#enterprisecybersecurity — Public Fediverse posts

Associated Press: Google disrupts hackers using AI to exploit an unknown weakness in a company’s digital defense. “Google said Monday that it had disrupted a criminal group’s attempt to use artificial intelligence to exploit another company’s previously unknown digital vulnerability, adding to heightened worries across government and private industry about AI’s risks for cybersecurity.”

Associated Press: Deal reached with hackers to delete data stolen from the Canvas educational platform. “The company that operates online learning system Canvas said it struck a deal with hackers to delete the data they pilfered in a cyberattack that created chaos for students, many of them in the middle of finals.”

Reuters: Germany’s finance watchdog to make targeted inspections amid ‘substantial’ AI risks. “Germany’s banking regulator BaFin warned on Tuesday that cyber risks were ‘growing’ and ‘substantial’ due to ​advances in artificial intelligence, and announced a new ‌division will conduct targeted inspections at financial firms.”

Associated Press: Canvas system is online after a cyberattack disrupted thousands of schools. “Tens of thousands of students studying for final exams around the world Friday regained access to a key online learning system after a cyberattack had earlier knocked it offline, throwing schools and universities into turmoil.”

Associated Press: Canvas system is online after a cyberattack disrupted thousands of schools. “Tens of thousands of students studying for final exams around the world Friday regained access to a key online learning system after a cyberattack had earlier knocked it offline, throwing schools and universities into turmoil.”

Associated Press: Canvas system is online after a cyberattack disrupted thousands of schools. “Tens of thousands of students studying for final exams around the world Friday regained access to a key online learning system after a cyberattack had earlier knocked it offline, throwing schools and universities into turmoil.”

Associated Press: Canvas system is online after a cyberattack disrupted thousands of schools. “Tens of thousands of students studying for final exams around the world Friday regained access to a key online learning system after a cyberattack had earlier knocked it offline, throwing schools and universities into turmoil.”

Associated Press: Canvas system is online after a cyberattack disrupted thousands of schools. “Tens of thousands of students studying for final exams around the world Friday regained access to a key online learning system after a cyberattack had earlier knocked it offline, throwing schools and universities into turmoil.”

IBM warns AI-powered hackers are coming, so it built AI to fight them

https://fed.brid.gy/r/https://nerds.xyz/2026/04/ibm-ai-cybersecurity-agentic-attacks/

The Register: Security boffins scoured the web and found hundreds of valid API keys. “Computer security boffins have conducted an analysis of 10 million websites and found almost 2,000 API credentials strewn across 10,000 webpages.”

Associated Press: Hacked hospitals, hidden spyware: Iran conflict shows how digital fight is ingrained in warfare. “As they fled an Iranian missile strike, some Israelis with Android phones received a text offering a link to real-time information about bomb shelters. But instead of a helpful app, the link downloaded spyware giving hackers access to the device’s camera, location and all its […]

The Register: LexisNexis confirms data breach at Legal & Professional arm, some customer records affected. “Data analytics giant LexisNexis has confirmed its Legal & Professional division suffered a data breach days after the Fulcrumsec cybercrime crew claimed responsibility for the hack.”

CNN: FBI investigating ‘suspicious’ cyber activities on critical surveillance network. “The FBI has identified a suspected cybersecurity incident on a sensitive network used to manage wiretaps and intelligence surveillance warrants, and officials are working to determine the seriousness of the incident, according to an FBI statement and a source familiar with the investigation.”

Bleeping Computer: Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks. “Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. A new report by CJ Moses, CISO of Amazon Integrated Security, says that the hacking campaign occurred between […]

The Register: UK.gov launches cyber ‘lockdown’ campaign as 80% of orgs still leave door open. “Officials today kicked off a public push urging companies to tighten their digital defenses, complete with familiar advice about basic controls and adopting the long-running Cyber Essentials scheme, after new data showed incidents remain routine and baseline protections are still patchy.”

Claims Journal: New Zealand Court Acts to Stop Spread of Hacked Medical Records . “The New Zealand High Court has issued an urgent injunction barring the publication of stolen medical data after hackers accessed about 430,000 private patient documents held on a health portal used by more than a third of the country’s population.”

Associated Press: Cyberattack disrupts France’s postal service and banking during Christmas rush. “With just three days to go before Christmas, a cyberattack knocked France’s national postal service offline Monday, blocking and delaying package deliveries and online payments. The timing was miserable for millions of people at the height of the Christmas season, as frazzled postal workers […]

Mashable: Petco reveals a hack exposed customer data in these states. “Petco has confirmed that its data security breach exposed sensitive customer information. The company initially acknowledged a breach without detailing what was compromised, legal notices that were required in several states are starting to show the scope of the hack.”

https://rbfirehose.com/2025/12/12/mashable-petco-reveals-a-hack-exposed-customer-data-in-these-states/

NextGov: ‘Widespread’ breach let hackers steal employee data from FEMA and CBP. “A ‘widespread cybersecurity incident’ at the Federal Emergency Management Agency allowed hackers to make off with employee data from both the disaster management office and U.S. Customs and Border Protection, according to a screenshot of an incident overview presentation obtained by Nextgov/FCW.”

https://rbfirehose.com/2025/09/30/nextgov-widespread-breach-let-hackers-steal-employee-data-from-fema-and-cbp/

Bleeping Computer: American Archive of Public Broadcasting fixes bug exposing restricted media. “​A vulnerability in the American Archive of Public Broadcasting’s website allowed downloading of protected and private media for years, with the flaw quietly patched this month. BleepingComputer was tipped about the flaw by a cybersecurity researcher who asked to remain anonymous, stating that the […]

https://rbfirehose.com/2025/09/24/bleeping-computer-american-archive-of-public-broadcasting-fixes-bug-exposing-restricted-media/

Mashable: Hackers found a way around Microsoft Defender to install ransomware on PCs, report says. “Windows users should think about reinforcing their antivirus software. And while Microsoft Defender should provide a line of defense against ransomware, a new report claims that hackers have found a way to get around the ransomware tool to infect PCs with ransomware.”

https://rbfirehose.com/2025/08/10/mashable-hackers-found-a-way-around-microsoft-defender-to-install-ransomware-on-pcs-report-says/

The Register: Three US agencies get failing grades for not following IT best practices . “The GAO flagged failures at the General Services Administration (GSA), Environmental Protection Agency (EPA), and Department of Homeland Security (DHS) in the three reports, with each guilty of not implementing more recommendations than the last. The DHS’ CIO, in particular, has 43 unresolved […]

https://rbfirehose.com/2025/08/07/the-register-three-us-agencies-get-failing-grades-for-not-following-it-best-practices/

Ars Technica: Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic. “Large-scale attacks designed to bring down Internet services by sending them more traffic than they can process keep getting bigger, with the largest one yet, measured at 7.3 terabits per second, being reported Friday by Internet security and performance provider Cloudflare.”

https://rbfirehose.com/2025/06/22/ars-technica-record-ddos-pummels-site-with-once-unimaginable-7-3tbps-of-junk-traffic/

Ars Technica: Record DDoS pummels site with once-unimaginable 7.3Tbps of junk traffic. “Large-scale attacks designed to bring down Internet services by sending them more traffic than they can process keep getting bigger, with the largest one yet, measured at 7.3 terabits per second, being reported Friday by Internet security and performance provider Cloudflare.”

https://rbfirehose.com/2025/06/22/ars-technica-record-ddos-pummels-site-with-once-unimaginable-7-3tbps-of-junk-traffic/

NBC News: Victoria’s Secret takes down website after ‘security incident’. “A Victoria’s Secret spokesperson said it has hired third-party experts to deal with the problem but declined to answer questions about the specific nature of the cybersecurity issue and how long it might take to remedy. The perpetrators are unknown, but the incident comes two weeks after Google warned that an […]

https://rbfirehose.com/2025/05/30/nbc-news-victorias-secret-takes-down-website-after-security-incident/

The Register: Marks & Spencer admits cybercrooks made off with customer info. “Marks & Spencer has confirmed that customer data was stolen as part of its cyberattack, fueling conjecture that ransomware was involved. The retail giant’s operations were hit hard, it had to pull systems and services offline, and now data has been exfiltrated – all of which are common hallmarks of a ransomware […]

https://rbfirehose.com/2025/05/17/the-register-marks-spencer-admits-cybercrooks-made-off-with-customer-info/

The Record: Attack claimed by pro-Ukraine hackers reportedly erases a third of Russian court case archive. “The attack was claimed by the pro-Ukraine hacking group BO Team, which has previously collaborated with Ukrainian military intelligence in operations against Russian entities. Ukrainian authorities have not publicly confirmed any official military intelligence participation in this […]

https://rbfirehose.com/2025/05/16/the-record-attack-claimed-by-pro-ukraine-hackers-reportedly-erases-a-third-of-russian-court-case-archive/

Cornell Chronicle: Research at risk: Protecting national defense from cyberattacks. “Their interdisciplinary research team commissioned a new cyber test range; initiated industry partnerships; and developed case studies about cyberattacks that have infiltrated chip supply chains (CrowdStrike, Stuxnet and Operation Grim Beeper are a few well-known examples). But in April, a stop-work order […]

https://rbfirehose.com/2025/05/12/research-at-risk-protecting-national-defense-from-cyberattacks-cornell-chronicle/

Know Your Meme: April 2025 4chan Hack. “April 2025 4chan Hack refers to memes and jokes about the Soyjak.party community supposedly hacking 4chan, restoring the deleted /QA/ board, and leaking the emails of 4chan moderators, also known as ‘janitors.’ The attackers reportedly exploited outdated PHP code and deprecated MySQL functions in 4chan’s backend, particularly in a core script named […]

https://rbfirehose.com/2025/04/15/know-your-meme-april-2025-4chan-hack/

The Register: Hacktivism resurges – but don’t be fooled, it’s often state-backed goons in masks. “Today’s ‘hacktivists,’ especially those going after critical infrastructure, often have less in common with just the digital vandals of the Nineties and Naughts than with government-backed cyber operators. Threat intel analysts say their tactics, targets, and timing suggest something […]

https://rbfirehose.com/2025/04/14/the-register-hacktivism-resurges-but-dont-be-fooled-its-often-state-backed-goons-in-masks/

Mashable: Grubhub confirms data breach, both drivers and customers are affected. “Grubhub, the food delivery service, has been hacked. On Monday, the company confirmed a data breach that affects both its drivers and customers. According to Grubhub, the malicious actor was able to gain entry into its systems via a third-party vendor that provides services for Grubhub’s support team.”

https://rbfirehose.com/2025/02/15/mashable-grubhub-confirms-data-breach-both-drivers-and-customers-are-affected/

The Register: It’s only a matter of time before LLMs jump start supply-chain attacks. ” Now that criminals have realized there’s no need to train their own LLMs for any nefarious purposes – it’s much cheaper and easier to steal credentials and then jailbreak existing ones – the threat of a large-scale supply chain attack using generative AI becomes more real.”

https://rbfirehose.com/2024/12/30/the-register-its-only-a-matter-of-time-before-llms-jump-start-supply-chain-attacks/