Global Data Breach Costs Go Down, but Not in US

Source: Data Breach Today

The global average of costs stemming from a data breach is coming down, a possible testament to quicker detection and containment. Whatever the cause, it doesn't apply in the United States, where breach victims reported another year of escalating costs from cleaning up the aftermath of a breach.

Link to article 

Lenovo Firmware Vulnerabilities Allow Persistent Implant Deployment

Source: Security Week

Lenovo devices are affected by several vulnerabilities, including ones that could allow attackers to deploy persistent implants on targeted systems, firmware security and supply chain risk management company Binarly reported on Tuesday.

Link to article

Microsoft finds a way into Mac users’ secrets, helps fix the flaw

Source: Cyber News

Microsoft has detailed a macOS flaw that could be exploited to bypass the security system and extract sensitive data from protected folders, including photos, location logs, face recognition data, search history, and more.

Link to article

Health System Settles Web Tracker Lawsuit for up to $9.25M

Source: Data Breach Today

A Missouri healthcare system has agreed to pay up to $9.25 million to settle a proposed class action lawsuit alleging that its use of online tracking tools in its patient portals transmitted sensitive patient information to third-party firms without the patients' knowledge or consent.

Link to article

ChatGPT, GenAI Tools Open to 'Man in the Prompt' Browser Attack

Source: Dark Reading

An innovative prompt injection attacker can steal your data using nothing but a browser extension. A brand-new cyberattack vector allows threat actors to use a poisoned browser extension to inject malicious prompts into all of the top generative AI tools on the market, including ChatGPT, Gemini, and others.

Link to article