DataBreachToday.com
Attackers Wield Signed ConnectWise Installers as Malware
2 weeks 1 day ago
Legitimate Remote Access Tool Weaponized by Attackers Using Authenticode Stuffing
Researchers are tracking a rise in online attacks involving legitimate ConnectWise software that's been repurposed by attackers, using a tactic that leaves the installation software vendor-signed, while adding capabilities that turn it into malware, thanks to a tactic called Authenticode stuffing.
Researchers are tracking a rise in online attacks involving legitimate ConnectWise software that's been repurposed by attackers, using a tactic that leaves the installation software vendor-signed, while adding capabilities that turn it into malware, thanks to a tactic called Authenticode stuffing.
LLMs Tricked by 'Echo Chamber' Attack in Jailbreak Tactic
2 weeks 1 day ago
Researcher Details Stealthy Multi-Turn Prompt Exploit Bypassing AI Safety
Well-timed nudges are enough to derail a large language model and use it for nefarious purposes, researchers have found. Dubbed "Echo Chamber," the exploit uses a chain of subtle prompts to bypass existing safety guardrails by manipulating the model's emotional tone and contextual assumptions.
Well-timed nudges are enough to derail a large language model and use it for nefarious purposes, researchers have found. Dubbed "Echo Chamber," the exploit uses a chain of subtle prompts to bypass existing safety guardrails by manipulating the model's emotional tone and contextual assumptions.
Feds Warn Healthcare Sector of Rising Iranian Cyberthreats
2 weeks 1 day ago
Geopolitical Conflict Involving Iran, Israel, US Ripe for Attacks on Sector
Government authorities are warning of increased risk of Iranian cyber and related threats against healthcare and public health sector organizations - including ransomware, distributed denial-of-service and other attacks related to that nation's escalated conflicts with Israel and the U.S.
Government authorities are warning of increased risk of Iranian cyber and related threats against healthcare and public health sector organizations - including ransomware, distributed denial-of-service and other attacks related to that nation's escalated conflicts with Israel and the U.S.
UK Data Bill Signals Evolution in AI and Privacy Rules
2 weeks 1 day ago
Attorney Edward Machin on How the New Law Affects Data Use and Risk
The U.K.'s new data bill updates rules on AI, cookies and automated decisions while keeping EU data-sharing intact. Edward Machin of Ropes & Gray calls it "evolution, not revolution" and says the lighter-touch approach still carries serious long-term consequences.
The U.K.'s new data bill updates rules on AI, cookies and automated decisions while keeping EU data-sharing intact. Edward Machin of Ropes & Gray calls it "evolution, not revolution" and says the lighter-touch approach still carries serious long-term consequences.
Warnings Ratchet Up Over Iranian Cyberattacks
2 weeks 2 days ago
Proxies Prioritize Psychological Effects Over Real Life Effects in Cyberspace
Warnings about Iranian hacking following the United States' Saturday bombing of Iranian nuclear weapon development sites ratcheted sharply upward even after weeks of admonitions that Iran could respond to ongoing missile strikes with virtual assaults.
Warnings about Iranian hacking following the United States' Saturday bombing of Iranian nuclear weapon development sites ratcheted sharply upward even after weeks of admonitions that Iran could respond to ongoing missile strikes with virtual assaults.
Zero Data on Devices, Full BYOD Freedom – Powered by the Cloud
2 weeks 2 days ago
Hypori's Lewandowski on Eliminating Data and Apps From Personal Devices
Traditional BYOD strategies rely on managing personal devices directly, which introduces privacy concerns and leaves organizations vulnerable to attacks such as phishing, network compromise and device rooting, said Wayne Lewandowski, chief revenue officer at Hypori.
Traditional BYOD strategies rely on managing personal devices directly, which introduces privacy concerns and leaves organizations vulnerable to attacks such as phishing, network compromise and device rooting, said Wayne Lewandowski, chief revenue officer at Hypori.
Asana Fixes Security Flaw in AI Data Integration Tool
2 weeks 2 days ago
MCP Server Paused for Days After Bug Risked Data Leakage Between Users
Asana patched a vulnerability in an artificial intelligence integration feature that could have allowed users to view data from other organizations. The time management company paused the use of Asana Model Context Protocol for nearly two weeks to apply the fix.
Asana patched a vulnerability in an artificial intelligence integration feature that could have allowed users to view data from other organizations. The time management company paused the use of Asana Model Context Protocol for nearly two weeks to apply the fix.
How US Cyber Ops May Have Assisted the Midnight Hammer Strike
2 weeks 2 days ago
Analysts Say CYBERCOM Likely Played a Major Role in Strike on Iranian Nuclear Sites
The United States' "Midnight Hammer" missile strike that hit three key Iranian nuclear sites likely involved significant support from U.S. Cyber Command, analysts told Information Security Media Group, after officials credited the unit for taking part in the military operation.
The United States' "Midnight Hammer" missile strike that hit three key Iranian nuclear sites likely involved significant support from U.S. Cyber Command, analysts told Information Security Media Group, after officials credited the unit for taking part in the military operation.
HHS, Insurers Pledge to Simply Preauthorization Processes
2 weeks 2 days ago
Frustrations Over Preauthorization Denials Have Led to 'Violence in Streets'
A dozen health insurance giants that provide coverage for about 80% of Americans with Medicare, Medicaid and commercial plans have agreed to work the U.S. Department of Health and Human Services to voluntarily streamline and improve their preauthorization processes.
A dozen health insurance giants that provide coverage for about 80% of Americans with Medicare, Medicaid and commercial plans have agreed to work the U.S. Department of Health and Human Services to voluntarily streamline and improve their preauthorization processes.
Warnings Ratchet Over Iranian Cyberattack
2 weeks 2 days ago
Proxies Prioritize Psychological Effects Over Real Life Effects in Cyberspace
Warnings about Iranian hacking following the United States' Saturday bombing of Iranian nuclear weapon development sites ratcheted sharply upward even after weeks of admonitions that Iran could respond to ongoing missile strikes with virtual assaults.
Warnings about Iranian hacking following the United States' Saturday bombing of Iranian nuclear weapon development sites ratcheted sharply upward even after weeks of admonitions that Iran could respond to ongoing missile strikes with virtual assaults.
Live Webinar | Translating Cyber Risk for the Board: Making Human Security a C-Suite Priority
2 weeks 3 days ago
Stronger OT Security Starts with OT GRC
2 weeks 3 days ago
Why a risk-based GRC approach is essential for securing industrial OT environments
Automating asset discovery, vulnerability detection and threat mapping helps maintain continuous compliance and manage risk mitigation as your OT environment evolves. Actionable data and constant visibility enable CISOs to shift away from an ad-hoc, reactive “check-the-box” approach.
Automating asset discovery, vulnerability detection and threat mapping helps maintain continuous compliance and manage risk mitigation as your OT environment evolves. Actionable data and constant visibility enable CISOs to shift away from an ad-hoc, reactive “check-the-box” approach.
Court Ditches HIPAA Reproductive Health Info Privacy Rule
2 weeks 5 days ago
Ruling: HHS Has No Authority to Distinguish Different Types of PHI for Restrictions
A Texas federal court has vacated 2024 changes to the HIPAA Privacy Rule made by the Biden administration to shield reproductive healthcare information from law enforcement. The court's ruling could potentially make it easier for state investigators to obtain information about abortions and gender treatments.
A Texas federal court has vacated 2024 changes to the HIPAA Privacy Rule made by the Biden administration to shield reproductive healthcare information from law enforcement. The court's ruling could potentially make it easier for state investigators to obtain information about abortions and gender treatments.
Aflac: 'Cybercrime Campaign' Is Targeting Insurance Industry
2 weeks 5 days ago
Experts Suspect Scattered Spider Is Behind Rash of Recent Insurer Breaches
Aflac is the latest insurance company dealing with a cyberattack. The company is investigating a cyber incident that did not involve ransomware encryption of its IT systems, but did potentially compromise data. Experts suspect Scattered Spider is behind the recent rash of insurance incidents.
Aflac is the latest insurance company dealing with a cyberattack. The company is investigating a cyber incident that did not involve ransomware encryption of its IT systems, but did potentially compromise data. Experts suspect Scattered Spider is behind the recent rash of insurance incidents.
AdaCore Merges With CodeSecure for Unified Developer Tools
2 weeks 5 days ago
Merger Strengthens AdaCore’s Reach in C and C++ Static Testing for Embedded Systems
The merger between New York-based AdaCore and Washington D.C.-area CodeSecure fills a strategic gap in static analysis for C and C++ programming, giving embedded software developers a more complete suite of security and safety verification tools in high-stakes industries.
The merger between New York-based AdaCore and Washington D.C.-area CodeSecure fills a strategic gap in static analysis for C and C++ programming, giving embedded software developers a more complete suite of security and safety verification tools in high-stakes industries.
ISMG Editors: Anubis Ransomware's Puzzling New Tactic
2 weeks 5 days ago
Also: CISA's Leadership Crisis; Why AI's Confident Errors Demand Urgent Oversight
In this week's update, four editors with ISMG discussed Anubis ransomware's puzzling shift to data wiping malware, the leadership vacuum and budget uncertainty at CISA and growing concerns about how artificial intelligence tools are making confident mistakes that demand human oversight.
In this week's update, four editors with ISMG discussed Anubis ransomware's puzzling shift to data wiping malware, the leadership vacuum and budget uncertainty at CISA and growing concerns about how artificial intelligence tools are making confident mistakes that demand human oversight.
Hype Alert: 'The Largest Data Breach in History' That Wasn't
2 weeks 5 days ago
Experts Debunk Legitimacy of Data Sets With 16 Billion Credentials Being Circulated
News broke this week that a "colossal" set of data comprising 16 billion stolen login credentials has been circulating on the cybercrime underground, making it "the largest data breach in history." Don't believe the hype: experts say the numbers simply don't add up, and see little if any risk.
News broke this week that a "colossal" set of data comprising 16 billion stolen login credentials has been circulating on the cybercrime underground, making it "the largest data breach in history." Don't believe the hype: experts say the numbers simply don't add up, and see little if any risk.
Webinar | Decoding AI Security
2 weeks 5 days ago
Live Webinar | Beyond Patching: Understanding Web Exposure and Why It Matters
2 weeks 5 days ago
Checked
1 hour 53 minutes ago
DataBreachToday.com RSS News Feeds on data breach today news, regulations, blogs and education
DataBreachToday.com feed