Sat.Mar 04, 2023 - Fri.Mar 10, 2023

article thumbnail

Why Are Security Fears About ChatGPT So Overblown?

Data Breach Today

Expert Etay Maor Says Limitations, Biases Make the AI Bot Unreliable - for Now Technologists were quick to point out that popular AI-based chatbot, ChatGPT, could lower the bar for attackers in phishing campaigns and even write malware code, but Cato Networks' Etay Maor advises taking these predictions "with a grain of salt" and explores the pros and cons of ChatGPT.

Phishing 268
article thumbnail

GUEST ESSAY: Five stages to attain API security — and mitigate attack surface exposures

The Last Watchdog

APIs (Application Programming Interfaces) play a critical role in digital transformation by enabling communication and data exchange between different systems and applications. Related: It’s all about attack surface management APIs help digital transformation by enabling faster and more efficient business processes, improving customer experience, and providing new ways to interact with your business.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The FBI Just Admitted It Bought US Location Data

WIRED Threat Level

Rather than obtaining a warrant, the bureau purchased sensitive data—a controversial practice that privacy advocates say is deeply problematic.

IT 108
article thumbnail

Who’s Behind the NetWire Remote Access Trojan?

Krebs on Security

A Croatian national has been arrested for allegedly operating NetWire , a Remote Access Trojan (RAT) marketed on cybercrime forums since 2012 as a stealthy way to spy on infected systems and siphon passwords. The arrest coincided with a seizure of the NetWire sales website by the U.S. Federal Bureau of Investigation (FBI). While the defendant in this case hasn’t yet been named publicly, the NetWire website has been leaking information about the likely true identity and location of its owne

Access 233
article thumbnail

Peak Performance: Continuous Testing & Evaluation of LLM-Based Applications

Speaker: Aarushi Kansal, AI Leader & Author and Tony Karrer, Founder & CTO at Aggregage

Software leaders who are building applications based on Large Language Models (LLMs) often find it a challenge to achieve reliability. It’s no surprise given the non-deterministic nature of LLMs. To effectively create reliable LLM-based (often with RAG) applications, extensive testing and evaluation processes are crucial. This often ends up involving meticulous adjustments to prompts.

article thumbnail

Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears

Dark Reading

More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information.

Security 144

More Trending

article thumbnail

Hong Kong’s data privacy law reform may come in 2023

Data Protection Report

The reform of Hong Kong’s Personal Data (Privacy) Ordinance (Cap.486) (the PDPO ) is back on the agenda. In our earlier post in 2020, we reported that the Constitutional and Mainland Affairs Bureau published a discussion paper (the Discussion Paper ) seeking the Legislative Council’s Panel on Constitutional Affairs’ (the Panel ) views on proposed changes to the PDPO.

article thumbnail

Sued by Meta, Freenom Halts Domain Registrations

Krebs on Security

The domain name registrar Freenom , whose free domain names have long been a draw for spammers and phishers, has stopped allowing new domain name registrations. The move comes just days after the Dutch registrar was sued by Meta , which alleges the company ignores abuse complaints about phishing websites while monetizing traffic to those abusive domains.

Phishing 238
article thumbnail

IceFire Ransomware Portends a Broader Shift From Windows to Linux

Dark Reading

IceFire has changed up its OS target in recent cyberattacks, emblematic of ransomware actors increasingly targeting Linux enterprise networks, despite the extra work involved.

article thumbnail

Transparent Tribe spread CapraRAT via fake Messaging Apps

Data Breach Today

Campaign Mainly Targets Indian And Pakistani Android Users with Romance Honey Trap A cyberespionage campaign using Trojanized apps implanted with a backdoor to exfiltrate sensitive data is doing the rounds in India and Pakistan. Researchers at cybersecurity firm Eset identify the threat actor as Transparent Tribe, a group aligned with the Pakistani government.

article thumbnail

How and Why Should You Be Tracking Geopolitical Risk?

Geopolitical risk is now at the top of the agenda for CEOs. But tracking it can be difficult. The world is more interconnected than ever, whether in terms of economics and supply chains or technology and communication. Geopolitically, however, it is becoming increasingly fragmented – threatening the operations, financial well-being, and security of globally connected companies.

article thumbnail

Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears

KnowBe4

Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that m ore than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.

Security 121
article thumbnail

UK Introduces Data Protection and Digital Information (No. 2) Bill

Hunton Privacy

On March 8, 2023, the UK Secretary of State for Science, Innovation and Technology, Michelle Donelan, introduced the Data Protection and Digital Information (No. 2) Bill to UK Parliament. The first version of the reform bill was originally proposed by the UK government in July 2022, but was put on pause during September 2022. According to UK government in its press release , the Bill will “introduce a simple, clear and business-friendly framework that will not be difficult or costly to implemen

article thumbnail

Acer Confirms Data Offered Up for Sale Was Stolen

Dark Reading

An Acer statement confirms that a document server for repair techs was compromised, but says customer data doesn't appear to be part of the leak.

Sales 131
article thumbnail

Phishing Campaign Targets Job Seekers, Employers

Data Breach Today

Attackers Exploit Economic Downturn by Deploying Malware in Resumes, ID Attachments Threat actors are exploiting the ongoing economic downturn using job-themed phishing and malware campaigns to target job seekers and employers to steal sensitive information and hack company recruiters. Researchers advise companies to be wary of attachments and URLs.

Phishing 264
article thumbnail

7 Pitfalls for Apache Cassandra in Production

Apache Cassandra is an open-source distributed database that boasts an architecture that delivers high scalability, near 100% availability, and powerful read-and-write performance required for many data-heavy use cases. However, many developers and administrators who are new to this NoSQL database often encounter several challenges that can impact its performance.

article thumbnail

Catches of the Month: Phishing Scams for March 2023

IT Governance

Welcome to our March 2023 review of phishing attacks, in which we explore the latest email scams and the tactics that cyber criminals use to trick people into handing over personal data. This month, we’re dedicating our feature to a topic that has been circling the cyber security sector – and many others besides – for some time: AI (artificial intelligence).

Phishing 111
article thumbnail

Utah Legislature Passes Bills Restricting Social Media Accounts for Minors

Hunton Privacy

On March 1-3, 2023, the Utah legislature passed a series of bills, SB 152 and HB 311, regarding social media usage for minors. For social media companies with more than five million users worldwide, SB 152 would require parental permission for social media accounts for users under age 18, while HB 311 would hold social media companies liable for harm minors experience on the platforms.

Risk 116
article thumbnail

[SCAM OF THE WEEK] Is ChatGPT Your Next Financial Advisor?

KnowBe4

ChatGPT, an artificial intelligence (AI) chatbot created by OpenAI, has risen in popularity since its release last year. Now, cybercriminals are using ChatGPT’s popularity to lure you into phishing scams. In one of these scams, cybercriminals try to trick you with a fake new ChatGPT feature.

article thumbnail

CHS to Notify 1 Million in Breach Linked to Software Flaw

Data Breach Today

Hospital Chain Faults Zero-Day Vulnerability in 3rd-Party File Transfer Software Community Health Systems will soon begin notifying up to 1 million individuals estimated to have been affected by data compromise when attackers exploited a zero-day vulnerability in vendor Fortra's GoAnywhere MFT, which is secure managed file transfer software.

Security 262
article thumbnail

Entity Resolution Checklist: What to Consider When Evaluating Options

Are you trying to decide which entity resolution capabilities you need? It can be confusing to determine which features are most important for your project. And sometimes key features are overlooked. Get the Entity Resolution Evaluation Checklist to make sure you’ve thought of everything to make your project a success! The list was created by Senzing’s team of leading entity resolution experts, based on their real-world experience.

article thumbnail

IT Governance Podcast 2023-5: WH Smith, the Data Protection and Digital Information Bill, TikTok

IT Governance

This week, we discuss a data breach affecting WH Smith, the latest proposals to reform data protection law in the UK, TikTok’s response to being banned by the European Commission and European Parliament, and the proposed US RESTRICT Act, and a woman who has been sentenced for defrauding Luton Borough Council in a cyber attack. The post IT Governance Podcast 2023-5: WH Smith, the Data Protection and Digital Information Bill, TikTok appeared first on IT Governance UK Blog.

article thumbnail

Irish Data Protection Commission Publishes Annual Report for 2022

Hunton Privacy

On March 7, 2023, the Irish Data Protection Commission (“DPC”) published its Annual Report for 2022 (the “Report”). The Report contains details on several areas of the DPC’s work, including complaints from data subjects received by the DPC, personal data breach notifications received by the DPC and statutory inquiries conducted by the DPC. Highlights from the Report include: During 2022, the DPC received 2,700 complaints from data subjects under the General Data Protection Regulation (“GDPR”).

article thumbnail

International Women’s Day 2023: Embrace Equity

OpenText Information Management

“I raise up my voice—not so that I can shout, but so that those without a voice can be heard. … We cannot all succeed when half of us are held back.” Malala Yousafzai Today on International Women’s Day (IWD), we raise up our voices to celebrate the good and speak out against the unjust. … The post International Women’s Day 2023: Embrace Equity appeared first on OpenText Blogs.

103
103
article thumbnail

HDB Financial Services Finds Breach at Data Processor

Data Breach Today

An Estimated 600,000 Customers Affected by Breach Records of more than half a million customers of a lending service owned by India's largest private sector bank are apparently downloadable for free on a criminal data breach forum. HDFC Bank says it detected a data breach at one of its service providers that processes customer information.

article thumbnail

Reimagined: Building Products with Generative AI

“Reimagined: Building Products with Generative AI” is an extensive guide for integrating generative AI into product strategy and careers featuring over 150 real-world examples, 30 case studies, and 20+ frameworks, and endorsed by over 20 leading AI and product executives, inventors, entrepreneurs, and researchers.

article thumbnail

Three-Quarters of Vulnerabilities Used in Ransomware Attacks Were Discovered Before 2020

KnowBe4

Despite a lot of focus on phishing and remote access as initial access vectors, new data shows the use of vulnerabilities is not only on the rise, but simply isn’t being properly addressed.

article thumbnail

FTC Announces Proposed Order against BetterHelp for Disclosing Sensitive Mental Health Information to Third Parties for Targeted Advertising Purposes

Hunton Privacy

On March 2, 2023, the FTC announced a proposed order against BetterHelp, Inc., an online mental health counseling service, for sharing consumer data, including sensitive mental health information, with third parties for targeted advertising and other purposes. The FTC’s proposed order is notable, in that it is the first such order that would return funds to consumers whose health data was affected.

Privacy 104
article thumbnail

Machine Learning Improves Prediction of Exploited Vulnerabilities

Dark Reading

The third iteration of the Exploit Prediction Scoring System (EPSS) performs 82% better than previous versions, giving companies a better tool for evaluating vulnerabilities and prioritizing patching.

100
100
article thumbnail

Play Ransomware Partially Leaks Stolen City of Oakland Data

Data Breach Today

Group Threatens Full Data Dump If Its Extortion Demands Are Not Met Play ransomware hackers attempting to extort the San Francisco Bay Area city of Oakland dumped 10 gigabytes of stolen information over the weekend and threatened that more dumps may come. Researchers have spotted similarities between the Play, Hive and Nokoyawa ransomware groups.

article thumbnail

Strategic CX: A Deep Dive into Voice of the Customer Insights for Clarity

Speaker: Nicholas Zeisler, CX Strategist & Fractional CXO

The first step in a successful Customer Experience endeavor (or for that matter, any business proposition) is to find out what’s wrong. If you can’t identify it, you can’t fix it! 💡 That’s where the Voice of the Customer (VoC) comes in. Today, far too many brands do VoC simply because that’s what they think they’re supposed to do; that’s what all their competitors do.

article thumbnail

Phishing for Ring Customers

KnowBe4

INKY warns that a phishing campaign is targeting users of the Ring video security system. The scammers are sending brief phishing emails instructing recipients to click on the attached HTML file in order to update their membership. The file will open a webpage hosted locally on the victim’s machine, which helps the attackers avoid detection by security filters.

Phishing 100
article thumbnail

Latest version of Xenomorph Android malware targets 400 banks

Security Affairs

A new version of the Xenomorph Android malware includes a new automated transfer system framework and targets 400 banks. The author of the Xenomorph Android malware, the Hadoken Security Group, continues to improve their malicious code. In February 2022, researchers from ThreatFabric first spotted the Xenomorph malware, which was distributed via the official Google Play Store reaching over 50,000 installations.

article thumbnail

Remcos RAT Spyware Scurries Into Machines via Cloud Servers

Dark Reading

Attackers use phishing emails that appear to come from reputable organizations, dropping the payload using public cloud servers and an old Windows UAC bypass technique.

Cloud 101