A major cybersecurity incident has exposed sensitive personal, medical and financial records of more than half a million Americans.

In a data breach notification, the Office of the Maine Attorney General says the California-based non-profit organization NorthBay Healthcare Corporation experienced an external system breach affecting 569,012 Americans.

In a notice sent to affected people, NorthBay Health says an unauthorized entity gained access to the firm’s computer systems between January 11th, 2024 and April 1st of the same year.

Sandworm’s BadPilot campaign exploits eight security flaws to infiltrate global critical sectors, enabling persistent access for cyber espionage opera.

The transformative power of artificial intelligence (AI) is bringing about major changes in the worlds of business and cybersecurity.

Source: Forbes.

#artificialintelligence #cybersecurity #Business

Your smartphone gallery may contain photos and screenshots of important information you keep there for safety or convenience, such as documents, bank agreements, or seed phrases for recovering cryptocurrency wallets. All of this data can be stolen by a malicious app such as the SparkCat stealer we’ve discovered. This malware is currently configured to steal crypto wallet data, but it could easily be repurposed to steal any other valuable information.

The worst part is that this malware has made its way into official app stores, with almost 250,000 downloads of infected apps from Google Play alone. Although malicious apps have been found in Google Play before, this marks the first time a stealer Trojan has been detected in the App Store. How does this threat work and what can you do to protect yourself?

Spectre-like SLAP and FLOP vulnerabilities in Apple CPUs can be used in real-world attacks.

Your smartphone gallery may contain photos and screenshots of important information you keep there for safety or convenience, such as documents, bank agreements, or seed phrases for recovering cryptocurrency wallets. All of this data can be stolen by a malicious app such as the SparkCat stealer we’ve discovered. This malware is currently configured to steal crypto wallet data, but it could easily be repurposed to steal any other valuable information.

The worst part is that this malware has made its way into official app stores, with almost 250,000 downloads of infected apps from Google Play alone. Although malicious apps have been found in Google Play before, this marks the first time a stealer Trojan has been detected in the App Store. How does this threat work and what can you do to protect yourself?

SparkCat infostealer infected apps in the App Store and Google Play. It scans photos on infected devices and steals crypto wallets.

Devices across the world are being abused.

In today’s AI news, the OpenAI commercial, developed under new CMO Kate Rouch, deliberately avoids mentioning AGI or superintelligence, which are at the core of OpenAI’s mission. “We want the message to feel relevant to the audience that is watching the Super Bowl, which includes tens of millions of people who have no familiarity with AI,” Rouch said.

S $254-billion software industry by 45% over the next five years, according to a survey by consulting firm EY India. This boost will come through the dual effect of the IT industry integrating elements of GenAI and client projects move from concept to production. + Then, the French government plans Monday to pledge a gigawatt of nuclear power for a new artificial-intelligence computing project expected to cost tens of billions of dollars. France is making a bid to catch up in the artificial intelligence race by leaning on one of its strengths: plentiful nuclear power.

And, Canadian investment firm Brookfield plans to invest €20 billion by 2030 in artificial intelligence projects in France (around $20.7 billion at current exchange rates), according to a report from La Tribune Dimanche confirmed by news agency AFP. The majority of the sum will be used to build AI-focused data centers.

In videos, we join Adrian Locher, Merantix Capital, Wei Li, BlackRock, Scott Sandell, NEA, Rob Heyvaert, Motive Partners, and Guru Chahal, Lightspeed Venture Partners, discussing how to identify the next category-defining opportunities in AI across venture capital, private equity, and beyond?

Is what happens when millions of people get access to a transformational general purpose technology such as artificial intelligence, enabling superpowers that benefit both individuals and society.” + Then, check out the cutting-edge world of “hackbots”—AI agents designed to autonomously hack websites. Joseph Thacker, Principal AI Engineer at AppOmni as well as a security researcher who specializes in application security and AI, discusses the basics of hackbots, the current landscape of the technology, and its potential future implications.

Stop leaving yourself vulnerable to data breaches. Go to our sponsor https://aura.com/sciencephile to get a 14-day free trial and see if any of your data has been exposed.

Aura just launched their new \.

In the incident analyzed by the Canadian cybersecurity company, the initial access was gained to a targeted endpoint via a vulnerable SimpleHelp RMM instance (“194.76.227[.]171”) located in Estonia.

Upon establishing a remote connection, the threat actor has been observed performing a series of post-exploitation actions, including reconnaissance and discovery operations, as well as creating an administrator account named “sqladmin” to facilitate the deployment of the open-source Sliver framework.

The persistence offered by Sliver was subsequently abused to move laterally across the network, establishing a connection between the domain controller (DC) and the vulnerable SimpleHelp RMM client and ultimately installing a Cloudflare tunnel to stealthily route traffic to servers under the attacker’s control through the web infrastructure company’s infrastructure.

Morphisec CTO Michael Gorelik told The Hacker News that there is evidence connecting the two activity clusters, and that the deceptive Chrome installer site was previously leveraged to download the Gh0st RAT payload.

“This campaign specifically targeted Chinese-speaking users, as indicated by the use of Chinese-language web lures and applications aimed at data theft and evasion of defenses by the malware,” Gorelik said.

“The links to the fake Chrome sites are primarily distributed through drive-by download schemes. Users searching for the Chrome browser are directed to these malicious sites, where they inadvertently download the fake installer. This method exploits the users’ trust in legitimate software downloads, making them susceptible to infection.”