Cybercriminals pwn 850k+ Americans' healthcare data
Cybercriminals broke in and stole nearly a million Americans' data in the space of a week, in the course of three digital burglaries at healthcare providers. Goshen Medical Center, which runs sites across North Carolina, has this week reported a sizeable breach affecting 456,385 people. The types of data exposed varied for each individual, but basic personal information, as well as social security numbers, driver's license numbers, and medical record numbers were exposed during this attack. READ MORE...
New attack on ChatGPT research agent pilfers secrets from Gmail inboxes
The face-palm-worthy prompt injections against AI assistants continue. Today's installment hits OpenAI's Deep Research agent. Researchers recently devised an attack that plucked confidential information out of a user's Gmail inbox and sent it to an attacker-controlled web server, with no interaction required on the part of the victim and no sign of exfiltration. Deep Research is a ChatGPT-integrated AI agent that OpenAI introduced earlier this year. READ MORE...
Iranian State APT Blitzes Telcos & Satellite Companies
In the span of just a couple of weeks, Iranian hackers have stolen highly sensitive data from 11 global telecommunications companies, satellite operators, and aerospace equipment manufacturers. Cyber defenders have been tracking or otherwise fending off Middle Eastern cyberattacks by "Subtle Snail" (aka UNC1549) for around four years now. First, in 2021, it attacked a Bahrain-based IT integrator . READ MORE...
Researchers believe Gamaredon and Turla threat groups are collaborating
ESET Research has discovered evidence of collaboration between the Gamaredon and Turla threat groups. Both groups are linked to Russia's primary intelligence agency, the FSB, and were found working in tandem to target high-profile organizations in Ukraine. In these attacks, Gamaredon deployed a variety of tools across compromised machines, while Turla leveraged one of these systems to issue commands through Gamaredon's implants. READ MORE...
UK arrests 2 more alleged Scattered Spider hackers over London transit system breach
British authorities have arrested two suspected members of the notorious cybercrime gang Scattered Spider for allegedly hacking London's transit agency, the U.K.'s National Crime Agency said on Thursday. London police and the NCA arrested 19-year-old Thalha Jubair and 18-year-old Owen Flowers at their homes on Tuesday, the NCA said in a statement. The two suspects were due to appear in court on Thursday to face charges under the U.K.'s Computer Misuse Act. READ MORE...
SystemBC malware turns infected VPS systems into proxy highway
The operators of the SystemBC proxy botnet are hunting for vulnerable commercial virtual private servers (VPS) and maintain an average of 1,500 bots every day that provide a highway for malicious traffic. Compromised servers are located all over the world and have at least one unpatched critical vulnerability, some of them being plagued by tens of security issues. SystemBC has been around since at least 2019 and has been used by various threat actors. READ MORE...
One token to pwn them all: Entra ID bug could have granted access to every tenant
A security researcher claims to have found a flaw that could have handed him the keys to almost every Entra ID tenant worldwide. Dirk-jan Mollema reported the finding to the Microsoft Security Research Center (MSRC) in July. The issue was fixed and confirmed as mitigated, and a CVE was raised on September 4. It is, however, an alarming vulnerability involving flawed token validation that can result in cross-tenant access. READ MORE...
ChatGPT Targeted in Server-Side Data Theft Attack
Researchers at web security company Radware recently discovered what they described as a service-side data theft attack method involving ChatGPT. The attack, dubbed ShadowLeak, targeted ChatGPT's Deep Research capability, which is designed to conduct multi-step research for complex tasks. OpenAI neutralized ShadowLeak after it was notified by Radware. The ShadowLeak attack did not require any user interaction. READ MORE...
ChatGPT Tricked Into Solving CAPTCHAs
AI security platform SPLX has demonstrated that prompt injections can be used to bypass a ChatGPT agent's built-in policies and convince it to solve CAPTCHAs. AI agents have guardrails in place to prevent them from solving any CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart), based on ethical, legal, and platform-policy reasons. In a regular ChatGPT-4o chat, they told the AI they wanted to solve a list of fake CAPTCHAs. READ MORE...
- ...in 1928, actor Adam West, TV's original Batman, is born in Walla Walla, WA.
- ...in 1970, The Mary Tyler Moore Show premieres on CBS. It is one of the first TV programs to focus on an independent career woman as a main character.
- ...in 1985, musician Frank Zappa testifies before the U.S. Senate in protest of the PMRC's call for the labeling of explicit content on album covers.
- ...in 1995, the first International Talk Like a Pirate Day is celebrated by the holiday's founders, John Baur and Mark Summers.
