A new DDoS-as-a-Service botnet called “Condi” emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to build an army of bots to conduct attacks. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
A new DDoS-as-a-Service botnet called “Condi” emerged in May 2023, exploiting a vulnerability in TP-Link Archer AX21 (AX1800) Wi-Fi routers to build an army of bots to conduct attacks. […] Read More
BleepingComputer
Rite Aid says 2.2 million people affected in data breach
The US’ third-largest pharmacy chain Rite Aid has filed a data breach notification in which it reports that the data stolen during a June ransomware attack compromised the data of some 2.2 million people.
Ransomware group RansomHub claimed responsibility for the attack that took place on June 6, 2024. Ransomware groups are always looking for ways to increase their leverage over their victims, and threatening to leak stolen customer data is one of their most common methods.
The site where RansomHub’s leaks stolen data features a ransom demand next to a typical countdown timer, demanding payment before the timer expires on July 26, after which the group has threatened to release the stolen data.
Rite Aid listing on RansomHub leak site
After the discovery of the breach on June 20, Rite Aid started an investigation. The restoration of the compromised systems has now reached completion, according to Rite Aid.
Reportedly, the stolen data appears to be limited to purchases made between June 6, 2017, and July 30, 2018. Rite Aid says names, addresses, dates of birth, and the numbers associated with driver’s licenses or other ID documents were stolen.
RansomHub claims that:
”While having access to the Riteaid network we obtained over 10 GB of customer information equating to around 45 million lines of people’s personal information. This information includes name, address, dl_id number, dob, riteaid rewards number.”
Rite Aid is offering affected customers a standard 12 months of credit monitoring from Kroll. Details on how to claim that offer can be found in the letter it’s sending customers.
There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.
Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.
Malwarebytes has a free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.
Go into your vacation knowing you’re much more secure: This summer you can get a huge 50% off a Malwarebytes Standard subscription or Malwarebytes Identity bundle. Run, don’t walk!
Microsoft Adds 5 New AI Tools to be Added with Azure AI
[[{“value”:”
Microsoft has unveiled a suite of new tools within its Azure AI Studio.
These innovations are designed to address the growing concerns around prompt injection attacks, content reliability, and overall system safety, marking a pivotal step in the evolution of AI technology.
With these additions, Azure AI continues to provide our customers with innovative technologies to safeguard their applications across the generative AI lifecycle.
Microsoft has recently introduced new tools in Azure AI Studio to support generative AI app developers in tackling quality and safety challenges associated with AI.
These tools are now available or will soon help developers create high-quality and safe AI applications.
Document
Run Free ThreatScan on Your Mailbox
AI-Powered Protection for Business Email Security
Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Try Trustifi Free Threat Scan with Sophisticated AI-Powered Email Protection .
Prompt injection attacks substantially threaten the integrity of AI systems, allowing malicious actors to manipulate AI to produce undesirable outcomes.
Microsoft’s response to this challenge is the introduction of Prompt Shields, a cutting-edge solution that detects and neutralizes both direct and indirect prompt injection attacks in real time.
Jailbreak attacks, or direct prompt injections, involve manipulating AI prompts to bypass safety measures. They can potentially lead to data breaches or the generation of harmful content.
Microsoft’s Prompt Shield for jailbreak attacks, launched in November as ‘jailbreak risk detection,’ is specifically designed to identify and block these threats.
Microsoft is also introducing Groundedness detection, a feature designed to identify and correct ‘hallucinations’ in AI outputs—instances where the AI generates content that is ungrounded or misaligned with reality.
This tool is crucial for maintaining the quality and trustworthiness of AI-generated content.
Microsoft is rolling out safety system message templates to enhance AI systems’ reliability further.
These templates, developed by Microsoft Research, guide AI behavior toward generating safe and responsible content, helping developers build high-quality applications more efficiently.
Recognizing the challenges in assessing AI application vulnerabilities, Microsoft is launching automated evaluations for risk and safety metrics.
These evaluations measure an application’s susceptibility to generating harmful content and provide insights for effective mitigation strategies.
Additionally, introducing risk and safety monitoring in Azure OpenAI Service allows for real-time tracking of user inputs and model outputs, enhancing the overall safety of AI deployments.
Lastly, Microsoft is pleased to announce risk and safety monitoring in Azure OpenAI Service.
This feature allows developers to monitor user inputs and model outputs for potential risks, providing insights to adjust content filters and application design for a safer AI experience.
These new tools from Microsoft Azure AI represent a significant advancement in developing safe and reliable generative AI applications.
By addressing key challenges in AI security and reliability, Microsoft continues leading the way in responsible AI innovation, ensuring its customers can confidently scale their AI solutions.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post Microsoft Adds 5 New AI Tools to be Added with Azure AI appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
BlackCat Operators Distributing Ransomware Disguised as WinSCP via Malvertising
Threat actors associated with the BlackCat ransomware have been observed employing malvertising tricks to distribute rogue installers of the WinSCP file transfer application.
"Malicious actors used malvertising to distribute a piece of malware via cloned webpages of legitimate organizations," Trend Micro researchers said in an analysis published last week. "In this case, the distribution Read More
The Hacker News | #1 Trusted Cybersecurity News Site