June 7, 2024 at 03:08PM Christie’s auction house faced a security breach by the RansomHub gang, compromising customer data between May 8 and 9. Christie’s responded by securing its network, engaging cybersecurity experts, and cooperating with law enforcement. The breach notification assured affected individuals that no misuse of their data had been detected. Christie’s also … Read more
June 7, 2024 at 01:09PM Microsoft has responded to public pressure by changing the default settings for its Windows Recall feature on Copilot+ PCs. Following criticism about security and privacy risks, the company announced that the feature will now be off by default, with additional security measures such as encryption and user authentication requirements. Microsoft … Read more
June 7, 2024 at 12:40PM Microsoft is updating its AI-powered Recall feature for Copilot+ PCs following customer pushback. The feature will now require user opt-in and Windows Hello verification for use. Additionally, Recall’s data encryption and security measures are being enhanced. These updates will be released with Recall’s preview on June 18, with potential changes … Read more
June 7, 2024 at 08:06AM Google is advising Android app developers to responsibly implement generative artificial intelligence (GenAI) features to combat problematic content, such as sexual content and hate speech. Meanwhile, Meta’s use of public data for AI has prompted privacy concerns and a GDPR complaint. Microsoft’s Recall feature is facing scrutiny due to privacy … Read more
June 6, 2024 at 01:59PM The Mallox ransomware group has introduced a new Linux variant that targets VMware ESXi environments. This variant uses a custom shell to execute ransomware on virtualized systems with high-level user privileges. The group has targeted various sectors and is now active in Taiwan, India, Thailand, and South Korea. Organizations are … Read more
June 6, 2024 at 01:57PM Hackers are targeting GitHub repositories, wiping content, and directing victims to Telegram. This follows an ongoing campaign spotted by security researcher Germán Fernández. The threat actor, Gitloker, claims to back up and secure data but demands victims reach out on Telegram. GitHub advises users to strengthen security measures and monitor … Read more
June 6, 2024 at 11:18AM Pandabuy, a Chinese shopping platform, revealed to BleepingComputer that it paid a ransom to prevent stolen data from being leaked. The threat actor, known as ‘Sanggiero’, attempted to extort the company again, claiming to have 17 million rows of data. Pandabuy confirmed fixing previous vulnerabilities and ceased cooperation with the … Read more
June 4, 2024 at 10:05AM Privacy campaign group, Noyb, petitions Austrian data protection authority to investigate Microsoft 365 Education for potential breaches of GDPR transparency provisions. Noyb argues that Microsoft shifts data protection obligations onto schools, fails to comply with data access rights, and tracks users without consent. They call for authorities to enforce minor’s … Read more
June 4, 2024 at 07:06AM Snowflake, in collaboration with CrowdStrike and Mandiant, has reported a targeted campaign against a limited number of its customers. The company recommends enabling multi-factor authentication and limiting network traffic to trusted locations to prevent unauthorized access. U.S. CISA and ACSC issued alerts, and it’s advised to look for signs of … Read more
June 3, 2024 at 04:07AM Hugging Face, an AI tool development company, reported unauthorized access to its Spaces platform, potentially exposing a subset of Spaces’ secrets. The company has revoked compromised tokens, advised users to refresh keys and switch to fine-grained access tokens, and engaged external forensics experts. It has also made significant security improvements … Read more