π How to Protect Sensitive Data While Using ChatGPT and Other Generative AI Tools π
π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
Generative AI platforms like ChatGPT have emerged as a new frontier of data breaches, especially in the rise of hybrid work. Equipped with the function to generate various content and troubleshoot software bugs, these applications can leak training data and violate privacy. In their research, Work From Anywhere, Fortinet found that about 62 of organizations The post How to Protect Sensitive Data While Using ChatGPT and Other Generative AI Tools appeared first on UnderDefense.π Read more.
π Via "UnderDefense"
----------
ποΈ Seen on @cibsecurity
UnderDefense
Your Guide to Protecting Sensitive Data While Using ChatGPT
Discover how to keep your sensitive data safe while using ChatGPT. This guide covers best practices, privacy tips, and security measures to protect your information.
ποΈ URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
GitLab once again released fixes to address a critical security flaw in its Community Edition CE and Enterprise Edition EE that could be exploited to write arbitrary files while creating a workspace. Tracked as CVE20240402, the vulnerability has a CVSS score of 9.9 out of a maximum of 10. "An issue has been discovered in GitLab CEEE affecting all versions from 16.0 prior to.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
β€1
π Orange EspaΓ±a Breach: Dark Web Flooded With Operator Credentials π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Resecurity discovered over 1572 compromised customers from RIPE, APNIC, AFRINIC and LACNIC.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Orange EspaΓ±a Breach: Dark Web Flooded With Operator Credentials
Resecurity discovered over 1572 compromised customers from RIPE, APNIC, AFRINIC and LACNIC
ποΈ Brazilian Feds Dismantle Grandoreiro Banking Trojan, Arresting Top Operatives ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A Brazilian law enforcement operation has led to the arrest of several Brazilian operators in charge of the Grandoreiro malware. The Federal Police of Brazil said it served five temporary arrest warrants and 13 search and seizure warrants in the states of So Paulo, Santa Catarina, Par, Gois, and Mato Grosso. Slovak cybersecurity firm ESET, which provided additional.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π Schneider Electric Confirms Data Accessed in Ransomware Attack π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Energy firm Schneider Electric said a ransomware incident, reportedly perpetrated by the Cactus group, has led to data being accessed from its Sustainability Business division.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Schneider Electric Confirms Data Accessed in Ransomware Attack
Energy firm Schneider Electric said a ransomware incident, reportedly perpetrated by the Cactus group, has led to data being accessed from its Sustainability Business division
π» Apple accuses UK gov't of βunprecedented overreachβ on privacy π»
π Read more.
π Via "COMPUTERWORLD"
----------
ποΈ Seen on @cibsecurity
In the name of security, the UK government may well have put a cybersecurity target on the nations back, with Apple once again warning that proposed changes to the Investigatory Powers Act 2016 are a serious and direct threat to data security and information privacy.We are deeply concerned about the amendments to the Investigatory Powers Bill currently before Parliament, which will put the privacy and security of users at risk," Apple said in a statement. This is an unprecedented overreach by the government and, if implemented, the UK new user protections could be secretly vetoed globally, preventing us from ever delivering them to customers.To read this article in full, please click here.π Read more.
π Via "COMPUTERWORLD"
----------
ποΈ Seen on @cibsecurity
Computerworld
Apple accuses UK gov't of βunprecedented overreachβ on privacy
Apple warns that proposed UK laws are a βserious and direct threat to data security and information privacy.β
βοΈ Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider βοΈ
π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
On Jan. 9, 2024, U.S. authorities arrested a 19yearold Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIMswapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accused was a key member of a criminal hacking group blamed for a string of cyber intrusions at major U.S. technology companies during the summer of 2022.π Read more.
π Via "Krebs on Security"
----------
ποΈ Seen on @cibsecurity
Krebs on Security
Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider
On Jan. 9, 2024, U.S. authorities arrested a 19-year-old Florida man charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Sources close to the investigation tell KrebsOnSecurity the accusedβ¦
𧨠Was the Fake Joe Biden Robocall Created with AI? π§¨
π Read more.
π Via "McAfee"
----------
ποΈ Seen on @cibsecurity
As voters in the recent New Hampshire primary have found, a fake robocall of President Joe Biden has been making... The post Was the Fake Joe Biden Robocall Created with AI? appeared first on McAfee Blog.π Read more.
π Via "McAfee"
----------
ποΈ Seen on @cibsecurity
McAfee Blog
Was the Fake Joe Biden Robocall Created with AI? | McAfee Blog
As voters in the recent New Hampshire primary have found, a fake robocall of President Joe Biden has been making the rounds. Using AI voice-cloning
π΅οΈββοΈ Feds Reportedly Try to Disrupt 'Volt Typhoon' Attack Infrastructure π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The Chinalinked threat actor's attacks on US critical infrastructure organizations have alarmed American intelligence officials, Reuters says.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Feds Reportedly Try to Disrupt 'Volt Typhoon' Attack Infrastructure
The China-linked threat actor's attacks on US critical infrastructure organizations have alarmed American intelligence officials, Reuters says.
π΅οΈββοΈ Forcepoint Federal Rebrands As Everfox to Reflect New Era of Defense-Grade Cybersecurity π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Forcepoint Federal Rebrands As Everfox to Reflect New Era of Defense-Grade Cybersecurity
π΅οΈββοΈ Apple Warns iPhone Sideloading Changes Will Increase Cyber Threats π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The tech giant says that being more open to comply with EU regulations brings risks such as malware, fraud, and scams.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Apple Warns iPhone Sideloading Changes Will Increase Cyber Threats
The tech giant says that being more open to comply with EU regulations brings risks such as malware, fraud, and scams.
π΅οΈββοΈ 'Cactus' Ransomware Strikes Schneider Electric π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Schneider's Sustainability division, which provides software and consulting services to enterprises, was felled by cybercriminals in midJanuary.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
'Cactus' Ransomware Strikes Schneider Electric
Schneider's Sustainability division, which provides software and consulting services to enterprises, was felled by cybercriminals in mid-January.
π1
π΅οΈββοΈ Ivanti Zero-Day Patches Delayed as 'KrustyLoader' Attacks Mount π΅οΈββοΈ
π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
The RCEauth bypass bugs in Connect Secure VPNs have gone unpatched for 20 days as statesponsored groups continue to backdoor Ivanti gear.π Read more.
π Via "Dark Reading"
----------
ποΈ Seen on @cibsecurity
Darkreading
Ivanti Zero-Day Patches Delayed as 'KrustyLoader' Attacks Mount
The RCE/auth bypass bugs in Connect Secure VPNs have gone unpatched for 20 days as state-sponsored groups continue to backdoor Ivanti gear.
π1
π’ From complexity to clarity: The channel opportunity in streamlining cyber security π’
π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
Upcoming legislation and a rapidly evolving threat landscape means organizations can't afford to lose track of security transformation plans and the channel can play a key role in bolstering defenses.π Read more.
π Via "ITPro"
----------
ποΈ Seen on @cibsecurity
ITPro
From complexity to clarity: The channel opportunity in streamlining cyber security
Upcoming legislation and a rapidly evolving threat landscape means organizations can't afford to lose track of security transformation plans - and the channel can play a key role in bolstering defenses
ποΈ New Glibc Flaw Grants Attackers Root Access on Major Linux Distros ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library aka glibc. Tracked as CVE20236246, the heapbased buffer overflow vulnerability is rooted in glibc's vsysloginternal function, which is used by syslog and vsyslog for system logging purposes. It's said to have been accidentally.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Chinese Hackers Exploiting VPN Flaws to Deploy KrustyLoader Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A pair of recently disclosed zeroday flaws in Ivanti Connect Secure ICS virtual private network VPN devices have been exploited to deliver a Rustbased payload called KrustyLoader that's used to drop the opensource Sliver adversary simulation tool. The security vulnerabilities, tracked as CVE202346805 CVSS score 8.2 and CVE202421887 CVSS score 9.1, could be abused.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
π City Cyber Taskforce Launches to Secure Corporate Finance π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
A new initiative led by the ICAEW and NCSC launches today to improve cybersecurity during deals and investments.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
City Cyber Taskforce Launches to Secure Corporate Finance
A new initiative led by the ICAEW and NCSC launches today to help improve cybersecurity during deals and investments
π Citibank Sued For Failing to Protect Fraud Victims π
π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
New York attorney general launches legal case against Citi for failing to reimburse or protect fraud victims.π Read more.
π Via "Infosecurity Magazine"
----------
ποΈ Seen on @cibsecurity
Infosecurity Magazine
Citibank Sued For Failing to Protect Fraud Victims
New York attorney general launches legal case against Citi for failing to reimburse or protect fraud victims
π¦Ώ Gift Yourself a Year of Online Protection for Only $50 Through 2/4 π¦Ώ
π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
Requesting the removal of your most confidential data from the internet is a complicated process unless you have Incogni, which can do it in a few clicks.π Read more.
π Via "Tech Republic"
----------
ποΈ Seen on @cibsecurity
TechRepublic
Gift Yourself a Year of Online Protection for Only $50 Through 2/4
Requesting the removal of your most confidential data from the internet is a complicated process unless you have Incogni, which can do it in a few clicks.
ποΈ The SEC Won't Let CISOs Be: Understanding New SaaS Cybersecurity Rules ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
The SEC isnt giving SaaS a free pass. Applicable public companies, known as registrants, are now subject to cyber incident disclosure and cybersecurity readiness requirements for data stored in SaaS systems, along with the 3rd and 4th party apps connected to them. The new cybersecurity mandates make no distinction between data exposed in a breach that was stored onpremise, in the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
ποΈ Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware ποΈ
π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity
A financially motivated threat actor known as UNC4990 is leveraging weaponized USB devices as an initial infection vector to target organizations in Italy. Googleowned Mandiant said the attacks single out multiple industries, including health, transportation, construction, and logistics. "UNC4990 operations generally involve widespread USB infection followed by the deployment of the.π Read more.
π Via "The Hacker News"
----------
ποΈ Seen on @cibsecurity