What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2023-03-14 13:00:00 | CyberheistNews Vol 13 #11 [Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears (lien direct) |
CyberheistNews Vol 13 #11 | March 14th, 2023
[Heads Up] Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears
Robert Lemos at DARKReading just reported on a worrying trend. The title said it all, and the news is that more than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. Yikes.
I'm giving you a short extract of the story and the link to the whole article is below.
"Employees are submitting sensitive business data and privacy-protected information to large language models (LLMs) such as ChatGPT, raising concerns that artificial intelligence (AI) services could be incorporating the data into their models, and that information could be retrieved at a later date if proper data security isn't in place for the service.
"In a recent report, data security service Cyberhaven detected and blocked requests to input data into ChatGPT from 4.2% of the 1.6 million workers at its client companies because of the risk of leaking confidential info, client data, source code, or regulated information to the LLM.
"In one case, an executive cut and pasted the firm's 2023 strategy document into ChatGPT and asked it to create a PowerPoint deck. In another case, a doctor input his patient's name and their medical condition and asked ChatGPT to craft a letter to the patient's insurance company.
"And as more employees use ChatGPT and other AI-based services as productivity tools, the risk will grow, says Howard Ting, CEO of Cyberhaven.
"'There was this big migration of data from on-prem to cloud, and the next big shift is going to be the migration of data into these generative apps," he says. "And how that plays out [remains to be seen] - I think, we're in pregame; we're not even in the first inning.'"
Your employees need to be stepped through new-school security awareness training so that they understand the risks of doing things like this.
Blog post with links:https://blog.knowbe4.com/employees-are-feeding-sensitive-biz-data-to-chatgpt-raising-security-fears
[New PhishER Feature] Immediately Add User-Reported Email Threats to Your M365 Blockl |
Ransomware Data Breach Spam Malware Threat Guideline Medical | ChatGPT ChatGPT | ★★ |
 |
2023-03-14 10:00:00 | Broken Object Level Authorization: API security\'s worst enemy (lien direct) | The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. According to the Open Web Application Security Project (OWASP, 2019), broken object-level authorization (BOLA) is the most significant vulnerability confronting modern application programming interfaces (APIs). It can be exciting to pursue innovations in the API area, but while doing so, programmers must ensure that they are adequately attentive to security concerns and that they develop protocols that can address such concerns. This article will describe the problem of BOLA and its consequences, and then it will present potential actions that can be taken to solve the problem. The problem OWASP (2019) indicates the following regarding BOLA: “Attackers can exploit API endpoints that are vulnerable to broken object-level authorization by manipulating the ID of an object that is sent within the request” (para. 1). For example, a hacker may access information regarding how various shops make requests to an e-commerce platform. The hacker may then observe that a certain pattern exists in the codes for these requests. If the hacker can gain access to the codes and has the authorization to manipulate them, then they could establish a different endpoint in the code and thereby redirect all the data to themselves. The exploitation of BOLA vulnerabilities is very common because, without the implementation of an authorization protocol, APIs essentially have no protection whatsoever against hackers. To attack this kind of APIs, the hacker only needs the capability to access request code systems and intercept data by manipulating the codes, which can be done rather easily by anyone who has the requisite skills and resources (Viriya & Muliono, 2021). APIs that do not have security measures in place are thus simply hoping that no one will know how to conduct such an attack or have the desire to do so. Once a willing hacker enters the picture, however, the APIs would have no actual protections to stop the hacker from gaining access to the system and all the data contained within it and transmitted across it. The consequences BOLA attacks have significant consequences in terms of data security: “Unauthorized access can result in data disclosure to unauthorized parties, data loss, or data manipulation. Unauthorized access can also lead to full account takeover” (OWASP, 2019, para. 3). In short, BOLA attacks produce data breaches. Stories about data breaches are all too common in the news, with a very recent one involving a healthcare organization in Texas (Marfin, 2022). While not all data breaches are the result of BOLA attacks, many of them are, given that BOLA is a very common vulnerability in APIs. The specific consequences of a successful BOLA attack, as well as the magnitude of those consequences, would depend on the target of the attack. For example, if the target is a healthcare organization, then the data breach could lead to hackers gaining access to patients' private health insurance. If the target is a bank, then the hackers would likely be able to access customers’ social security numbers. If the target is an e-commerce website, then data regarding customers’ credit card numbers and home addresses would be compromised. In all cases, the central consequence of a BOLA attack is that hackers can gain access to personal information due to a lack of adequate security measures within the APIs in question. The solution The solution to BOLA is for programmers to implement authorization protocols for accessing any d | Data Breach Vulnerability Guideline | ★★★ | |
 |
2023-03-13 16:18:58 | AT&T Data Breach Hits Nine Million Customer Accounts (lien direct) | In the AT&T data breach, nine million user accounts were compromised after a third-party marketing partner was breached. As a result of the breach, customer data, including first names, account numbers, phone numbers, and email addresses, were exposed. Nonetheless, the compromise did not have an impact on AT&T’s own systems. Customers of AT&T have been […] | Data Breach | ★★ | |
 |
2023-03-13 15:51:33 | LA housing authority discloses data breach after ransomware attack (lien direct) | The Housing Authority of the City of Los Angeles (HACLA) is warning of a "data security event" after the LockBit ransomware gang targeted the organization and leaked data stolen in the attack. [...] | Ransomware Data Breach | ★★ | |
 |
2023-03-13 14:11:33 | Expert commentary: AT&T data breach (lien direct) | After the news that AT&T have alerted nine million customers of a data breach after vendor hack, Matt Aldridge, Principal Solutions Consultant at OpenText Cybersecurity: - Malware Update | Data Breach | ★★ | |
 |
2023-03-13 11:16:54 | Zoll Medical Data Breach Impacts 1 Million Individuals (lien direct) | >Zoll Medical is notifying one million individuals that their personal information was compromised in a data breach earlier this year. | Data Breach Medical | ★★ | |
 |
2023-03-11 14:00:00 | How a Catholic Group Doxed Gay Priests (lien direct) | Plus: A data breach exposes Washington, Ring camera footage has a new problem, and the George Santos scandal slips into the world of cybercrime. | Data Breach | ★★★ | |
|
2023-03-10 13:39:39 | Millions of AT&T Customers Notified of Data Breach at Third-Party Vendor (lien direct) | AT&T is notifying millions of wireless customers that their CPNI was compromised in a data breach at a third-party vendor. | Data Breach | ★★ | |
|
2023-03-10 10:43:16 | Mental health provider Cerebral alerts 3.1M people of data breach (lien direct) | Healthcare platform Cerebral is sending data breach notices to 3.18 million people who have interacted with its websites, applications, and telehealth services. [...] | Data Breach | ★★ | |
 |
2023-03-10 10:37:01 | Third-Party Breach Led to Exposure of 9M AT&T Customers\' Information (lien direct) | Recently, AT&T revealed that a data breach in January compromised the personal information of about 9 million of their... | Data Breach | ★★★ | |
 |
2023-03-10 04:16:00 | AT&T informs 9M customers about data breach (lien direct) | The company's marketing vendor suffered a security failure in January and exposed CPNI data that included first names, wireless account numbers, wireless phone numbers, and email addresses. | Data Breach | ★★★ | |
 |
2023-03-09 18:15:00 | DC healthcare exchange breach leaked sensitive data of Congress members, staff (lien direct) |
A data breach involving Washington, D.C.'s healthcare exchange platform includes sensitive information of Congress members and staff, the legislative body was informed on Wednesday. According to a letter from Catherine Szpindor, the House's chief administrative officer, the breach leaked the personal information from enrollees on the DC Health Link website. The Daily Caller first obtained |
Data Breach | ★★ | |
|
2023-03-09 12:24:39 | AT&T alerts 9 million customers of data breach after vendor hack (lien direct) | AT&T is notifying roughly 9 million customers that some of their information has been exposed after one of its marketing vendors was hacked in January. [...] | Data Breach Hack | ★★ | |
|
2023-03-09 10:39:57 | Congress Members Warned of Significant Health Data Breach (lien direct) | >House and Senate members informed that hackers may have gained access to their sensitive personal data in DC Health Link breach. | Data Breach | ★★ | |
|
2023-03-09 10:35:58 | There\'s A RAT In mi Note, What Am I Gonna Do? (lien direct) | Cybercriminals use Microsoft OneNote attachments in phishing emails to spread malware and password stealers. Phishing campaigns are one of the most typical ways criminals obtain private or sensitive information. According to Verizon Data Breach Investigations Report, 94% of the malware is delivered by email. Malicious Word and Excel attachments for phishing have been prevalent for […] | Data Breach Malware | ★★★ | |
 |
2023-03-09 10:15:00 | House Members at Risk After Insurer Data Breach (lien direct) | Threat actor claims to have info on 170,000 victims | Data Breach Threat | ★★★ | |
|
2023-03-08 17:48:41 | FBI investigates data breach impacting U.S. House members and staff (lien direct) | The FBI is investigating a data breach affecting U.S. House of Representatives members and staff after their account and personal information was stolen from DC Health Link's servers. [...] | Data Breach | ★★ | |
 |
2023-03-08 11:00:00 | Securing Your Supply Chain Through Cyber Risk Management (lien direct) | >Supply chain risk is now recognized as a top challenge, with more than half of security breaches attributed to supply chain and third-party suppliers. This can be a costly vulnerability. The global average data breach cost was $4.35 million last year, according to IBM’s Cost of a Data Breach 2022 report. These risks stem from […] | Data Breach | ★★ | |
|
2023-03-07 15:07:35 | Acer\'s Sensitive Data Allegedly For Sale On A Hacker Forum (lien direct) | Taiwan-based computer hardware and electronics company Acer is facing another potential data breach as a threat actor claimed to have posted the company’s sensitive data for sale on a popular hacking forum. According to reports, the data allegedly contains confidential product model documentation, binaries, backend infrastructure, and other sensitive data, which the attacker claims was […] | Data Breach Threat | ★ | |
 |
2023-03-07 11:51:00 | LastPass Hack: Engineer\'s Failure to Update Plex Software Led to Massive Data Breach (lien direct) | The massive breach at LastPass was the result of one of its engineers failing to update Plex on their home computer, in what's a sobering reminder of the dangers of failing to keep software up-to-date. The embattled password management service last week revealed how unidentified actors leveraged information stolen from an earlier incident that took place prior to August 12, 2022, along with | Data Breach | LastPass LastPass | ★★ |
|
2023-03-07 10:38:43 | Acer confirms breach after 160GB of data for sale on hacking forum (lien direct) | Taiwanese computer giant Acer confirmed that it suffered a data breach after threat actors hacked a server hosting private documents used by repair technicians. [...] | Data Breach Threat | ★★★★ | |
|
2023-03-02 14:35:13 | Trezor Wallet Alerts Of Major Crypto Phishing Campaign (lien direct) | Trezor wallet is involved in an ongoing phishing attack that attempts to steal a target’s cryptocurrency wallet and assets by impersonating Trezor data breach alerts. Trezor is a cryptocurrency wallet that allows users to keep their cryptocurrency offline as opposed to in cloud-based or device-based wallets. This is because a hardware wallet like a Trezor […] | Data Breach | ★★★ | |
|
2023-03-02 14:33:21 | Hatch Bank discloses data breach after GoAnywhere MFT hack (lien direct) | Fintech banking platform Hatch Bank has reported a data breach after hackers stole the personal information of almost 140,000 customers from the company's Fortra GoAnywhere MFT secure file-sharing platform. [...] | Data Breach Hack | ★★ | |
|
2023-03-02 09:59:05 | British retail chain WH Smith says data stolen in cyberattack (lien direct) | British retailer WH Smith has suffered a data breach that exposed information belonging to current and former employees. [...] | Data Breach | ★★★ | |
|
2023-03-01 18:14:47 | Trezor warns of massive crypto wallet phishing campaign (lien direct) | An ongoing phishing campaign is pretending to be Trezor data breach notifications attempting to steal a target's cryptocurrency wallet and its assets. [...] | Data Breach | ★★★ | |
 |
2023-02-28 20:55:00 | Cyber Security Risks of Remote Employee Offboarding (lien direct) |
Remote work options are popular trends that provide flexibility for the employee and potentially a less expensive option for the employer. However, remote work devices can pose a real threat to your organization, especially after recent layoffs or organizational restructuring. We'll explore the potential vulnerabilities caused by unprotected devices as well as data breach prevention techniques to keep your organization's private data secure. |
Data Breach Threat | ★★ | |
|
2023-02-28 11:46:00 | LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults (lien direct) | LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems. The company said one of its DevOps engineers had their personal home computer breached and infected with a keylogger as part of a sustained cyber attack that exfiltrated | Data Breach Threat | LastPass | ★ |
 |
2023-02-28 06:59:07 | US Marshals Service leaks \'law enforcement sensitive information\' in ransomware incident (lien direct) | It's not just another data breach when the victim oversees witness protection programs The US Marshals Service, the enforcement branch of the nation's federal courts, has admitted to a “major” breach of its information security defenses allowed a ransomware infection and exfiltration of “law-enforcement sensitive information”.… | Ransomware Data Breach | ★ | |
 |
2023-02-27 17:21:30 | Émission Tv perturbée aprés un piratage informatique (lien direct) | Les émissions de Virgin Media Télévision ont été temporairement suspendues en Irlande après la découverte d'une tentative d'accès illégal aux systèmes.... | Data Breach | ★★ | |
 |
2023-02-27 16:07:21 | 27th February – Threat Intelligence Report (lien direct) | >For the latest discoveries in cyber research for the week of 27th February, please download our Threat_Intelligence Bulletin TOP ATTACKS AND BREACHES Stanford University experienced a data breach in which files containing Economics Ph.D. program admission information were leaked. Personal and health information of 897 applicants might have been exposed. Dish Network, a major American TV and satellite broadcast provider, had been experiencing an unexplained outage with its websites and apps. Shortly after, the company's employees detected suspicious activity on their desktops and reported it as a cyberattack. Canadian telecom TELUS is investigating a potential data breach after a threat […] | Data Breach Threat | ★★ | |
|
2023-02-27 10:42:19 | Media Giant News Corp Discloses New Details of Data Breach (lien direct) | >News Corp says a threat group, previously linked to the Chinese government, had access to its systems for two years before the breach was discovered. | Data Breach Threat | ★★ | |
|
2023-02-25 00:42:12 | DNA Diagnostics Center to pay $400,000 fine for 2021 data breach (lien direct) |  One of the largest commercial DNA testing companies in the world agreed to pay a $400,000 fine to Ohio and Pennsylvania after a 2021 data breach compromised the information of more than 2 million people. The announcement from DNA Diagnostics Center (DDC) comes after a lawsuit filed by the two states’ attorneys general accused the [… |
Data Breach | ★★★ | |
|
2023-02-24 11:27:59 | Stanford University discloses data breach affecting PhD applicants (lien direct) | Stanford University disclosed a data breach after files containing Economics Ph.D. program admission information were downloaded from its website between December 2022 and January 2023. [...] | Data Breach | ★★ | |
|
2023-02-23 21:54:58 | TELUS investigating leak of stolen source code, employee data (lien direct) | Canada's second-largest telecom, TELUS is investigating a potential data breach after a threat actor shared samples online of what appears to be employee data. The threat actor subsequently shared screenshots apparently showing private source code repositories and payroll records held by the company. [...] | Data Breach Threat | ★★ | |
|
2023-02-21 22:29:24 | Activision Admits Data Breach Exposing Employee And Game Info (lien direct) | Activision has confirmed that it had a data breach at the beginning of December 2022. Hackers got into the company’s internal systems by sending an SMS phishing text to a worker and getting them to click on a link. The video game company says the incident hasn’t exposed player information or game source code. “On […] | Data Breach | ★★ | |
|
2023-02-21 14:14:40 | Activision confirms data breach exposing employee and game info (lien direct) | Activision has confirmed that it suffered a data breach in December 2022 after one of its employees fell victim to an SMS phishing attack, giving hackers access to its internal systems. [...] | Data Breach | ★★★ | |
|
2023-02-21 14:00:00 | CyberheistNews Vol 13 #08 [Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
CyberheistNews Vol 13 #08 | February 21st, 2023
[Heads Up] Reddit Is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach
There is a lot to learn from Reddit's recent data breach, which was the result of an employee falling for a "sophisticated and highly-targeted" spear phishing attack.
I spend a lot of time talking about phishing attacks and the specifics that closely surround that pivotal action taken by the user once they are duped into believing the phishing email was legitimate.
However, there are additional details about the attack we can analyze to see what kind of access the attacker was able to garner from this attack. But first, here are the basics:
According to Reddit, an attacker set up a website that impersonated the company's intranet gateway, then sent targeted phishing emails to Reddit employees. The site was designed to steal credentials and two-factor authentication tokens.
There are only a few details from the breach, but the notification does mention that the threat actor was able to access "some internal docs, code, as well as some internal dashboards and business systems."
Since the notice does imply that only a single employee fell victim, we have to make a few assumptions about this attack:
The attacker had some knowledge of Reddit's internal workings – The fact that the attacker can spoof an intranet gateway shows they had some familiarity with the gateway's look and feel, and its use by Reddit employees.
The targeting of victims was limited to users with specific desired access – Given the knowledge about the intranet, it's reasonable to believe that the attacker(s) targeted users with specific roles within Reddit. From the use of the term "code," I'm going to assume the target was developers or someone on the product side of Reddit.
The attacker may have been an initial access broker – Despite the access gained that Reddit is making out to be not a big deal, they do also mention that no production systems were accessed. This makes me believe that this attack may have been focused on gaining a foothold within Reddit versus penetrating more sensitive systems and data.
There are also a few takeaways from this attack that you can learn from:
2FA is an important security measure – Despite the fact that the threat actor collected and (I'm guessing) passed the credentials and 2FA details onto the legitimate Intranet gateway-a classic man-in-the |
Data Breach Hack Threat Guideline | ChatGPT | ★★ |
|
2023-02-20 18:09:25 | RailYatri: 31 Million Users Affected On Indian Ticketing Platform (lien direct) | Although the RailYatri attack occurred in December 2022, the stolen data was only recently made public on a well-known hacker forum. In addition to exposing personal information, the RailYatri hack revealed the locations of millions of travelers throughout India. A significant data breach at the well-known Indian railway ticketing website RailYatri exposed the private data […] | Data Breach Hack | ★★ | |
 |
2023-02-16 00:00:00 | Lower Data Breach Insurance Costs with These Tips (lien direct) | The changing attack landscape has resulted in the hardening of the data breach insurance market. Gain insight into how implementing security controls can reduce the mean time to detect and control the costliness of an attack. | Data Breach | ★★★ | |
|
2023-02-15 13:18:20 | Reddit is the Latest Victim of a Spear Phishing Attack Resulting in a Data Breach (lien direct) |
|
Data Breach | ★★ | |
|
2023-02-15 12:00:00 | What to Look for When Buying a Security Camera (2023): Tips and Risks (lien direct) | Eufy's recent scandal shows it's not so much about the data breach but about how a company responds. Here are a few ways to shop smart. | Data Breach | ★★ | |
|
2023-02-14 21:14:01 | Q&A: What healthcare providers should do after a data breach (lien direct) | Eufy's recent scandal shows it's not so much about the data breach but about how a company responds. Here are a few ways to shop smart. | Data Breach | ★★ | |
|
2023-02-14 18:48:40 | Louisiana HBCU says personal data from 44,000 students accessed in November cyberattack (lien direct) |  The only Catholic historically Black college or university (HBCU) reported a data breach this week involving Social Security numbers and other personal information from more than 44,000 students and vendors. In filings with the office of Maine's attorney general, Xavier University of Louisiana said it suffered a cyberattack on November 22. “Xavier engaged cybersecurity experts [… |
Data Breach | ★★★ | |
|
2023-02-14 13:15:55 | Pepsi Bottling Ventures Discloses Data Breach (lien direct) | >Pepsi Bottling Ventures, the largest privately-held bottler of Pepsi-Cola products in the United States, says data was stolen from its systems following a malware attack. | Data Breach Malware | ★ | |
|
2023-02-14 11:26:54 | Healthcare giant CHS reports first data breach in GoAnywhere hacks (lien direct) | Community Health Systems (CHS) says it was impacted by a recent wave of attacks targeting a zero-day vulnerability in Fortra's GoAnywhere MFT secure file transfer platform. [...] | Data Breach Vulnerability | ★★ | |
 |
2023-02-14 04:04:00 | Pepsi Bottling Ventures suffers data breach (lien direct) | Pepsi Bottling Ventures, the largest bottlers of Pepsi beverages in the US, has reported a data breach affecting the personal information of several employees.The company filed a notice of the data breach with the Attorney General of Montana on February 10 after discovering that a threat actor had accessed confidential information of certain current and former employees. “As a precautionary measure, we are writing to make you aware of an incident that may affect the security of some of your personal information,” the company wrote in its incident report. It said that as of now it is not aware of any kind of identity theft or fraud involving the leaked personal data. To read this article in full, please click here | Data Breach Threat | ★ | |
 |
2023-02-13 11:48:55 | BlackCat Leaks Data Belonging to Irish University (lien direct) | >Our CEO Brian Honan was interviewed by Data Breach Today at Information Security Media Group (ISMG) on what the High Court's injunction prohibiting ransomware attackers from leaking data will mean for Munster Technological University, following their ransomware attack. Read More > | Ransomware Data Breach | ★ | |
|
2023-02-13 05:33:19 | Pepsi Bottling Ventures suffers data breach after malware attack (lien direct) | Pepsi Bottling Ventures LLC suffered a data breach caused by a network intrusion that resulted in the installation of information-stealing malware and the extraction of data from its IT systems. [...] | Data Breach Malware | ★★ | |
|
2023-02-10 19:45:08 | December ransomware attack leads to massive data breach from California health network (lien direct) |  Facilities within California's Heritage Provider Network reported a data breach related to a ransomware attack in December |
Ransomware Data Breach Guideline | Heritage Heritage | ★★★ |
|
2023-02-10 15:30:15 | A10 Networks confirms data breach after Play ransomware attack (lien direct) | The California-based networking hardware manufacturer 'A10 Networks' has confirmed to BleepingComputer that the Play ransomware gang briefly gained access to its IT infrastructure and compromised data. [...] | Ransomware Data Breach | ★★ |
To see everything:
Our RSS (filtrered)
