Great investigative journalism by Zack Whittaker on TechCrunch. First, he reports: A new app offering to record your phone calls and pay you for the audio so it can sell the data to AI companies is, unbelievably, the No. 2 app in Apple’s U.S. App Store’s Social Networking section. The app, Neon Mobile, pitches itself as…
CISA Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices
This page contains a web-friendly version of the Cybersecurity and Infrastructure Security Agency’s Emergency Directive 25-03: Identify and Mitigate Potential Compromise of Cisco Devices. CISA is aware of an ongoing exploitation campaign by an advanced threat actor targeting Cisco Adaptive Security Appliances (ASA). The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated…
Judge orders release of teen accused in 2023 casino cyberattacks
A 17-year old male who turned himself into the Las Vegas Metropolitan Police last week and was arrested for participating in cyberattacks on two casinos in 2023 has been released to his parents. Casey Harrison reports that the teen, who has not been named because of his age, was released after Family Court Judge Dee…
Salesforce AI Hack Enabled CRM Data Theft
Eduard Kovacs reports: Prompt injection and an expired domain could have been used to target Salesforce’s Agentforce platform for data theft. The attack method, dubbed ForcedLeak, was discovered by researchers at Noma Security, a company that recently raised $100 million for its AI agent security platform. Salesforce Agentforce enables businesses to build and deploy autonomous AI agents…
Verily Faces Lawsuit Over Alleged HIPAA Violations
John Blacksmith reports: Verily, owned by Alphabet, is facing a lawsuit filed by an ex-employee who alleges the misuse of the personally identifiable health information of over 25,000 patients, and the failure of the company to submit HIPAA breach reports, as per the Health Insurance Portability and Accountability Act (HIPAA) requirement. Verily, previously known as…
ClaimPix Data Leak Exposes 5 Million Customer Records
And if there haven’t been enough recent data incidents involving car manufacturers and their vendors, here’s a leak to give wannabe criminals some additional details that they might be able to use in a phishing or social engineering campaign. WebsitePlanet reports: Cybersecurity Researcher Jeremiah Fowler discovered and reported to Website Planet about an unencrypted and non-password-protected database…