Infosec.Pub

cross-posted from: https://lemmy.sdf.org/post/42362500

Archived

• Poland is increasing its cyber security budget to a record €1bn this year, after Russian sabotage attempts targeted hospitals and urban water supplies

• Dariusz Standerski, deputy minister for digital affairs, told the Financial Times that #Poland was facing between 20 and 50 attempts to damage critical infrastructure every day, most of which are thwarted

• In those cases, attackers reportedly managed to breach digital records and gain access to sensitive medical data. Analysts warned that even short-term disruptions in healthcare could have dangerous consequences for patient safety, while data theft raised questions about long-term privacy risks.

The ransomware gang breached a "major element" of the healthcare technology supply chain and stole sensitive patient data, according to researchers.

Google has confirmed that hackers created a fraudulent account in its Law Enforcement Request System (LERS) platform that law enforcement uses to submit official data requests to the company [...]

From Charles Hoskinson via this RSS feed

However — when you’re talking about organisations with tens of thousands of employees, when they outsource areas like cyber risk and compliance, cyber security operation, password reset helpdesks etc — they take on a level of risk which, I think, becomes highly questionable. It’s not just risk — it’s risks that can and do materialise. That 10% budget saving doesn’t look so hot when the whole company has a heart attack.

The Investigatory Powers Tribunal heard today that the security service has conceded that it unlawfully monitored the phone data of former BBC Spotlight reporter Vincent Kearney

As drones have risen to prominence on the battlefield, so too has electronic warfare, in which adversaries attempt to mask, jam or trace radio signals. Now, a new stealthy radio device could help give people the edge, letting them fly drones without detection

Next month, Microsoft will begin automatically installing the Microsoft 365 Copilot app on Windows devices that have the Microsoft 365 desktop client apps. [...]

Most enterprise AI activity is happening without the knowledge of IT and security teams. According to Lanai, 89% of AI use inside organizations goes unseen, creating risks around data privacy, compliance, and governance. This blind spot is growing as AI features are built directly into business tools. Employees often connect personal AI accounts to work devices or use unsanctioned services, making it difficult for security teams to monitor usage. Lanai says this lack of visibility … More → The post Most enterprise AI use is invisible to security teams appeared first on Help Net Security.

As USB-C PD becomes more and more common, it’s useful to have a tool that lets you understand exactly what it’s doing—no longer is it limited to just 5 V. …read more

cross-posted from: https://lemmy.sdf.org/post/42301965

Archived

A Chinese APT group compromised a Philippine military company using a new, fileless malware framework called EggStreme. This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads. The core component, EggStremeAgent, is a full-featured backdoor that enables extensive system reconnaissance, lateral movement, and data theft via an injected keylogger.

[Edit typo.]