In January 2024, MITRE Corporation reported a security breach instigated by a state-sponsored hacking group that exploited two zero-day vulnerabilities in Ivanti VPNs. The breach was initially detected due to unusual activity in an unclassified network environment used for research and development, prompting an immediate investigation. Although the breach did not compromise MITRE's core enterprise network or its affiliates, the attackers were able to maneuver through the network and access sensitive data by using sophisticated methods to bypass security measures, including multi-factor authentication. The incident has prompted notifications to impacted parties and collaborations with authorities as MITRE works to establish secure operational alternatives while advocating for improved cybersecurity defenses across the industry.

MITRE says state hackers breached its network via Ivanti zero-days Bleeping Computer

As companies increasingly integrate artificial intelligence into their operations, the role of Chief AI Officer (CAIO) is becoming more prevalent. This executive position is dedicated to overseeing and strategically deploying AI technology within a company. The responsibilities of a CAIO include ensuring AI alignment with corporate goals, managing AI projects, and navigating ethical considerations associated with AI use. This role is crucial as businesses seek to harness AI’s potential while addressing the complexities it introduces.

The rise of the chief AI officer Financial Times

Cisco has disclosed and issued a patch for a high-severity vulnerability affecting the Integrated Management Controller in a range of devices, including UCS C-Series Rack Servers and 5000 Series Enterprise Network Compute Systems. This flaw, having an 8.8 out of 10 severity rating, could allow an authenticated, local attacker with at least read-only privileges to execute command injection attacks and gain root access. While Cisco reported no known instances of the vulnerability being exploited, code that could be used for such purposes has been made public. Customers are urged to apply the provided patches, as no alternative mitigations have been advised, and a wide spectrum of Cisco devices could be impacted if running vulnerable versions of the software with default configurations.

Cisco Discloses High-Severity Vulnerability, Exploit Code Released CRN

Omni Hotels & Resorts experienced a ransomware attack last month, resulting in the theft of personal customer information. The stolen data includes names, email and postal addresses, and loyalty program details but does not encompass financial details or Social Security numbers. The hotel chain, which operates numerous properties across the United States and Canada, detected the intrusion on March 29, causing temporary system shutdowns that led to widespread outages affecting services like phone, Wi-Fi, and room keys. The ransomware group Daixin has claimed responsibility for the breach, threatening to release customer records dating back to 2017. Despite these claims, financial information and Social Security numbers were reportedly not compromised in the incident.

Omni Hotels says customers' personal data stolen in ransomware attack TechCrunch