Blog
-
Samsung’s Sensitive Data Becomes a Part of ChatGPT as Employees Use It for Work Shortcuts
While ChatGPT may be a productivity enhancer, organizations need to carefully consider the situations in which it is used. Samsung has learned this lesson the hard way as employees unwittingly fed sensitive data into its training model while doing code reviews and preparing internal presentations.
-
New Spyware Rising to Fill Pegasus’ Role in Dissident Tracking
Citizen Lab says that the UAE, Hungary and Mexico are “countries of concern” and notes that the QuaDream spyware has been sold to Saudi Arabia and Ghana among other nations. Spyware has at least one zero-click exploit in its arsenal.
-
3CX Telephony Supply Chain Attack Has Potential for Major Widespread Damage
Supply chain attack traces back to suspected North Korea state-backed hackers exploiting an open source vulnerability that allowed malware to be inserted into legitimate software updates (signed with valid 3CX certificates).
-
International Law Enforcement Operation Knocks Out Major Dark Web Market “Genesis”
One of the biggest dark web markets for trading in stolen identity information is now offline thanks to an international law enforcement operation that involved hundreds of raids across 17 countries.
-
Vulnerability in Software Used by Dutch Market Research Firms Results in Large-Scale Data Breach
Data breach at Nebu, a piece of marketing software used by numerous Dutch market research firms for creating surveys and maintaining contact information, impacted at least two million residents including Netherlands national railway and VodafoneZiggo.
-
Russian Cyberwar Fueled by Private Contractors, According to “Vulkan Files”
Vulkan Files provided insight into Russian cyberwar activities including government disinformation campaigns on social media, domestic surveillance and attacks on the critical infrastructure of foreign countries.
-
Commercial Spyware Making Big Money From Zero-Days for Operating Systems, Major Platforms
Google’s Threat Analysis Group (TAG) finds that a group of about 30 of the world’s more serious commercial spyware vendors are peddling zero-days for Android, iOS, Chrome and Samsung’s pre-installed mobile device software.
-
Australian Financial Service Provider Latitude Lost 14 Million Records in Data Breach
Latitude, a major financial service provider in Australia, has lost about 14 million customer records to a data breach. The incident previously reported that 328,000 records had been exposed.
-
Twitter Source Code Leak Sat on GitHub for Months
Proprietary Twitter code was sitting in a GitHub repository from early January to sometime in March. Inside anonymous sources believe that the source code leak was perpetuated by a former employee that was laid off when Musk took over.
-
CISA Scanning Critical Infrastructure Companies, Providing Warnings to Ward off Ransomware Attacks
Preventing ransomware attacks on critical infrastructure companies has been a major focus for the Biden administration, and a new program has tasked CISA with warning companies when major vulnerabilities are detected.