Collaborating Authors


Diverse threat intelligence key to cyberdefense against nation-state attacks


Identifying the top nation-state actors can depend on who you ask, which underscores the need to gather threat intelligence from varied data sources. In a climate where geopolitical issues now can drive industry discussions, organizations will be better served if they formulate their cybersecurity strategy on information that reflects threat activities on an international scale. For some organizations, this requirement means gathering threat intel that is comprehensive and, in particular, diverse. Most threat intelligence houses currently originate from the West or are Western-oriented, and this can result in bias or skewed representations of the threat landscape, noted Minhan Lim, head of research and development at Ensign Labs. The Singapore-based cybersecurity vendor was formed through a joint venture between local telco StarHub and state-owned investment firm, Temasek Holdings.

Microsoft AI researchers mistakenly leaked 38TB of company data


A Microsoft AI research team that uploaded training data on GitHub in an effort to offer other researchers open-source code and AI models for image recognition inadvertently exposed 38TB of personal data. Wiz, a cybersecurity firm, discovered a link included in the files that contained backups of Microsoft employees' computers. Those backups contained passwords to Microsoft services, secret keys and over 30,000 internal Teams messages from hundreds of the tech giant's employees, Wiz says. Microsoft assures in its own report of the incident, however, that "no customer data was exposed, and no other internal services were put at risk." The link was deliberately included with the files so that interested researchers could download pretrained models -- that part was no accident.

Microsoft AI team accidentally leaks 38TB of private company data


AI researchers at Microsoft have made a huge mistake. According to a new report from cloud security company Wiz, the Microsoft AI research team accidentally leaked 38TB of the company's private data. The exposed data included full backups of two employees' computers. These backups contained sensitive personal data, including passwords to Microsoft services, secret keys, and more than 30,000 internal Microsoft Teams messages from more than 350 Microsoft employees. So, how did this happen?

You Need to Update Google Chrome or Whatever Browser You Use


China-linked hackers are increasingly moving beyond espionage and into the disturbing world of power grid attacks. Threat researchers at security software firm Symantec this week released new evidence that the Chinese hacking group known as APT41 infiltrated the power grid of an Asian nation. Some details of the latest intrusion echo a 2021 attack on India's power grid, suggesting the same hackers are responsible. In Argentina, a scandal is playing out over the use of facial recognition software in Buenos Aires. Despite laws that require authorities to limit searches to known fugitives, an investigation by a judge found that the system was used to look up people not wanted for any crimes.

Mozilla: Your New Car Is a Data Privacy Nightmare


Last week, WIRED published a deep-dive investigation into Trickbot, the prolific Russian ransomware gang. This week, US and UK authorities sanctioned 11 alleged members of Trickbot and its related group, Conti, including Maksim Galochkin, aka Bentley, one of the alleged members whose real-world identity we confirmed through our investigation. In addition to the US and UK sanctions, the US Justice Department also unsealed indictments filed in three US federal courts against Galochkin and eight other alleged Trickbot members for ransomware attacks against entities in Ohio, Tennessee, and California. Because everyone charged is a Russian national, however, it is unlikely they will ever be arrested or face trial. While Russian cybercriminals typically enjoy immunity, the same may not remain true for the country's military hackers.

Google Chrome is getting a redesign. See how it will change.


Google Chrome is celebrating its 15th birthday in style. To celebrate this milestone, Chrome is getting a revamp with Google's Material You design language. Chrome's layout will look largely the same, but with "refreshed" icons that focus on legibility as well as new color palettes and themes. The Chrome menu has been improved for faster access to extensions, Google Translate, and Password Manager. Chrome's side panel will also become more useful, with a new feature that lets you search the page to learn more about the source and explore related searches.

OpenAI violated EU privacy and transparency law, complaint alleges


OpenAI allegedly violated European privacy laws in a bunch of different ways according to a complaint filed in Poland. On Tuesday, cybersecurity and privacy researcher Lukasz Olejnik filed a complaint with the Polish Data Protection Authorities, for breach of the European Union's sweeping General Data Protection Regulation (GDPR). Olejnik, who is represented by Warsaw-based law firm GP Partners, alleges OpenAI violated several of the GDPR's provisions regarding lawful basis, transparency, fairness, data access rights, and privacy by design, according to TechCrunch which reviewed the 17-page complaint. This complaint is one of several legal issues OpenAI is now confronted with, both abroad and in the U.S., where it's based. In June, OpenAI was hit with a class-action lawsuit by a California law firm for allegedly training ChatGPT with "stolen" data.

We read X's new privacy policy so you don't have to


As you're probably aware, Twitter is no longer Twitter; it is now X, courtesy of new owner Elon Musk, who wants to turn it into "everything app." That means that Twitter (sorry, X), is gradually changing from "yell at the world in short message format" app into "chatting, blogging, sharing videos, making calls, personal finance, and basically everything else" app. It is only logical, then, that the app's terms and conditions, as well as privacy policy, needed some updating. But given Musk's propensity for basically doing whatever the heck he wants on X, it's worth taking the time to understand what using X means for your privacy. Firstly, the old privacy policy, which X calls "Current Privacy Policy" is still in effect and will remain so until Sept. 29, 2023.

Cunning romance scams and how to avoid them

FOX News

Celebrity matchmaker Alessandra Conti tells Fox News Digital about the rise in AI bots being used to catfish people in the dating world. Let's face it – online dating has always been a bit of a circus. Between ghosting, catfishing and breadcrumbing, it's a wonder anyone finds romance at all. It's safe to say online dating is a downright chore these days. CLICK TO GET KURT'S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK TIPS, TECH REVIEWS AND EASY HOW-TO'S TO MAKE YOU SMARTER Remember those cringe-worthy dinner dates where you dropped a hundred bucks only to realize you'd never see the person again?

UK cybersecurity agency warns of chatbot 'prompt injection' attacks

The Guardian

The UK's cybersecurity agency has warned that chatbots can be manipulated by hackers to cause scary real-world consequences. The National Cyber Security Centre (NCSC) has said there are growing cybersecurity risks of individuals manipulating the prompts through "prompt injection" attacks. This is where a user creates an input or a prompt that is designed to make a language model – the technology behind chatbots – behave in an unintended manner. A chatbot runs on artificial intelligence and is able to give answers to prompted questions by users. They mimic human-like conversations, which they have been trained to do through scraping large amounts of data.