Security News > 2024 > February

Varonis introduced Varonis Managed Data Detection and Response, a managed service dedicated to stopping threats at the data level. Security teams can receive alerts if employees are uploading sensitive data, like customer PII, security credentials, and intellectual property.

In a speech delivered yesterday, Mike Burgess noted that countering Soviet sabotage plots was a significant reason ASIO was created. "Nationalists and racists are probably just mouthing off. But the spy chief indicated that ASIO"is aware of one nation-state conducting multiple attempts to scan critical infrastructure in Australia and other countries, targeting water, transport and energy networks.

The ALPHV/BlackCat cybercrime gang has taken credit - if that's the word - for a ransomware infection at Change Healthcare that has disrupted thousands of pharmacies and hospitals across the US, and also claimed that the amount of sensitive data stolen and affected health-care organizations is much larger than the victims initially disclosed. UnitedHealth owns the healthcare IT provider, and more than 70,000 pharmacies across the USA use its software to process insurance claims and fill prescriptions.

"[I]n just one minute per prompt, we get an attack success rate of 89 percent on jailbreaking Vicuna-7B- v1.5, while the best baseline method achieves 46 percent," the authors state in their paper. "BEAST can attack a model as long as the model's token probability scores from the final network layer can be accessed. OpenAI is planning on making this available. Therefore, we can technically attack publicly available models if their token probability scores are available."

According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. This vulnerability allegedly enables potential attackers to control any Anycubic 3D printer affected by this vulnerability using the company's MQTT service API. The file received by the impacted devices also asks Anycubic to open-source their 3D printers because the company's software "Is lacking."

The secure access service edge is one of the best approaches, as it offers a unified network and security framework through the integration of SD-WAN and cloud-native security features, such as secure web gateway, cloud access security brokers, firewall-as-a-service and zero trust. Zscaler Zero Trust Exchange: Best for AI-powered security service edge.

At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor. JFrog's security team found that roughly a hundred models hosted on the platform feature malicious functionality, posing a significant risk of data breaches and espionage attacks.

Speedify VPN is free for the first 2 GB per month, then you can upgrade to a paid Individuals or Families plan to gain unlimited usage and access to additional servers. Speedify VPN Free works on a single device for a single user, whereas the Individuals plan allows use on up to five devices simultaneously.

U.S. President Joe Biden has signed an executive order that aims to ban the bulk sale and transfer of Americans' private data to "Countries of concern" such as China, Russia, Iran, North Korea, Cuba, and Venezuela. "Our adversaries are exploiting Americans' sensitive personal data to threaten our national security. They are purchasing this data to use to blackmail and surveil individuals, target those they view as dissidents here in the United States, and engage in other malicious activities," said Attorney General Merrick B. Garland.

The Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month. Today, the Rhysida ransomware gang has listed Lurie Children's on its extortion portal on the dark web, claiming to have stolen 600 GB of data from the hospital.