Welcome reader to your CybersecurityHQ report.

Headlines

In the City of Brotherly Love, a major cyberattack has hit the Philadelphia Inquirer, impacting 25,000 readers. After an internal investigation, a notice was sent to affected customers on the 29th. Apparently, unauthorized access was gained on May 11, 2023. The hackers gathered financial information, account numbers, credit and debit card numbers, security codes, passwords, PINs, and more.

The Philadelphia Inquirer says there is no evidence any of this information has been used, but it still asked affected customers to keep an eye out for any suspicious activity. The paper has a total circulation of 60,000, and it is the third-longest continuously running daily newspaper in the country.

CISA has published guidelines for protecting critical infrastructure from AI-related risks. The governmental organization categorizes these risks into three categories: threat actors using AI to attack infrastructure, AI systems becoming the target of attack, and AI-assisted design and implementation causing weak points in the operation of infrastructure.

Among the solutions proposed, CISA recommends in-depth mapping of AI use across a company and continuous tracking of these systems. This gives valuable insights into where AI-related risks are likely and the biggest vulnerabilities.

The ongoing UnitedHealth cyber attack saga continues—this time with CEO Andrew Witty disclosing that the hackers took advantage of an exploit in software from private IT company Citrix. The revelation appears in written testimony presented to the House Energy and Commerce Committee in the lead-up to in-person testimony scheduled for today. Change Healthcare, owned by UnitedHealth, was attacked in February, leading to massive outages in healthcare payments across the country.

The threat actors used login credentials to gain remote access to a Change Healthcare Citrix portal, which didn’t require multi-factor authentication. Citrix has yet to respond to the testimony, but warnings have been put out by the US government about the security lapses in Citrix tools.

Interesting Read

In the UK, MPs have been complaining of a WhatsApp honeytrap operation. The first accused? China, Russia, or some other hostile state from the usual suspects. But now, that doesn’t appear to be the case.

In this story by Henry Zeffman and Phil Kemp for the BBC, the bizarre story of texting, Grindr, and prominent politicians is told. It seems that the same person is aggressively contacting a wide range of British elected officials, and no one can say who it is.

Employment Tip: Prep for Security Clearance

Looking for positions that require a security clearance? Get started right now. Organize documents and maintain a clean digital footprint. This makes moving through the process without hiccups and discrepancies much easier and less nerve-wracking.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team