Global enterprises are facing a serious security crisis as misconfigured Access Management Systems (AMS) expose sensitive employee data and grant potential access to restricted facilities. The vulnerabilities found across healthcare, education, manufacturing, and government industries put organizations at heightened risk of data breaches, financial losses, and compliance violations.
In some cases, attackers could manipulate credentials to bypass security systems entirely, raising urgent concerns over both digital and physical security, according to a report by cybersecurity firm Modat.
The findings suggest that hundreds of thousands of sensitive employee records have been exposed, including biometric information, identification details, photographs, and work schedules. In some cases, these vulnerabilities could allow unauthorized individuals to bypass physical security measures and gain entry into restricted facilities.
Access Management Systems are crucial in modern security and yet they can often present significant vulnerabilities,” the report said. “Some systems offer comprehensive access control features, but their network-connected nature can create potential attack vectors.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
The ransomware-as-a-service (RaaS) cybercrime group intends to leak the stolen information in just two days, it claims; but oddly, it doesn’t seek a ransom payment from its victim.
Qilin, a Russian-speaking cybercrime group, has claimed responsibility for the cyberattack that impacted Lee Enterprises’ operations in early February.
Lee Enterprises is one of the largest newspaper groups in the US, with publications in 72 markets, including The Buffalo News, Omaha World-Herald, and the Richmond Times-Dispatch. It filed a report last month with the SEC detailing the cyberattack, which caused an outage that crippled its operations.
At the time of the filing, Lee Enterprises said it was still investigating the data breach, noting that the process could take some time to complete. Now, Qilin, which typically operates a ransomware-as-a-service (RaaS) model, is claiming the theft of 350GB of data from the company on its Tor leak site. The data includes financial records, payments to journalists, and insider news tactics, it claims. The group also provided what it said is proof of the attack, publishing ID scans, corporate documents, and spreadsheets.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.darkreading.com/cyberattacks-data-breaches/qilin-cyber-gang-credit-lee-newspaper-breach
The fake websites trick users into downloading and running malware that searches for personal information, especially anything related to crypto currency.
Threat actors are leveraging brand impersonation techniques to create fake websites mimicking DeepSeek, an AI chatbot from China that launched just a month ago. Their goal? Getting users to divulge personal and sensitive information.
A significant number of imposter sites imitating DeepSeek have already popped up, according to researchers at ThreatLabz, including deepseeksol[.]com, deepseeksky[.]com, deepseek[.]app, deepseekaiagent[.]live, and many more.
The attack chain involves the fraudulent DeepSeek website asking visitors to complete a registration process. Once done, the user is directed to a fake CAPTCHA page. Malicious JavaScript copies a malicious PowerShell command to the user’s clipboard, which, if run, downloads and executes the Vidar information stealer, allowing it to exfiltrate sensitive data such as passwords, cryptocurrency wallets, and personal files.
“The malware employs social media platforms, such as Telegram, to conceal its C2 infrastructure,” noted the researchers in a blog post.
They added that the malware is programmed to search for files and configurations specifically related to cryptocurrency wallets. If detected, Vidar will query “specific registry keys and file paths to exfiltrate sensitive data such as wallet files.” The malware also actively searches the victim’s system for other assets, such as stored cookies and saved login credentials.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
The unconfirmed breach allegedly includes email, phone numbers, API and crypto keys, credentials, and billing information, from over 30,000 OmniGPT users.
Popular AI aggregator OmniGPT, which provides access to multiple AI models including ChatGPT-4, Claude 3.5, Gemini, and Midjourney, has allegedly suffered a massive breach, exposing personal data belonging to over 30,000 users.
On Monday, a BreachForums user “Gloomer” reportedly made a post, offering samples of the allegedly stolen data. “This leak contains all messages between the users and the chatbot of this site, as well as all links to the files uploaded by users and also 30k user emails.”
The “God” level BreachForums user, reserved for the top-tier members of the hack site, made the post a little over two weeks after KrakenLabs last reported the breach, attributing it to a BreachForums post made by a user with the same alias, but a different profile avatar.
“Hi, I recently breached OmniGPT.co which is a smaller clone of ChatGPT and extracted all messages between their users and the AI (Over 34 million lines), additionally I also got the emails of 30k users and about 20% of these also come with phone number.” Gloomer had said then.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
CISOs are trained to fix problems. Lawyers are trained to find them. The two must work together to address complex challenges like breaches, compliance, or the ethics of emerging technologies.
There’s a joke that’s been floating around boardrooms for years: “What’s the difference between lawyers and engineers? Lawyers don’t think they’re engineers.”
This light-hearted jab highlights a fundamental difference between the two professions. Engineers, and by extension CISOs, focus on building and fixing things, learning a wide array of skills, sometimes sticking their hands into technologies nobody trained them to handle. Lawyers, on the other hand, aim to find problems, navigate gray areas, and anticipate risks.
While these differences might seem like a recipe for conflict between the two professions, they can often lead to a strong partnership. By combining their skills, these two groups can navigate the ever-evolving intersection of technology, innovation, and regulation.
Cybersecurity and data breaches are not just technical issues,” says Michael Welch, former CISO and managing director at MorganFranklin Consulting. “They can be intertwined with legal, regulatory, and reputational risks that require a collaborative, proactive approach.
While the relationship between CISOs and their legal teams is essential, things don’t always go smoothly. Differing priorities and communication gaps can create tensions or even lead to conflict. However, strengthening this partnership is not just beneficial — it’s critical for the organization’s ability to manage risks and respond to complex cybersecurity and compliance challenges. And CISOs can do a few things to make this partnership work.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.csoonline.com/article/3811937/cisos-stop-trying-to-do-the-lawyers-job.html
The media company Lee Enterprises said a “cybersecurity event” had created havoc at dozens of its newspapers, prompting some to publish shorter editions or not print at all.
Newspapers across the country owned by the news media company Lee Enterprises were unable to print, had problems with their websites and published smaller issues after a cyberattack last week, the company said.
In a statement emailed on Sunday, Lee Enterprises said that the company was facing disruptions to its daily operations because of a “cybersecurity event,” and that it had notified law enforcement.
Lee Enterprises is the parent company of more than 70 daily newspapers, such as The St. Louis Post-Dispatch, and nearly 350 weekly and specialty publications in 25 states, including Alabama, New York and Oregon. The company did not say how the attack happened or who was behind it.
We are now focused on determining what information — if any — may have been affected by the situation,” the company said.We are working to complete this investigation as quickly and thoroughly as possible, but these types of investigations are complex and time-consuming, with many taking several weeks or longer to complete.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source :https://www.nytimes.com/2025/02/09/business/media/newspaper-cyberattack-lee-enterprises.html
The rapid rise of DeepSeek , a Chinese generative AI platform, heightened concerns this week over the United States’ AI dominance as Americans increasingly adopt Chinese-owned digital services. With ongoing criticism over alleged security issues posed by TikTok’s relationship to China, DeepSeek’s own privacy policy confirms that it stores user data on servers in the country.
Meanwhile, security researchers at Wiz discovered that DeepSeek left a critical database exposed online, leaking over 1 million records, including user prompts, system logs, and API authentication tokens. As the platform promotes its cheaper R1 reasoning model, security researchers tested 50 well-known jailbreaks against DeepSeek’s chatbot and found lagging safety protections as compared to Western competitors.
Brandon Russell, the 29-year-old cofounder of the Atomwaffen Division, a neo-Nazi guerrilla organization, is on trial this week over an alleged plot to knock out Baltimore’s power grid and trigger a race war. The trial provides a look into federal law enforcement’s investigation into a disturbing propaganda network aiming to inspire mass casualty events in the US and beyond.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
Source : https://www.wired.com/story/hackers-google-gemini-us-cyberattacks/
U.S. engineering firm ENGlobal has confirmed that hackers accessed “sensitive personal information” from its systems during a November 2024 cyberattack.
ENGlobal, which provides engineering and automation services to the federal government and critical infrastructure organizations, said in an updated 8-K filing with the U.S. securities regulator on Monday that hackers subsequently “encrypted some of its data files,” implying the incident was related to ransomware. The company said some of its business applications — including financial reporting systems — were offline for about six weeks.
The Houston, Texas-based company hasn’t yet said how many individuals are affected by the breach or what types of data were accessed, but said it will notify those affected. ENGlobal did not immediately respond to TechCrunch’s questions.
In its updated filing, ENGlobal says that its operations have been “fully restored” following its cyberattack. The company says it believes the threat actor, who has not yet been named, no longer has access to its IT systems.
Stay updated with SOC News for cutting-edge security innovations and expert industry insights!
