"Pentagon Wants Feedback on Revised Cybersecurity Maturity Model Certification Program"

"Pentagon Wants Feedback on Revised Cybersecurity Maturity Model Certification Program"

The US Department of Defense recently published a proposed rule and requested public feedback for the Cybersecurity Maturity Model Certification (CMMC) program.  The CMMC program is meant to establish an assessment mechanism to verify that defense contractors and subcontractors have implemented the security measures required to protect federal contract information (FCI) and controlled unclassified information (CUI).

Submitted by Adam Ekwall on

"Europe’s Largest Parking App Provider Informs Customers of Data Breach"

"Europe’s Largest Parking App Provider Informs Customers of Data Breach"

EasyPark Group, Europe’s largest parking application operator, has recently disclosed a data breach impacting customer information.  The company said it determined on December 10 that it was targeted in a cyberattack, and an investigation revealed that “non-sensitive customer data” had been compromised.  Data stolen by hackers includes name, phone number, physical address, email address, and partial IBAN or credit/debit card numbers.

Submitted by Adam Ekwall on

"Operations, Trading of Eagers Automotive Disrupted by Cyberattack"

"Operations, Trading of Eagers Automotive Disrupted by Cyberattack"

Eagers Automotive, a vehicle dealer in Australia and New Zealand, recently announced that some of its operations have been disrupted due to a cyberattack that forced the company to halt trading on the Australian Securities Exchange.  The company announced a pause in trading on December 27 and revealed the next day that the cause was a cybersecurity incident that resulted in an outage of certain IT systems at some operational locations across Australia and New Zealand.

Submitted by Adam Ekwall on

"Using Chatbots Against Themselves to 'Jailbreak' Each Other"

"Using Chatbots Against Themselves to 'Jailbreak' Each Other"

Nanyang Technological University (NTU) computer scientists have discovered a way to compromise Artificial Intelligence (AI) chatbots by training and using an AI chatbot to generate prompts capable of jailbreaking other chatbots. According to the team, jailbreaking involves computer hackers finding and exploiting flaws in a system's software to force it to do something its developers have purposefully restricted it from doing. The researchers named the method they used to jailbreak Large Language Models (LLMs), Masterkey.

Submitted by Gregory Rigby on

"Berlin Researchers Hacked Tesla Autopilot to Unlock 'Elon Mode'"

"Berlin Researchers Hacked Tesla Autopilot to Unlock 'Elon Mode'"

A team of Information Technology (IT) security researchers from Technische Universität Berlin (TU Berlin) were able to activate a powerful "Elon mode" and gain access to secrets through Tesla's driving assistant. All Tesla models are said to be vulnerable to their demonstrated attack. The researchers were able to extract arbitrary code and user data from the system, including cryptographic keys and critical system components, allowing them to reconstruct how it works. They could also access a video with GPS coordinates that the previous owner of the vehicle had deleted.

Submitted by Gregory Rigby on

"CityU Develops the World's First Universal Metasurface Antenna for High-Security 6G Communications"

"CityU Develops the World's First Universal Metasurface Antenna for High-Security 6G Communications"

Professor Chan Chi-hou, Chair Professor of Electronic Engineering at City University of Hong Kong (CityU), led a research team that advanced antenna technology by enabling the manipulation of all five fundamental properties of electromagnetic waves through software control. The team created a universal metasurface antenna that allows for independent and simultaneous manipulation of electromagnetic radiation amplitude, phase, frequency, polarisation, and direction.

Submitted by Gregory Rigby on

"A Practical Guide to Measurable Phishing Simulation Testing"

"A Practical Guide to Measurable Phishing Simulation Testing"

IRONSCALES' Eyal Benishti provides a guide to establishing a phishing simulation testing program. Employee phishing training has become critical in developing a security-conscious workforce, lowering the risk of successful phishing attacks, and cultivating a resilient organizational culture capable of effectively responding to evolving cybersecurity threats. Today's average enterprise receives hundreds of phishing emails daily, with hundreds of thousands of attempts yearly.

Submitted by Gregory Rigby on

"New Rugmi Malware Loader Surges with Hundreds of Daily Detections"

"New Rugmi Malware Loader Surges with Hundreds of Daily Detections"

Threat actors are using a new malware loader, tracked under the name Win/TrojanDownloader.Rugmi, to deliver various information stealers such as Lumma Stealer, Vidar, RecordBreaker, and Rescoms. According to researchers at ESET, this malware is a loader composed of a downloader that downloads an encrypted payload, a loader that executes the payload from internal resources, and another loader that runs the payload from an external file on the disk. The company's telemetry data shows that detections for the Rugmi loader increased significantly in October and November 2023.

Submitted by Gregory Rigby on

"Skynet Ahoy? What to Expect for Next-Gen AI Security Risks"

"Skynet Ahoy? What to Expect for Next-Gen AI Security Risks"

Security experts stress that the continued advancement of Artificial Intelligence (AI) calls for organizations and governing bodies to establish security standards, protocols, and other safeguards to prevent AI from outpacing them. Large Language Models (LLMs) exhibit exceptional language understanding and human-like conversational capabilities as sophisticated algorithms and massive data sets power them. Experts agree that the time has come for the industry to address the inherent security risks posed by their development and deployment.

Submitted by Gregory Rigby on

"Unveiling the True Cost of Healthcare Cybersecurity Incidents"

"Unveiling the True Cost of Healthcare Cybersecurity Incidents"

Healthcare organizations are increasingly reliant on interconnected systems, electronic health records, and telemedicine, making them a prime target for malicious actors looking to exploit vulnerabilities. The consequences of a healthcare cybersecurity breach are measured in compromised data as well as in jeopardized patient safety and trust. Help Net Security has provided some excerpts from cybersecurity-focused surveys conducted in the healthcare sector that were covered in 2023. With this data, security teams will gain insights that could help improve future security strategies.

Submitted by Gregory Rigby on
Subscribe to