February 11, 2024 at 12:39PM ExpressVPN removed split tunneling from versions 12.23.1 to 12.72.0 after a bug exposed user browsing domains to configured DNS servers. This impacted 1% of Windows users. Upgrading to version 12.73.0 removes split tunneling, to be reintroduced after bug fix. If unable to upgrade, disabling split tunneling or using version 10 … Read more
February 8, 2024 at 12:32PM The upcoming Super Bowl matchup poses significant security challenges. The NFL’s digitization creates vulnerabilities, including API-related attacks, synthetic identity fraud, privacy violations by betting apps, and risks associated with unauthorized streaming sites. The league and other stakeholders are actively preparing and implementing security measures to safeguard fans, players, and sensitive … Read more
February 7, 2024 at 03:18PM Danish data protection authority orders 53 municipalities to stop sending student data to Google without a legal basis. They must document data processing, ensure Google complies with regulations, and limit data use to authorized purposes. The authority allows use of Google Workspace for educational services but restricts other purposes. Municipalities … Read more
February 6, 2024 at 04:58PM Mozilla expanded its privacy-monitoring service with Monitor Plus, aiming to remove subscribers’ data from data brokers’ sites for $8.99/month. This move reflects revenue diversification efforts and responds to growing privacy concerns. The service, offering wider data removal coverage than competitors, anticipates the influence of upcoming data protection laws and regulations. … Read more
February 6, 2024 at 01:06PM The UAE’s head of cybersecurity expresses concern over VPN misuse in the country. With 61.7% VPN adoption rate, high usage is attributed to strict internet regulations and to access restricted content. However, the government forbids illegal VPN use and warns of penalties. Widespread usage poses challenges for cybersecurity and law … Read more
February 6, 2024 at 05:38AM A Singapore-based cybersecurity firm, Group-IB, uncovered a new threat actor, ResumeLooters, targeting employment agencies and retail companies in the Asia-Pacific region. The group aims to steal sensitive data from job search platforms, compromising over 65 websites and collecting millions of user data records. The stolen information is then sold on … Read more
February 2, 2024 at 06:06PM The security community should shift focus to generative artificial intelligence (GenAI) risks, particularly prompt injection, which involves inserting text to manipulate large language models (LLMs). This method allows attackers to trigger unintended actions or access sensitive information. Recognizing prompt injection as a top security concern is crucial as cyber threats … Read more
February 1, 2024 at 09:18AM Ransomware gang LockBit has targeted a Chicago children’s hospital, breaking its policy of not attacking nonprofits. The criminals demand an $800,000 ransom, showing disregard for the hospital’s financial situation. Patient data was copied, and the hospital is working with authorities to manage the breach. Cybersecurity experts highlight the evolving nature … Read more
January 30, 2024 at 11:54AM Italian regulators informed OpenAI that its ChatGPT chatbot violated the European Union’s data privacy regulations. The country’s data protection authority, Garante, discovered breaches and temporarily banned the chatbot in Italy. OpenAI has 30 days to respond to the allegations. Regulators in the U.S. and EU are also examining AI startups … Read more
January 30, 2024 at 06:12AM The Italian data protection authority has accused OpenAI of violating GDPR laws regarding ChatGPT’s data collection, leading to a 30-day response window. Similar concerns arise with Google’s Bard chatbot, while Apple opposes proposed U.K. Investigatory Powers Act amendments, citing threats to user privacy and security updates. This ongoing issue highlights … Read more