October 12, 2023 at 07:28AM A new report by LayerX highlights the risks associated with data exposure in ChatGPT and similar AI applications. The report suggests that traditional file-based data protection solutions are inadequate for handling these risks and recommends the use of browser security platforms for real-time monitoring and governance. Employee usage of GenAI … Read more
October 12, 2023 at 06:26AM Researchers at Approov have discovered that encryption, authentication, and signing keys are frequently exposed in mobile fintech apps used in Africa. The study found that when the top 10 revenue and download-generating apps were reverse-engineered, passwords, API keys, and private keys for cryptography were exposed. The researchers also identified that … Read more
October 11, 2023 at 03:40PM China-sponsored APT Storm-0062 is responsible for exploiting a critical bug in Atlassian Confluence Server, according to Microsoft. Proof-of-concept exploits are now available, indicating potential mass exploitation. The vulnerability (CVE-2023-22515) allows remote code execution without authentication. Microsoft identified four IP addresses associated with the exploit and warned of the creation of … Read more
October 11, 2023 at 11:41AM Attackers are using a new method of certificate abuse to spread info-stealing malware, including stealing cryptocurrency from Windows systems. The campaign involves search engine optimization poisoning to deliver malicious pages promoting illegal software downloads. The malware uses special certificates with long strings of non-English characters, making them difficult to detect. … Read more
October 11, 2023 at 10:35AM Microsoft Copilot is an AI assistant integrated into Microsoft 365 apps that aims to improve productivity by searching and compiling data across documents, presentations, emails, and more. However, this access to sensitive data raises security concerns for information security teams. Varonis offers a Data Security Platform that can help address … Read more
October 11, 2023 at 05:19AM The UK Extension to the EU-US Data Privacy Framework, also known as the Data Bridge, will allow for the transfer of personal data from the UK to the US starting on October 12. This is necessary due to the UK no longer being a member of the EU. However, the … Read more