Beyond ChatGPT: Shadow AI Risks Lurk in SaaS Tools

source: technewsworld.com  |  image: pexels.com

 

Unapproved use of ChatGPT and other generative AI tools is creating a growing cybersecurity blind spot for businesses. As employees adopt these technologies without proper oversight, they may inadvertently expose sensitive data — yet many managers still underestimate the risk and delay implementing third-party defenses.

This type of unsanctioned technology use, known as shadow IT, has long posed security challenges. Now, its AI-driven counterpart — shadow AI — is triggering new concerns among cybersecurity experts. Continue reading “Beyond ChatGPT: Shadow AI Risks Lurk in SaaS Tools”

UK Arrests Four in ‘Scattered Spider’ Ransom Group

source: krebsonsecurity.com  |  image: pexels.com

 

Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group. The breaches have been linked to a prolific but loosely-affiliated cybercrime group dubbed “Scattered Spider,” whose other recent victims include multiple airlines. Continue reading “UK Arrests Four in ‘Scattered Spider’ Ransom Group”

McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’

source: wired.com  |  image: pexels.com

 

Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

IF YOU WANT a job at McDonald’s today, there’s a good chance you’ll have to talk to Olivia. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and résumé, directs them to a personality test, and occasionally makes them “go insane” by repeatedly misunderstanding their most basic questions. Continue reading “McDonald’s AI Hiring Bot Exposed Millions…”

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

source: threatpost.com  |  image: pexels.com

 

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.

Continue reading “Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms”