Security Bulletin

Information from 38,000 University of Chicago Medicine Medical Group patients has been pilfered following a breach of third-party debt collection agency Nationwide Recovery Services last July, reports CBS News Chicago.

Major data brokerage firm LexisNexis Risk Solutions had information from over 364,000 individuals stolen following a Christmas cyberattack against GitHub, which the company uses for software development, according to TechCrunch.

The phishing operation is using Telegram groups to sell a phishing-as-a-service kit with customer service, a mascot, and infrastructure that requires little technical knowledge to install.

Researchers are using quantum computers to generate keys that are truly random to strengthen data encryption.

Authentication bypass and command injection flaws facilitate the malicious activity.

Researchers at Oasis Security say the problem has to do with OneDrive File Picker having overly broad permissions.

Among the recommendations, organizations should conduct thorough testing and manage costs, which can be hefty, before implementing the platforms.

Fewer than 4% of enterprise security teams have fully automated their core identity workflows, according to Cerby.

Duo Identity and Access Management (IAM) claims to work in conjunction with existing capabilities.

Harnessing AI's full transformative potential safely and securely requires more than an incremental enhancement of existing cybersecurity practices. A Secure by Design approach represents the best path forward.

Customers in parts of Wisconsin and Michigan could not make calls or send text messages for nearly a week after an incident on May 14, and service is still intermittent in some areas.