Kevin Fu, a Northeastern University professor of electrical and computer engineering and White House cybersecurity adviser, emphasized that the cyberattack on Change Healthcare should be a wake-up call for the healthcare industry to focus on securing its infrastructure. Although the recent attack mainly affected online billing and revenue systems, hackers can infiltrate medical devices that provide critical care. Fu suggests that healthcare providers consult with the Healthcare Sector Coordinating Council's Joint Security Plan for cybersecurity guidance.

AT&T recently announced that data on roughly 73 million current and former customers was exposed on the dark web, including social security numbers and other personal information.  According to the company, the data set appears to be from 2019 or earlier, impacting approximately 7.6 million current AT&T account holders and approximately 65.4 million former account holders.  The source of the data is still being assessed.  The company said a “robust investigation” is underway, supported by internal and external cybersecurity teams.

According to recent research published by the Large Language Model (LLM) security vendor Lasso Security, the use of LLMs by software developers provides a greater opportunity for attackers to distribute malicious packages to development environments than previously thought. The study is a follow-up to a report published last year on the possibility of attackers exploiting LLMs' tendency to hallucinate or generate seemingly plausible but factually incorrect results in response to user input.

The Federal Communications Commission (FCC) is asking Communications Service Providers (CSPs) to give an update on how they are refurbishing their networks to prevent cybercriminals and spies from exploiting vulnerabilities in the Signaling System No. 7 (SS7) and Diameter protocols that enable malicious actors to track targets.

Jonathan Katz, a computer science professor at the University of Maryland and expert in quantum-secure cryptography, explains Apple's recent post-quantum security move. Apple recently announced a major cryptographic security upgrade in iMessage, introducing PQ3, a post-quantum cryptographic protocol that advances end-to-end secure messaging. Katz noted that while today's hackers may be capable of stealing a password, they cannot crack the "cryptographic keys" that secure messages, at least not with the current generation of classical computers.

According to security researcher Skyler Ferrante, a vulnerability dubbed "WallEscape" in the wall command of the util-linux package included with the Linux operating system could enable an unprivileged attacker to steal passwords or change the victim's clipboard. The security flaw has been present in all versions of the package for the past 11 years up to the recent 2.40 release. While the vulnerability demonstrates how an attacker can trick a user into giving up their administrator password, its exploitation is limited.

A team of researchers from Stony Brook University won the National Security Agency's (NSA) 11th Annual Best Scientific Cybersecurity Paper award for their paper titled "Uninvited Guests: Analyzing the Identity and Behavior of Certificate Transparency Bots." The winning paper focused on autonomous systems that probe newly created websites. The Stony Brook researchers discovered tens of thousands of malicious bots involved in suspicious activities such as data exfiltration, reconnaissance, and vulnerability exploitation.

The Artificial Intelligence (AI) era, which includes Large Language Models (LLMs) and chatbots, raises new privacy concerns. There are concerns about whether personal information is included in a model's training data.

According to the Financial Services Information Sharing and Analysis Center (FS-ISAC), generative Artificial Intelligence (AI) provides significant business and cybersecurity benefits to financial companies, but cyber threats related to the technology remain a concern. Threat actors can use generative AI to create malware. Skilled cybercriminals can exfiltrate information from or poison Large Language Models (LLMs) that train generative AI. Using corrupted outputs can have serious legal, reputational, and operational effects on financial institutions.

Security flaws discovered in Dormakaba's Saflok electronic RFID locks used in hotels could be exploited by malicious actors to forge keycards and sneak into locked rooms. When combined, the vulnerabilities, collectively named "Unsaflok," enable an attacker to unlock all rooms in a hotel with a single pair of forged keycards. Full technical details about the vulnerabilities have not yet been shared due to their potential impact. The flaws affect over three million hotel locks across 13,000 properties in 131 countries.