RansomwareRansomHub says Change Healthcare data now up for saleLaura FrenchApril 16, 2024The ransomware group posted screenshots of alleged insurer and patient information Monday.
RansomwareOmni Hotels confirms data compromise in apparent ransomware attack Steve ZurierApril 16, 2024Security pros say the hospitality sector represents a new attack vector for the Daixin Team ransomware gang.
IdentityCisco Duo customer MFA message logs stolen in supply chain hackSimon HenderyApril 16, 2024A social-engineering attack against one of the company’s telephony suppliers led to the breach.
AI/MLMicrosoft’s ‘AI Watchdog’ defends against new LLM jailbreak methodLaura FrenchApril 15, 2024The “Crescendo” attack uses a chain of seemingly benign prompts to achieve an adverse output.
Network SecurityDelinea patches API vulnerability in Secret Server CloudSteve ZurierApril 15, 2024If left unpatched, the API flaw could let attackers bypass authentication, gain admin access, and steal company secrets.
IdentityRoku activates 2FA for 80M users after breach of 576K accountsSimon HenderyApril 15, 2024The streaming service enables 2FA on all accounts following its second credential-stuffing attack this year.
Network SecurityPalo Alto Networks PAN-OS critical 0-day exploited; hotfixes availableLaura FrenchApril 12, 2024The max severity (CVSS 10) bug enables command injection through the GlobalProtect feature.
AI/MLAI-generated code potentially used in new Rhadamanthys campaignLaura FrenchApril 12, 2024A PowerShell script used to deploy the infostealer contains unusually specific comments, researchers say.
IdentityLastPass thwarts attempt to deceive employee with deepfake audioSteve ZurierApril 12, 2024While the employee did not fall for the scam, LastPass took the incident as an opportunity to spread awareness about deepfakes.
RansomwareLockBit copycat DarkVault spurs rebranding rumorLaura FrenchApril 11, 2024Several impersonators have used LockBit’s branding and leaked builder in their attacks.