Australians’ prescription records breached in large-scale ransomware attack
The country’s federal government has stepped in following the hack of e-script provider MediSecure, but it’s unclear how much personal and medical data was stolen.
Financial companies must have data breach incident plans, SEC says
The Securities and Exchange Commission announced amendments to a 24-year regulation that will require certain financial firms including broker-dealers, funding portals, registered investment advisers, transfer agents, and investment companies to create well-defined response plans for data breach incidents, reports The Record, a news site by cybersecurity firm Recorded Future.
Arrests made in North Korean remote job scam targeting US firms
U.S. prosecutors announced the arrests of an American woman and a Ukrainian man for aiding North Korean IT workers posing as Americans to secure remote jobs at over 300 U.S. companies, Reuters reports.
Cybersecurity summit at Google tackles election threats
Cybersecurity experts convened at Google's Boulder, Colorado, campus to address election threats, particularly the challenges posed by advanced technologies like deepfakes, CBS News reports.
Researchers: 'Adversarial attacks' capable of producing harmful AI responses
A study by Amazon Web Services researchers has revealed critical security vulnerabilities in large language models that understand and respond to speech, which could allow them to be manipulated into generating harmful responses using sophisticated audio attacks, according to VentureBeat.
Downgrade attacks enabled by newly discovered Wi-Fi flaw
Security researchers have identified a design flaw in the IEEE 802.11 Wi-Fi standard that could allow malicious actors to trick users into connecting to less secure networks, The Hacker News reports.
Report: Cat-phishing of legitimate websites on the rise
HP's latest Wolf Security Threat Insights Report reveals that cybercriminals are employing "cat-phishing" techniques to deceive victims and using overdue invoice lures and Living-off-the-Land tactics to bypass security defenses, reports SiliconAngle.
Human rights activists targeted in Kimsuky malware campaign
The North Korea-linked Kimsuky hacking group has launched a new social engineering campaign targeting activists in the North Korean human rights and anti-North Korea sectors, The Hacker News reports.
Another PDF Streams Example: Extracting JPEGs, (Fri, May 17th)
In my diary entry " Analyzing PDF Streams" I showed how to use my tools file-magic.py and myjson-filter.py together with my PDF analysis tool pdf-parser.py to analyze PDF streams en masse.
Accessing Secure Client Cloud Management after the SecureX EoL
Secure Client Management capabilities aren’t going away with the SecureX EOL, the functionality is simply migrating to the Cisco Security Cloud Control service.