May 30, 2024 at 01:21PM Microsoft introduces Windows Recall, using AI to create a searchable digital memory of every activity on a Windows computer. The feature has raised privacy concerns with its frequent screen snapshots and local storage of user data. While Microsoft emphasizes local processing and encryption, security experts and privacy advocates remain wary … Read more
May 30, 2024 at 11:52AM Everbridge, a crisis management software company, revealed a breach where attackers accessed business and user data. The breach used employee-targeted phishing and affects customer data. Everbridge is working with experts to evaluate the impact and is implementing multi-factor authentication for all accounts by June 3, following the advice to guard … Read more
May 30, 2024 at 10:12AM The BBC has emailed over 25,000 current and former employees regarding a security breach involving their pension scheme’s personal data. The incident, discovered by the BBC’s infosec team, led to the theft of personal information from a database. The affected members have been offered credit monitoring and additional security measures … Read more
May 30, 2024 at 08:48AM GenAI is a key focus for enterprise IT strategies, with security teams working to establish best practices. They must ensure data privacy, content accuracy, responsible usage, and security-focused design and development. By addressing these four areas, security teams can understand and enhance the safety and reliability of GenAI technology. Based … Read more
May 29, 2024 at 11:00AM Transcend, a data privacy startup, concluded a $40 million Series B funding round, bringing its total funding to $90 million. The funding was provided by StepStone Group, 01 Advisors, Accel, and other investors. Transcend, founded in 2017, offers a unified privacy and data governance platform, with 12 products, serving global … Read more
May 28, 2024 at 09:33AM Christie’s has confirmed a data breach after a ransomware group claimed responsibility. The breach occurred earlier this month, leading to unauthorized access and theft of client data. The gang demands a ransom and has leaked a sample of the stolen data. Christie’s is handling the situation and exploring options for … Read more
May 24, 2024 at 09:59AM In October 2023, the SEC filed a landmark lawsuit against SolarWinds Corp. and its CISO, Timothy Brown, over alleged false statements about cybersecurity. CISOs should enhance communication with financial teams, ensure all statements are rigorously reviewed, maintain top-notch security policies, collaborate with assurance providers, and seek legal counsel amidst evolving … Read more
May 23, 2024 at 10:08AM The commentary highlights the growing use of large language models (LLMs) and the associated security risks. An incident involving a compromised chatbot raises concerns about the potential exploitation of LLMs for extracting sensitive data. The author provides best practices for securing LLMs, emphasizing the need for proactive monitoring, hardened prompts, … Read more
May 23, 2024 at 01:51AM CloudSEK has warned of scammers selling fake code masquerading as NSO Group’s Pegasus spyware. The firm alleges that threat actors are distributing their own tools under Pegasus’s name to profit from its infamy. CloudSEK researchers discovered fake spyware offered for sale on various platforms and noted a shift in Apple’s … Read more
May 23, 2024 at 01:42AM Microsoft announced the deprecation of Visual Basic Script (VBScript) in favor of advanced alternatives like JavaScript and PowerShell. The plan will be implemented in three phases, ultimately eliminating VBScript from Windows. Additionally, Microsoft’s Recall feature has raised privacy concerns, with the U.K. Information Commissioner’s Office seeking transparency and safeguards for … Read more