Hackers broke into the computer networks at Fred Hutchinson Cancer Center two weeks ago.
The cancer center says it detected unauthorized activity Nov. 19. It’s now telling patients to monitor their bank statements and credit reports.
The breach happened on the clinical network. Fred Hutch has not revealed more details about what data was hacked, but says it will notify people whose information was involved.
The incident is being treated as a possible federal crime. The center has called in a forensic security firm to investigate, and notified federal law enforcement.
Clinics remain open but the clinical computer network used by personnel was taken offline for security.
The center tells patients to report any suspicious bank activity and to review identity theft prevention tips by the Federal Trade Commission.
https://spinsafe.com/wp-content/uploads/2023/12/cc919f70a140fa05ca5e3464d9719764.jpg628942SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-12-04 21:00:082023-12-04 21:00:08Hackers break into Fred Hutch computer network, patients warned to watch accounts
Google has announced an October security update for all Android users that addresses more than 50 vulnerabilities and includes fixes for two zero-days already known to be exploited by malicious attackers.
CVE-2023-4863 Is The Same Vulnerability That Led To Zero-click iPhone Spyware Attacks
The first of the zero-day vulnerabilities may sound familiar to regular readers, as well it might. CVE-2023-4863 is none other than the same one impacting the libwebp open-source library that led to recent emergency updates for 1Password, Signal, Chrome, Edge and Firefox, among others.
This critical buffer overflow vulnerability can lead to remote code execution and appears to be the same flaw that is addressed as CVE-2023-41064 by Apple and used in a zero-click iMessage exploit chain to install spyware onto previously fully patched iPhones.
Although there is currently no evidence that Android users are being targeted by the same iPhone spyware attack, as identified by Citizen Lab and Google’s Threat Analysis Group in September, it remains flagged as exploited in the wild. As such, all users of Android devices are urged to install the October security update as a matter of some urgency.
The second zero-day vulnerability, CVE-2023-4211, included within the October security update, is stated, along with CVE-2023-4863, as potentially being “under limited, targeted attack,” according to the Google security advisory. Arm also points to there being evidence of the same targeted attack in a security advisory to users.
There’s a lack of detailed technical information regarding CVE-2023-4211 beyond the fact that it resides in the Arm Mali GPU driver and is a use-after-free issue that could allow for data manipulation.
As Ionut Arghire reports, however, such vulnerabilities have previously been known to be connected with…
CYBERSECURITY experts have warned billions of Android and iPhone users that they might not be able to trust their own ears from scammers looking to raid their banks.
As artificial intelligence continues to develop, cybersecurity and anti-virus software provider Kaspersky Lab is warning people of scammers using deep-fake technology in phone calls.
Also known as voice cloning or voice conversion, the cyber security company highlighted voice deep fakes in a recent blog post.
According to the company, this technology is based on autoencoders, which compresses input data into a compact internal representation before learning to decompress it back, restoring the original data.
In other words, the AI program will first be given data such as two audio recordings – one with the original audio and words, and the other with the voice it wants to use instead.
Next, the system determines what was said in the first recording and how the voice in the second recording speaks – such as various inflections or accents.
Read More on Artificial Intelligence
Then, the system will combine these two compressed representations together to then generate the voice in the second recording saying the words from the first.
While this technology might seem harmless to some – or the foundations of a good prank – it can be very dangerous when put in the wrong hands.
Kaspersky Lab detailed that scammers have been using this technology for years to target companies and individuals worldwide.
In 2019, for example, criminals used AI software to create fraudulent money transfer requests supposedly from the chief executive officers of an energy firm in the United Kingdom.
Not only did the scammers use the technology to make the initial request over the phone, they also falsified two additional phone calls to confirm the first transfer and request a second.
https://spinsafe.com/wp-content/uploads/2023/07/lm_fakeaudio_offplat-copy.jpg10801920SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-07-11 19:30:172023-07-11 19:30:17I’m a security expert – Android, iPhone users warned they ‘can’t trust their ears’ as eerie AI call raids bank accounts
https://spinsafe.com/wp-content/uploads/2023/04/photo-illustration-android-logo-seen-793810923.jpg10801920SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2023-04-27 12:00:142023-04-27 12:00:14Billions of Android owners warned of ‘bank-raiding’ attack that can even get around security checks