InfoSec News Nuggets 9/30/2024

Microsoft: Windows Recall now can be removed, is more secure Microsoft has announced security and privacy upgrades to its AI-powered Windows Recall feature, which now can be removed and has stronger default protection for user data and tighter access controls. Today's announcement comes in response to customer pushback requesting stronger default data privacy and security protections, which prompted the company to delay its public release by making it first available for preview with Windows Insiders. Redmond also…
Read More

InfoSec News Nuggets 8/2/2024

Meta Settles for $1.4 Billion with Texas Over Illegal Biometric Data Collection Meta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state of Texas over allegations that it illegally collected biometric data of millions of users without their permission, marking one of the largest penalties levied by regulators against the tech giant. "This historic settlement demonstrates our commitment to standing up to the world's biggest…
Read More

InfoSec News Nuggets 1/26/2024

Meta announces steps to protect teens from unwanted contact on Instagram and Facebook  On Thursday (Jan. 25), Meta detailed a few new ways parents can better safeguard their teens on Instagram and Facebook. Adam Mosseri, Head of Instagram, shared a quick video on the platform explaining that a new set of "stricter messaging" settings are arriving. These settings for children under 16 and under 18 in other regions will help parents ensure they don't receive…
Read More

InfoSec News Nuggets 08/02/2023

A New Attack Impacts Major AI Chatbots—and No One Knows How to Stop It CHATGPT AND ITS artificially intelligent siblings have been tweaked over and over to prevent troublemakers from getting them to spit out undesirable messages such as hate speech, personal information, or step-by-step instructions for building an improvised bomb. But researchers at Carnegie Mellon University last week showed that adding a simple incantation to a prompt—a string text that might look like gobbledygook…
Read More

InfoSec News Nuggets 07/18/2023

JumpCloud says nation-state hackers breached its systems Identity and access management firm JumpCloud says it reset customers’ API keys after nation-state hackers breached its systems. JumpCloud, a directory platform that allows enterprises to authenticate, authorize, and manage users and devices, last week told customers that it had reset their API keys “out of an abundance of caution” due to an ongoing, but unspecified security incident. In a post-mortem of the incident published, JumpCloud said it…
Read More

InfoSec News Nuggets 03/09/2023

Meta’s powerful AI language model has leaked online — what happens now?  Two weeks ago, Meta announced its latest AI language model: LLaMA. Though not accessible to the public like OpenAI’s ChatGPT or Microsoft’s Bing, LLaMA is Meta’s contribution to a surge in AI language tech that promises new ways to interact with our computers as well as new dangers. Meta did not release LLaMA as a public chatbot (though the Facebook owner is building those too) but as an open-source package that anyone in the AI…
Read More

InfoSec News Nuggets 12/15/2022

Meta Sued For Billions Over Incitement To Violence In Ethiopia A little over a year ago, Professor Meareg Amare Abrha was shot outside his home and left to bleed to death. The chemistry professor, an ethnic Tigrayan, had been named in a series of Facebook posts alleging that he had stolen equipment from Ethiopia's Bahir Dar University, where he worked. Some of the posts gave the neighborhood where he lived and called for his death.…
Read More

InfoSec News Nuggets 11/29/2022

Gangs of cybercriminals are expanding across Africa, investigators say Police and investigators fear organised gangs of fraudsters are expanding across sub-Saharan Africa, exploiting new opportunities as a result of the Covid-19 pandemic and the global economic crisis to make huge sums with little risk of being caught. The growth will have a direct impact on the rest of the world, where many victims of “hugely lucrative” fraud live, senior police officials have said. Experts attribute…
Read More

InfoSec News Nuggets 11/22/2022

India To Ease Up On Cross-Border Data Transfers India has relaxed its planned restrictions on cross-border data flows, with a revision to its planned data protection laws. The new Digital Personal Data Protection Bill 2022 will allow the transfer of personal data to certain other nations and proposes GDPR-style restrictions on the ways in which companies use that data. There are penalties of up to around $31 million for failing to prevent a data breach,…
Read More

InfoSec News Nuggets 11/18/2022

Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information technology, and — especially — Healthcare and Public Health (HPH)," U.S. cybersecurity and…
Read More

InfoSec News Nuggets 10/07/2022

TikTok's "secret operation" tracks you even if you don't use it  Consumer Reports (CR), a US-based nonprofit consumer organization, has revealed that TikTok gathers data on people who don't even use the app itself. If this sounds familiar, it's because it's happened before. Meta's near-omnipresence wherever you are online enabled it to gather data on users, even those who don't have Facebook accounts—thanks, in part, to the Facebook "Like" button, a piece of code embedded on most websites. According…
Read More

InfoSec News Nuggets 09/23/2022

Denmark latest to conclude Google Analytics is unlawful The Danish Data Protection Agency (DPA), Datatilsynet, has become the fourth national regulator to conclude that the manner in which companies are currently using Google Analytics breaches European Union regulations that demand stricter safeguards for personal data moved outside the bloc. In a judgement published on Wednesday, the regulator said that the use of Google's popular tool is illegal because it enables companies to move users' data outside the…
Read More

InfoSec News Nuggets 08/25/2022

University can’t scan students’ rooms during remote tests, judge rules An Ohio judge has ruled that a Cleveland State University’s virtual scan of a student’s room prior to an online test was unconstitutional. The ruling marks a victory for digital privacy advocates around the country, who have spoken loudly against the practices of online test proctoring for many years. Chemistry student Aaron Ogletree sat for an online test in the spring 2021 semester. Ogletree was…
Read More

InfoSec News Nuggets 01/25/2022

Russian Authorities Arrest Head of International Cybercrime Group Four individuals believed to be members of the international cyber theft ring known as the “Infraud Organization” were arrested in Russia, news agency TASS reports. Allegedly created in 2010 by Svyatoslav Bondarenko, of Ukraine, the cybercrime group was involved in the theft, sale, and dissemination of personally identifiable information (PII), credit card data, and malware, among others. In 2018, the United States Department of Justice (DoJ) announced charges…
Read More

InfoSec News Nuggets 01/18/2022

Meta faces billion-pound class-action case Up to 44 million UK Facebook users could share £2.3bn in damages, according to a competition expert intending to sue parent company Meta. Dr Liza Lovdahl Gormsen alleges Meta "abused its market dominance" to set an "unfair price" for free use of Facebook - UK users' personal data. She intends to bring the case to the Competition Appeal Tribunal. A Meta representative said users had "meaningful control" of what information…
Read More

InfoSec News Nuggets 11/04/2021

Toronto subways hit by ransomware as US lawmakers slam 'burdensome' cybersecurity rules The Toronto Transit Commission (TTC) -- which runs the city's public transportation system -- reported a ransomware attack this weekend that forced conductors to use radio, crippled the organization's email system and made schedule information on platforms and apps unavailable. In a statement on Friday, the TTC said it confirmed it was the victim of a ransomware attack after its IT staff "detected unusual network activity…
Read More

InfoSec News Nuggets 10/29/2021

In the middle of a crisis, Facebook Inc. renames itself Meta Facebook Inc. is now called Meta Platforms Inc., or Meta for short, to reflect what CEO Mark Zuckerberg said Thursday is its commitment to developing the new surround-yourself technology known as the “ metaverse.” But the social network itself will still be called Facebook. Also unchanged, at least for now, are its chief executive and senior leadership, its corporate structure and the crisis that has…
Read More