Cybersecurity

The FDA warns that Contec and Epsimed monitors send data to a hardcoded IP and have backdoors for remote code execution.

#US #healthcare #IP #cybersecurity #cybercrime

https://cnews.link/contec-vital-signs-monitors-contain-backdoors-1/

Community Health Center (CHC) reports a data breach that may have affected 1,061,000 individuals. Health records and other private information may have been stolen.

#databreach #cybersecurity #cybercrime #dataprivacy #datasecurity

https://cnews.link/skilled-criminal-hacker-exposes-community-health-center-1/

The New York Blood Center (NYBCe) Enterprises said its operating divisions have been impacted by a ransomware attack that took place on Sunday.

#NewYork #ransomware #CyberAttack #cybersecurity #cybercrime

https://cnews.link/new-york-blood-center-hit-by-ransomware-attack-blood-shortage-1/

North Korea’s Lazarus Group is now embedding malware in trusted software, taking control of developer tools to steal data in the background.

#crypto #NorthKorea #Malware #CyberSecurity #datasecurity #DataPrivacy

https://cnews.link/north-korea-lazarus-hacking-1/

"In this article, I'll share some of the key lessons we've learned about navigating the complex world of digital security. I'll look at how to identify the right tools, services, resources, and organisations to protect your community, network, or organisation from cyber threats - and why this work is more important than ever. Consider this: almost everything we do online relies on the infrastructure and services of the 'big five' technology companies - Google, Apple, Facebook, Amazon, and Microsoft (GAFAM) + rapidly catching up with Chinese counterparts: TikTok, DeepSeek. At the same time, the regulations and policies that govern these digital spaces and their gatekeepers can be overturned overnight by shifting political agendas with the stroke of a pen, while the sophistication of surveillance and hacking tools is no match for what civil society has at its disposal. It's a precarious environment and difficult times, and understanding how to protect against these risks is more important than ever."

https://tacticaltech.org/news/insights/persistent-problems-of-digital-resilience/

#CyberSecurity #DigitalRights #Surveillance #Privacy

▪ @[email protected] research ▪ Valley News Live exposed millions of resumes with personal data, ranging from home addresses to educational backgrounds.

#CyberSecurity #DataPrivacy #datasecurity #research #US

https://cnews.link/valley-news-live-data-leak-3/

New York-based cybersecurity firm Wiz says it has found a trove of sensitive data from the startup DeepSeek inadvertently exposed to the open internet.

#cybersecurity #NewYork #China #DeepSeek #AI #internet

https://cnews.link/sensitive-deepseek-data-exposed-to-web-1/

▪ @[email protected] research ▪ Our team took a deep dive into what our Ransomlooker tool said about key ransomware trends in 2024.

#ransomware #CyberSecurity #CyberCrime #Hacking

https://cnews.link/ransomware-overview-2024-lockbits-downfall-ransomhub-rising-3/

"As most people who have played with a large language model know, foundation models frequently “hallucinate,” asserting patterns that do not exist or producing nonsense. This means that they may recommend the wrong targets. Worse still, because we can’t reliably predict or explain their behavior, the military officers supervising these systems may be unable to distinguish correct recommendations from erroneous ones.
Foundation models are also often trained and informed by troves of personal data, which can include our faces, our names, even our behavioral patterns. Adversaries could trick these A.I. interfaces into giving up the sensitive data they are trained on.

Building on top of widely available foundation models, like Meta’s Llama or OpenAI’s GPT-4, also introduces cybersecurity vulnerabilities, creating vectors through which hostile nation-states and rogue actors can hack into and harm the systems our national security apparatus relies on. Adversaries could “poison” the data on which A.I. systems are trained, much like a poison pill that, when activated, allows the adversary to manipulate the A.I. system, making it behave in dangerous ways. You can’t fully remove the threat of these vulnerabilities without fundamentally changing how large language models are developed, especially in the context of military use.

Rather than grapple with these potential threats, the White House is encouraging full speed ahead."

https://www.nytimes.com/2025/01/27/opinion/ai-trump-military-national-security.html

#AI #GenerativeAI #AIWarfare #CyberSecurity

Fashion giant H&M reportedly exposed millions of UAE customers, with leaked details revealing personal and sensitive information.

#fashion #UAE #DataPrivacy #dataleak #DataSecurity #cybersecurity

https://cnews.link/hm-online-shoppers-details-stolen-hackers-claim-3/

▪ @[email protected] research ▪ Struct Chat, a $29.95 per month AI-powered Slack tool, exposes its users’ private data and communications.

#DataSecurity #CyberSecurity #slack #DataPrivacy #infosec

https://cnews.link/unprotected-ai-service-streams-private-slack-messages-3/

CNN Indonesia, the nationwide broadcast and online news network, is claimed by the notorious INC Ransom group on Tuesday.

#CNN #Indonesia #cybersecurity #cybercrime #Ransomware

https://cnews.link/cnn-indonesia-ransomware-attack-inc-ransom-group-1/

ENGlobal disclosed that November's breach exposed sensitive personal data.

#USA #energy #ENGlobal #databreach #DataSecurity #cybersecurity

https://cnews.link/englobal-energy-corp-breach-attackers-accessed-personal-data-1/

Lightning AI fixed a critical vulnerability allowing remote code execution with root privileges.

#AI #vulnerability #cybersecurity #cyberattack

https://cnews.link/critical-vulnerability-ai-development-platform-lightning-ai-1/

ChatGPT competitor DeepSeek has been hit with “large-scale malicious attacks” that forced the company to limit app registrations.

#ChatGPT #DeepSeek #AI #cyberattack #cybersecurity #app

https://cnews.link/deepseek-limits-registration-cyberattack-1/

More than half of the American population were affected by the ransomware attack on Change Healthcare last year. @Techcrunch has put together a timeline of the events, from the first cybersecurity report to the multi-million dollar ransom and the growing number of people impacted.

https://flip.it/NC6s6M

#Cybersecurity #Ransomware #dataBreach

Hackers are increasingly ‘salting’ scam emails with text invisible to human readers, which deceives security systems.

#HTML #cyberattacks #CyberSecurity #email #spam #hacker

https://cnews.link/hackers-evading-email-spam-filters-using-hidden-text-1/

A critical flaw in Meta’s AI framework allowed attackers to remotely deploy malware directly on the server hosting AI apps.

#META #AI #app #cybersecurity #cybercrime #server

https://cnews.link/meta-rushes-fix-critical-llama-stack-vulnerability-3/

🔄 98 ENTRY CHANGES 🔄

💻 macOS Sequoia 15.2 - 25 added, 1 updated
https://support.apple.com/en-us/121839
📱 iOS and iPadOS 18.2 - 14 added, 3 updated
https://support.apple.com/en-us/121837
💻 macOS Sonoma 14.7.2 - 14 added
https://support.apple.com/en-us/121840
⌚ watchOS 11.2 - 10 added, 1 updated
https://support.apple.com/en-us/121843
💻 macOS Ventura 13.7.2 - 10 added
https://support.apple.com/en-us/121842
📺 tvOS 18.2 - 7 added, 1 updated
https://support.apple.com/en-us/121844
🥽 visionOS 2.2 - 6 added, 1 updated
https://support.apple.com/en-us/121845
📱 iPadOS 17.7.3 - 2 added
https://support.apple.com/en-us/121838
🌐 Safari 18.2 - 1 added, 1 updated
https://support.apple.com/en-us/121846
💻 macOS Sequoia 15 - 1 updated
https://support.apple.com/en-us/121238

#apple #cybersecurity #infosec #security #ios

📣 EMERGENCY UPDATE 📣

Apple pushed additional updates for a zero-day that may have been actively exploited.

🐛 CVE-2025-24085 (CoreMedia) additional patches:

• visionOS 2.3

#apple #cybersecurity #infosec #security #ios

The British Museum was forced to partially close last week after a former employee attacked its IT infrastructure.

#UK #cybersecurity #IT #cybercrime #TheGuardian

https://cnews.link/british-museum-systems-cyber-sabotage-1/

▪ @[email protected] research ▪ A subcontractor's error exposed a database, revealing hundreds of thousands of Daytrip's customer records and travel orders.

#Cybersecurity #dataprivacy #datasecurity #infosec #dataprivacyday

https://cnews.link/daytrip-data-leak-reveals-travel-data-vip-members-3/

Tangerine Turkey is a VBS worm spreading via USB drives to install crypto mining malware.

#USB #CyberSecurity #crypto #cybercrime #cyberattacks

https://cnews.link/crypto-mining-worm-global-campaign-2/

🐛 NEW SECURITY CONTENT 🐛

🥽 visionOS 2.3 - 21 bugs fixed
https://support.apple.com/en-us/122073

#apple #cybersecurity #infosec #security #ios

📣 EMERGENCY UPDATE 📣

Apple pushed updates for a new zero-day that may have been actively exploited.

🐛 CVE-2025-24085 (CoreMedia):

• iOS and iPadOS 18.3
• macOS Sequoia 15.3
• tvOS 18.3
• watchOS 11.3

#apple #cybersecurity #infosec #security #ios