DataBreachToday.com

Symbolic Links Planted by Attackers Survived Patching, Provide Read-Only Access
Attackers have been using a new type of post-exploitation technique to maintain remote access to hacked Fortinet FortiGuard devices - even if they had the latest patches - by dropping symbolic links in the device's filesystem designed to survive the patching process, the vendor has warned.

LLMs Falter on Real-World Bugs, Even With Debugger Access: Microsoft
Artificial intelligence can code but it can't debug says Microsoft after observing how large language models performed when given a series of real world software programming tests. Most LLMs struggle to resolve software bugs, even when given access to traditional developer tools such as debuggers.

Domain Controllers Commandeered to Distribute Malware, Warns Microsoft
Ransomware hackers are hitting up Active Directory domain controllers to boost privileges within compromised networks, warns Microsoft. Nearly eight out of every 10 human-operated cyberattacks involve a breached domain controller. Securing the servers is a challenge.

Also: Ransomware Profits Down, Meta's Benchmarking Controversy
In this week's update, ISMG editors previewed our return to the RSAC Conference studios in San Francisco, explored cracks in the ransomware business model, and unpacked the debate over Meta's Llama 4 benchmarks and their implications for AI transparency.

Senior Technology, Cybersecurity Officials Removed From Interior Department
The U.S. Department of Interior has reportedly removed several key cybersecurity and technology officials from their posts following a reported dispute with staffers from the Department of Government Efficiency over its access to government systems and sensitive federal data.

HHS Cites Security Risk Analysis Failures in Hack That Affected Nearly 300,000
A medical imaging practice with offices in New York and Connecticut has agreed to pay $350,000 to federal regulators and implement a corrective action plan to settle potential HIPAA violations uncovered in an investigation of a 2020 hacking incident that affected nearly 300,000 people.

Laboratory Services Cooperative Says 1.6 Million Patients, Workers, Others Affected
A laboratory that provides medical testing services to Planned Parenthood is notifying 1.6 million patients, workers and those who paid for healthcare on behalf of another person that their sensitive personal and health information was accessed or removed in an October 2024 hacking incident.

Chief Information Officer Meerah Rajavel shares Palo Alto Networks' strategy for enterprise AI: securing models from the outset, combating adversarial use and leveraging increased productivity and automation to cut manual workloads across engineering, support, sales and HR.

Also, Oracle Denies Cloud Breach, Blames Hack on Obsolete Servers
This week, Port of Seattle notified victims, Oracle blamed hack on obsolete servers, Google and Microsoft released April patches, WK Kellogg breached, six arrested in Spain for AI-investment scam, Scattered Spider's "King Bob" pleaded guilty, SmokeLoader users busted.

California Health Plan With 6 Million Members Blames Software Configuration Error
Blue Shield of California is notifying health plan members that their protected health information was potentially shared for nearly three years with Google for advertising purposes because of the way Google Analytics online tracking tools were configured on the insurer's websites.

Incident Reporting Low, Government Study Finds
Ransomware attacks targeting U.K. organizations continued to rise last year concluded the British government despite a low reporting rate by victims. The findings come as the government is considering banning public sector organization from paying ransom and mandating incident reporting.

3 Key Strategies for Security Leaders for Managing On-Premises and Cloud Identities
Machine identities now outnumber human identities 45:1, creating new security risks in an increasingly digital world. As organizations expand across hybrid and multi-cloud environments, fragmented identities become harder to manage, requiring proactive strategies to enhance security and governance.

Lowering Machine Identity Risks in AI, ML and Bot Workflows
While AI, ML and bot workflows boost efficiency, they also expand the attack surface. Over-permissioned identities, exploitable vulnerabilities and AI misuse pose significant security risks. AI-driven security tools can mitigate these risks by detecting anomalies and automating threat response.

Tailoring Machine Identity Management to Specific Industry Needs
A one-size-fits-all security approach to machine identity management cannot address the unique challenges of different industries. Instead, security strategies should be tailored to meet each industry's specific needs, including access control, continuous monitoring and compliance requirements.

AI Tool Streamlines Clinical Workflows at WellSpan With Microsoft's Dragon Copilot
WellSpan Health deploys Dragon Copilot, blending voice dictation and ambient listening to ease clinician burnout. It streamlines tasks with generative AI as part of an ecosystem shift, offering hope amid high burnout rates and workforce shortages.

Chris Krebs and SentinelOne Targeted as Trump Still Trumpets 2020 Election Lies
The White House said President Trump has ordered a probe into former Cybersecurity and Infrastructure Security Agency Director Chris Krebs' government service, revoked any security clearances he holds and suspended security clearances issued to his employer, SentinelOne.

Also: PoisonSeed Phishing Campaign, FTX Clients Face Reimbursement Hurdle
This week, Trump administration disbanded a Justice Department crypto unit, the U.S. Securities and Exchange Commission will review crypto guidance, Usual pledged up to $16M in bug bounties, a PoisonSeed phishing campaign, FTX repayment plan troubles and a Coinbase 2FA error.

Emerging AI Tools Can Transform SOC Analysts' Jobs But Require New Sets of Skills
In a job market known for its talent shortage and skills gap, the shift to AI-based solutions represents both an opportunity and a call to action. While AI can tackle grunt work with remarkable accuracy, it also demands a new set of skills from the cybersecurity workforce.