Image: Getty Images

3 More Healthcare Entities Report Website Tracking Breaches

Marianne Kolbasuk McGee • March 31, 2023

Three more healthcare organizations have joined the growing list of entities reporting large data breaches to federal regulators involving the previous use of tracking codes on their websites.

Finance & Banking

Device Maker Zoll Facing 7 Lawsuits in Wake of Breach

Latest

API Security

Evolving AlienFox Malware Steals Cloud Services Credentials

Prajeet Nair • March 31, 2023

Hackers have used a modular toolkit called "AlienFox'" to compromise email and web hosting services at 18 companies. Distributed mainly by Telegram, the toolkit scripts are readily available in open sources such as GitHub, leading to constant adaptation and variation in the wild.

Artificial Intelligence & Machine Learning

Italian Privacy Watchdog Imposes ChatGPT Ban

Akshaya Asokan • March 31, 2023

Italian regulators announced Friday an effective ban on ChatGPT after determining that artificial intelligence firm OpenAI likely engaged in a massive illegal collection of personal data. The agency gave OpenAI until April 19 to address its concerns or potentially face fines.

Cyberwarfare / Nation-State Attacks

3CX Desktop Client Under Supply Chain Attack

Prajeet Nair • March 30, 2023

Suspected North Korean hackers trojanized installers of a voice and video calling desktop client made by 3CX and used by major multinational companies. The vulnerability traces to a poisoned Electron software library file, an open-source framework for user interfaces.

Cyberwarfare / Nation-State Attacks

Leaks Reveal Moscow Source for Hacking, Disinformation Tools

Mathew J. Schwartz • March 30, 2023

Leaked documents from a Moscow IT consultancy reveal how the Russian government has commissioned tools for its military and intelligence agencies for conducting cyber operations, information warfare, and controlling the internet, as well as training critical infrastructure hackers.

Fraud Management & Cybercrime

Breach Roundup: Lumen, QNAP, NCB and Toyota Italy

Mihir Bagwe • March 30, 2023

In this week's data breach spotlight: Telecom giant Lumen reports incidents, Taiwanese hardware vendor QNAP discloses vulnerabilities, debt collector NCB suffers a data breach and more data breaches occur in Australia. Also, there's a new Mac info stealer, and Toyota Italy exposed customer data.

Fraud Management & Cybercrime

Ransomware Groups Hit Unpatched IBM File Transfer Software

Mathew J. Schwartz • March 30, 2023

Security experts are urging users of IBM's Aspera Faspex file-exchange application to take it offline immediately unless they've patched a flaw being actively exploited by ransomware groups, including Buhti and IceFire. Separately, QNAP is warning customers to prepare for emergency security fixes.

Anti-Phishing, DMARC

Phishing Campaign Tied to Russia-Aligned Cyberespionage

Mathew J. Schwartz • March 30, 2023

A hacking group with apparent ties to Russia or Belarus has been using "simple yet effective attack techniques and tools" to gain access to multiple governments' email systems as part of apparent cyberespionage operations in support of Russia's invasion of Ukraine, researchers warn.

Artificial Intelligence & Machine Learning

Tech Luminaries Call for Pause in AI Development

Anviksha More • March 29, 2023

A slew of top tech executives and artificial intelligence researchers called for a minimum half-year pause on advanced artificial intelligence systems. Tech giants already have fallen into a race to see who can be the quickest to incorporate AI into their products.

Next-Generation Technologies & Secure Development

Airbus, Atos Ax Deal for Minority Stake in Evidian Cyber Arm

Michael Novinson • March 29, 2023

Airbus has halted efforts to buy a 29.9% stake in Atos' $5.76 billion Evidian cybersecurity, big data and digital business. The aircraft manufacturer walked away from the transaction after determining it "does not meet the company's objectives in the current context and under the current structure."

Critical Infrastructure Security

Lawmakers Urge CISA to Devise Better Measures of Performance

Michael Novinson • March 28, 2023

Lawmakers urged Director Jen Easterly to devise metrics that quantify how effectively the Cybersecurity and Infrastructure Security Agency uses federal money to cut cyber risk. Rep. Dave Joyce wants CISA to more precisely measure the return on taxpayer spending given the agency's rising budget.

Events

'Stronger Together' - Preview of RSA Conference 2023

Tom Field • March 28, 2023

"Stronger Together" is the theme of RSA Conference 2023. In an exclusive preview of the event, Linda Gray Martin and Britta Glade explain why that theme was selected - and what attendees can expect to see from sessions, speakers and sponsors when they attend the annual gathering in San Francisco.

API Security

Essential Steps to Building a Robust API Security Program

Anna Delaney • March 28, 2023

Recent high-profile breaches resulting from API attacks are "just the tip of the iceberg," said Gartner analyst Dionisio Zumerle. "What we have is a new way of exchanging information which is increasingly popular, and almost no organization has the recipe to secure that new way of communicating."