The Illinois Department of Human Services (IDHS), one of Illinois’ largest state agencies, accidentally exposed the personal and health data of nearly 700,000 residents due to incorrect privacy settings. […]
Russian APT28 Runs Credential-Stealing Campaign Targeting Energy and Policy Organizations
Russian state-sponsored threat actors have been linked to a fresh set of credential harvesting attacks targeting individuals associated with a Turkish energy and nuclear research agency, as well as staff affiliated with a European think tank and organizations in North Macedonia and Uzbekistan.
The activity has been attributed to APT28 (aka BlueDelta), which was attributed to a “sustained”
The activity has been attributed to APT28 (aka BlueDelta), which was attributed to a “sustained”
Tim Kosiba Named NSA Deputy Director
Kosiba, a veteran of the Intelligence Community with over 30 years of federal service, returns to the agency as its most senior civilian leader.
The post Tim Kosiba Named NSA Deputy Director appeared first on SecurityWeek.
Email security needs more seatbelts: Why click rate is the wrong metric
Click rate misses the real email security risk: what attackers can do after they access a mailbox. Material Security explains why containment and post-compromise impact matter more than phishing metrics. […]
FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes
The North Korean state-sponsored espionage group Kimsuky has targeted government organizations, think tanks, and academic institutions.
The post FBI: North Korean Spear-Phishing Attacks Use Malicious QR Codes appeared first on SecurityWeek.
Trend Micro Patches Critical Code Execution Flaw in Apex Central
Tenable has released PoC code and technical details after the vendor announced the availability of patches for three vulnerabilities.
The post Trend Micro Patches Critical Code Execution Flaw in Apex Central appeared first on SecurityWeek.
Illinois man charged with hacking Snapchat accounts to steal nude photos
U.S. prosecutors have charged an Illinois man with orchestrating a phishing operation that allowed him to hack the Snapchat accounts of nearly 600 women to steal private photos and sell them online. […]
CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over
The Emergency Directives were retired because they achieved objectives or targeted vulnerabilities included in the KEV catalog.
The post CISA Closes 10 Emergency Directives as Vulnerability Catalog Takes Over appeared first on SecurityWeek.
‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT
Radware bypassed ChatGPT’s protections to exfiltrate user data and implant a persistent logic into the agent’s long-term memory.
The post ‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT appeared first on SecurityWeek.
377,000 Impacted by Data Breach at Texas Gas Station Firm
Gulshan Management Services has informed authorities about a recent data breach resulting from a ransomware attack.
The post 377,000 Impacted by Data Breach at Texas Gas Station Firm appeared first on SecurityWeek.