Security News

The Hospital Clínic de Barcelona suffered a ransomware attack on Sunday morning, severely disrupting its healthcare services after the institution's virtual machines were targeted by the attacks. The 819-bed hospital is based in Barcelona, Spain, and serves over half a million people seeking medical attention and healthcare services.

This is a good survey on prompt injection attacks on large language models. The functionalities of current LLMs can be modulated via natural language prompts, while their exact internal functionality remains implicit and unassessable.

An unknown threat actor has discreetly compromised business-grade DrayTek routers in Europe, Latin and North America, equipping them with a remote access trojan and a packet capturing program. "The impacted models are high-bandwidth routers that can support VPN connections for hundreds of remote workers and offer ideal capacity for the average, medium-sized business. We suspect the actor infects targets of interest for data collection, and targets of opportunity for the purpose of establishing a covert proxy network," Lumen researchers have posited.

Malicious actors can take advantage of "Insufficient" forensic visibility into Google Cloud Platform to exfiltrate sensitive data, a new research has found. "Unfortunately, GCP does not provide the level of visibility in its storage logs that is needed to allow any effective forensic investigation, making organizations blind to potential data exfiltration attacks," cloud incident response firm Mitiga said in a report.

It wasn't until February 28th that DISH finally confirmed that they suffered a ransomware attack, with multiple sources telling BleepingComputer that the Black Basta ransomware gang was responsible. Other ransomware attacks we learned more about this week include ones on the City of Oakland, the Indigo book store chain, Tennessee State University and Southeastern Louisiana University, and the Clop data theft at Hatch Bank.

CISA and the FBI have issued a joint advisory highlighting the increasing threat behind ongoing Royal ransomware attacks targeting many U.S. critical infrastructure sectors, including healthcare, communications, and education. In response, the FBI and CISA shared indicators of compromise and a list of tactics, techniques, and procedures linked, which would help defenders detect and block attempts to deploy Royal ransomware payloads on their networks.

The Play ransomware gang has taken responsibility for a cyberattack on the City of Oakland that has disrupted IT systems since mid-February. Oakland is a city in California on the east side of the San Francisco Bay Area with a population of about 440,000.

SCSW Back in 2020, Eric Scales led the incident response team investigating a nation-state hack that compromised his company's servers along with those at federal agencies and tech giants including Microsoft and Intel. "It was similar to a fraternity rush - the best experience I never want to do again," Scales, head of incident response at Mandiant, told The Register.

American fast food chain Chick-fil-A has confirmed that customers' accounts were breached in a months-long credential stuffing attack, allowing threat actors to use stored rewards balances and access personal information. At the time, Chick-fil-A set up a support page with information on what customers should do if they detect suspicious activity on their accounts.

Less than a year after its online greetings card subsidiary Funky Pigeon was attacked, WH Smith has admitted someone broke into its systems. WH Smith said the attack had "Resulted" in illegal access to some company data, including on current and former employees.