brooklyn Dodgers hosted the Cincinnati Reds in the first televised baseball game.
- ...in 1952, puzzle creator and New York Times crossword editor Will Shortz is born in Crawfordsville, IN.
- ...in 1957, the Ford Motor Company rolls out the first Edsel. It will be discontinued three years later.
