02 Aug 2023
By Mary

InfoSec News Nuggets 08/02/2023

A New Attack Impacts Major AI Chatbots—and No One Knows How to Stop It CHATGPT AND ITS artificially intelligent siblings have been tweaked over and over to prevent troublemakers from getting them to spit out undesirable messages such as hate speech, personal information, or step-by-step instructions for building an improvised bomb. But researchers at Carnegie Mellon University last week showed that adding a simple incantation to a prompt—a string text that might look like gobbledygook…
Read More
18 Jul 2023
By Mary

InfoSec News Nuggets 07/18/2023

JumpCloud says nation-state hackers breached its systems Identity and access management firm JumpCloud says it reset customers’ API keys after nation-state hackers breached its systems. JumpCloud, a directory platform that allows enterprises to authenticate, authorize, and manage users and devices, last week told customers that it had reset their API keys “out of an abundance of caution” due to an ongoing, but unspecified security incident. In a post-mortem of the incident published, JumpCloud said it…
Read More
09 Mar 2023
By Mary

InfoSec News Nuggets 03/09/2023

Meta’s powerful AI language model has leaked online — what happens now?  Two weeks ago, Meta announced its latest AI language model: LLaMA. Though not accessible to the public like OpenAI’s ChatGPT or Microsoft’s Bing, LLaMA is Meta’s contribution to a surge in AI language tech that promises new ways to interact with our computers as well as new dangers. Meta did not release LLaMA as a public chatbot (though the Facebook owner is building those too) but as an open-source package that anyone in the AI…
Read More
15 Dec 2022
By Mary

InfoSec News Nuggets 12/15/2022

Meta Sued For Billions Over Incitement To Violence In Ethiopia A little over a year ago, Professor Meareg Amare Abrha was shot outside his home and left to bleed to death. The chemistry professor, an ethnic Tigrayan, had been named in a series of Facebook posts alleging that he had stolen equipment from Ethiopia's Bahir Dar University, where he worked. Some of the posts gave the neighborhood where he lived and called for his death.…
Read More
29 Nov 2022
By Mary

InfoSec News Nuggets 11/29/2022

Gangs of cybercriminals are expanding across Africa, investigators say Police and investigators fear organised gangs of fraudsters are expanding across sub-Saharan Africa, exploiting new opportunities as a result of the Covid-19 pandemic and the global economic crisis to make huge sums with little risk of being caught. The growth will have a direct impact on the rest of the world, where many victims of “hugely lucrative” fraud live, senior police officials have said. Experts attribute…
Read More
22 Nov 2022
By Mary

InfoSec News Nuggets 11/22/2022

India To Ease Up On Cross-Border Data Transfers India has relaxed its planned restrictions on cross-border data flows, with a revision to its planned data protection laws. The new Digital Personal Data Protection Bill 2022 will allow the transfer of personal data to certain other nations and proposes GDPR-style restrictions on the ways in which companies use that data. There are penalties of up to around $31 million for failing to prevent a data breach,…
Read More
18 Nov 2022
By Mary

InfoSec News Nuggets 11/18/2022

Hive Ransomware Attackers Extorted $100 Million from Over 1,300 Companies Worldwide The threat actors behind the Hive ransomware-as-a-service (RaaS) scheme have launched attacks against over 1,300 companies across the world, netting the gang $100 million in illicit payments as of November 2022. "Hive ransomware has targeted a wide range of businesses and critical infrastructure sectors, including government facilities, communications, critical manufacturing, information technology, and — especially — Healthcare and Public Health (HPH)," U.S. cybersecurity and…
Read More
07 Oct 2022
By Mary

InfoSec News Nuggets 10/07/2022

TikTok's "secret operation" tracks you even if you don't use it  Consumer Reports (CR), a US-based nonprofit consumer organization, has revealed that TikTok gathers data on people who don't even use the app itself. If this sounds familiar, it's because it's happened before. Meta's near-omnipresence wherever you are online enabled it to gather data on users, even those who don't have Facebook accounts—thanks, in part, to the Facebook "Like" button, a piece of code embedded on most websites. According…
Read More
23 Sep 2022
By Mary

InfoSec News Nuggets 09/23/2022

Denmark latest to conclude Google Analytics is unlawful The Danish Data Protection Agency (DPA), Datatilsynet, has become the fourth national regulator to conclude that the manner in which companies are currently using Google Analytics breaches European Union regulations that demand stricter safeguards for personal data moved outside the bloc. In a judgement published on Wednesday, the regulator said that the use of Google's popular tool is illegal because it enables companies to move users' data outside the…
Read More
25 Aug 2022
By Mary

InfoSec News Nuggets 08/25/2022

University can’t scan students’ rooms during remote tests, judge rules An Ohio judge has ruled that a Cleveland State University’s virtual scan of a student’s room prior to an online test was unconstitutional. The ruling marks a victory for digital privacy advocates around the country, who have spoken loudly against the practices of online test proctoring for many years. Chemistry student Aaron Ogletree sat for an online test in the spring 2021 semester. Ogletree was…
Read More
25 Jan 2022
By Mary

InfoSec News Nuggets 01/25/2022

Russian Authorities Arrest Head of International Cybercrime Group Four individuals believed to be members of the international cyber theft ring known as the “Infraud Organization” were arrested in Russia, news agency TASS reports. Allegedly created in 2010 by Svyatoslav Bondarenko, of Ukraine, the cybercrime group was involved in the theft, sale, and dissemination of personally identifiable information (PII), credit card data, and malware, among others. In 2018, the United States Department of Justice (DoJ) announced charges…
Read More
18 Jan 2022
By Mary

InfoSec News Nuggets 01/18/2022

Meta faces billion-pound class-action case Up to 44 million UK Facebook users could share £2.3bn in damages, according to a competition expert intending to sue parent company Meta. Dr Liza Lovdahl Gormsen alleges Meta "abused its market dominance" to set an "unfair price" for free use of Facebook - UK users' personal data. She intends to bring the case to the Competition Appeal Tribunal. A Meta representative said users had "meaningful control" of what information…
Read More
04 Nov 2021
By Mary

InfoSec News Nuggets 11/04/2021

Toronto subways hit by ransomware as US lawmakers slam 'burdensome' cybersecurity rules The Toronto Transit Commission (TTC) -- which runs the city's public transportation system -- reported a ransomware attack this weekend that forced conductors to use radio, crippled the organization's email system and made schedule information on platforms and apps unavailable. In a statement on Friday, the TTC said it confirmed it was the victim of a ransomware attack after its IT staff "detected unusual network activity…
Read More
29 Oct 2021
By Mary

InfoSec News Nuggets 10/29/2021

In the middle of a crisis, Facebook Inc. renames itself Meta Facebook Inc. is now called Meta Platforms Inc., or Meta for short, to reflect what CEO Mark Zuckerberg said Thursday is its commitment to developing the new surround-yourself technology known as the “ metaverse.” But the social network itself will still be called Facebook. Also unchanged, at least for now, are its chief executive and senior leadership, its corporate structure and the crisis that has…
Read More