#SensitiveInformation

How Chinese insiders are stealing data scooped up by President Xi’s national surveillance system

by

December 8, 2024 at 12:09PM Chinese tech company employees and government workers are involved in a booming black market for user data, including sensitive information from high-ranking officials. This illegal ecosystem thrives on scams and fraud, using data harvested through state surveillance and compromised systems, raising significant privacy risks for individuals in China. ### Meeting … Read more

South Korea Fines Meta $15 Million for Illegally Collecting Information on Facebook Users

by

November 6, 2024 at 04:25AM South Korea’s privacy watchdog has imposed a $15 million fine on Meta for unlawfully collecting sensitive personal information from Facebook users. This action underscores growing concerns over data privacy and compliance with regulations in the region. **Meeting Takeaways:** 1. **Fine Imposed**: South Korea’s privacy watchdog has fined Meta 21.6 billion … Read more

South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers

by

November 6, 2024 at 02:36AM Meta has been fined $15.67 million by South Korea’s data privacy agency for illegally collecting sensitive data from about 980,000 Facebook users and sharing it with advertisers without consent. The watchdog cited failures in user consent and security measures, and will continue monitoring Meta’s compliance with regulations. ### Meeting Takeaways … Read more

Manufacturing Sector Under Fire From Microsoft Credential Thieves

by

August 28, 2024 at 12:00PM A threat actor has targeted the manufacturing sector with spear-phishing emails, impersonating real companies like Periscope Holdings and R.S. Hughes. When clicked, the emails direct victims to a counterfeit Microsoft page to input their password, allowing the hacker to harvest credentials and potentially compromise sensitive data. BlueVoyant researchers advise monitoring … Read more

Audit finds notable security gaps in FBI’s storage media management

by

August 25, 2024 at 12:48PM The Department of Justice’s Office of the Inspector General found “significant weaknesses” in FBI’s management and disposal of sensitive electronic media, posing potential security risks. After reviewing the meeting notes, it appears that an audit by the Department of Justice’s Office of the Inspector General has revealed “significant weaknesses” in … Read more

Chrome will redact credit cards, passwords when you share Android screen

by

August 18, 2024 at 02:03PM Google is testing a new feature for Chrome on Android that redacts sensitive form fields, like credit card details and passwords, during screen sharing and recording. The feature is under testing and may be available in Chrome Canary in the coming weeks. It aims to address the issue of leaking … Read more

Shoddy infosec costs PwC spinoff and NMA $11.3M in settlement with Uncle Sam

by

June 17, 2024 at 07:52PM Two consulting firms, Guidehouse and Nan McKay and Associates, agreed to pay a total of $11.3 million to settle allegations of cybersecurity failings in the rollout of COVID-19 assistance. The fines were split with Guidehouse paying $7.6 million and NMA $3.7 million. The firms failed to perform required cybersecurity testing, … Read more

Three Tips to Protect Your Secrets from AI Accidents

by

February 26, 2024 at 06:09AM OWASP published the “OWASP Top 10 For Large Language Models,” reflecting the evolving nature of Large Language Models and their potential vulnerabilities. The article discusses techniques like “prompt injection,” the accidental disclosure of secrets, and offers tips such as secret rotation, data cleaning, and regular patching to secure LLMs. From … Read more

BofA Warns Customers of Data Leak in Third-Party Breach

by

February 13, 2024 at 10:38AM LockBit ransomware’s attack on a technology partner resulted in the exposure of sensitive information, such as Social Security numbers, belonging to over 57,000 banking customers. Based on the meeting notes, the key takeaway is that a technology partner was attacked by LockBit ransomware, resulting in the exposure of sensitive information, … Read more

Konni Group Using Russian-Language Malicious Word Docs in Latest Attacks

by

November 23, 2023 at 10:06AM A new phishing attack carried out by a cyber espionage group called Konni has been observed. The attackers are using a Russian-language Microsoft Word document to deliver malware that can collect sensitive information from compromised Windows hosts. The group is known for targeting Russia and uses spear-phishing emails and malicious … Read more