Chad van Alstin reports: The U.S. Department of Health and Human Services Office of the Inspector General (OIG) released a report focused on a “large Southeastern hospital” that the agency said had security vulnerabilities that could be vectors for a cyberattack. The unnamed hospital, according to the OIG, would have difficulty detecting a data breach…
Generative AI is not arriving with a bang, it’s slowly creeping into the software that companies already use on a daily basis. Whether it is video conferencing or CRM, vendors are scrambling to integrate AI copilots and assistants into their SaaS applications. Slack can now provide AI summaries of chat threads, Zoom can provide meeting…
Oligo Security has warned of ongoing attacks exploiting a two-year-old security flaw in the Ray open-source artificial intelligence (AI) framework to turn infected clusters with NVIDIA GPUs into a self-replicating cryptocurrency mining botnet. The activity, codenamed ShadowRay 2.0, is an evolution of a prior wave that was observed between September 2023 and March 2024. The…
NoMusica reports: Google has confirmed that it has removed more apps from the Play Store after researchers discovered a dangerous malware targeting Android users. Security company Zscaler reported that the malware, known as Anatsa or TeaBot, was hidden inside apps on the Play Store. The malware steals banking login details, tracks keystrokes, and enables fraudulent transactions. According to Zscaler’s……
The Helsinki Times reports: Aleksanteri Kivimäki, convicted of thousands of cybercrimes linked to the Vastaamo data breach, has been released from custody by the Helsinki Court of Appeal. The decision followed two days of testimony from Kivimäki, who denied all charges. The court cited his prolonged pretrial detention as the reason for release. He has……
Think payment iframes are secure by design? Think again. Sophisticated attackers have quietly evolved malicious overlay techniques to exploit checkout pages and steal credit card data by bypassing the very security policies designed to stop them. Download the complete iframe security guide here. TL;DR: iframe Security Exposed Payment iframes are being actively exploited by attackers…
Mark Young & David Brazil of Covington and Burling write: On 15 January 2025, the European Commission published an action plan on the cybersecurity of hospitals and healthcare providers (the “Action Plan”). The Action Plan sets out a series of EU-level actions that are intended to better protect the healthcare sector from cyber threats. The publication of…
