Wednesday, November 27, 2024
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Independent

Independent Krebs 

Many Public Salesforce Sites are Leaking Private Data

admin , , , , , , , , , , , , ,

Credit to Author: BrianKrebs| Date: Fri, 28 Apr 2023 02:09:56 +0000

A shocking number of organizations — including banks and healthcare providers — are leaking private and sensitive information from their public Salesforce Community websites, KrebsOnSecurity has learned. The data exposures all stem from a misconfiguration in Salesforce Community that allows an unauthenticated user to access records that should only be available after logging in.

Read more
ComputerWorld Independent 

ChatGPT learns to forget: OpenAI implements data privacy controls

admin ,

OpenAI, the Microsoft-backed firm behind the groundbreaking ChatGPT generative AI system, announced this week that it would allow users to turn off the chat history feature for its flagship chatbot, in what’s being seen as a partial answer to critics concerned about the security of data provided to ChatGPT.

The “history disabled” feature means that conversations marked as such won’t be used to train OpenAI’s underlying models, and won’t be displayed in the history sidebar. They will still be stored on the company’s servers, but will only be reviewed on an as-needed basis for abuse, and will be deleted after 30 days.

To read this article in full, please click here

Read more
Independent Krebs 

3CX Breach Was a Double Supply Chain Compromise

admin , , , , , , , , , , , , , , , , , , , , , ,

Credit to Author: BrianKrebs| Date: Fri, 21 Apr 2023 01:05:44 +0000

We learned some remarkable new details this week about the recent supply-chain attack on VoIP software provider 3CX, a complex, lengthy intrusion that has the makings of a cyberpunk spy novel: North Korean hackers using legions of fake executive accounts on LinkedIn to lure people into opening malware disguised as a job offer; malware targeting Mac and Linux users working at defense and cryptocurrency firms; and software supply-chain attacks nested within earlier supply chain attacks.

Read more
ComputerWorld Independent 

Kandji explains its new Endpoint Detection and Response tools

admin ,

Read more
ComputerWorld Independent 

IT staffers would help colleagues avoid monitoring software

admin , ,

The use of invasive monitoring software that tracks employee productivity is unlikely to be popular with workers — and it turns out IT staffers aren’t keen on deploying the technology either.

In fact, many IT workers are apparently willing to defy company policy and help colleagues find workarounds to avoid being spied on by the boss. That’s according to a survey of 500 IT managers and 500 non-manager IT workers in the US conducted by Wakefield Research on behalf of digital employee experience software vendor 1E. The survey results were made public last week. 

To read this article in full, please click here

Read more
ComputerWorld Independent 

Jamf debuts sophisticated security protection for executive iPhones

admin , , , ,

Newton’s Third Law of motion argues that for every action there is an equal and opposite reaction. With that in mind, it’s no surprise that the Apple ecosystem is fighting back in a big way against the mercenary spyware companies that have made headlines recently.

Improving situational awareness

Few people in tech sit comfortably with NSO Group and others in their attacks against journalists, human rights advocates, and high-value targets on behalf of repressive governments. They know that these technologies tend to proliferate, which is why most firms are now engaged in finding new ways to fight back.

To read this article in full, please click here

Read more
ComputerWorld Independent 

Do the productivity gains from generative AI outweigh the security risks?

admin ,

Credit to Author: eschuman@thecontentfirm.com| Date: Fri, 21 Apr 2023 08:08:00 -0700

There’s no doubt generative AI models such as ChatGPT, BingChat, or GoogleBard can deliver massive efficiency benefits — but they bring with them major cybersecurity and privacy concerns along with accuracy worries. 

It’s already known that these programs — especially ChatGPT itself — make up facts and repeatedly lie. Far more troubling, no one seems to understand why and how these lies, coyly dubbed “hallucinations,” are happening. 

In a recent 60 Minutes interview, Google CEO Sundar Pichai explained: “There is an aspect of this which we call — all of us in the field — call it as a ‘black box.’ You don’t fully understand. And you can’t quite tell why it said this.”

To read this article in full, please click here

Read more
ComputerWorld Independent 

Google adds data loss prevention, security features to Chrome

admin , , ,

Google today rolled out several new features for enterprise users of its Chrome browser, including data loss prevention (DLP), protections against malware and phishing, and the ability to enable zero-trust access to the search engine.

In all, Google highlighted six new features for Chrome – three of them specific to the browser’s existing DLP capabilities.

A new “context-aware” feature allows enterprise administrators to customize DLP rules based on the security posture of the device being used. For example, admins can allow users to download sensitive documents if they’re accessing them from a corporate device that’s up to date on security fixes or is confirmed to have endpoint protection software installed.

To read this article in full, please click here

Read more