Beyond ChatGPT: Shadow AI Risks Lurk in SaaS Tools

source: technewsworld.com  |  image: pexels.com

 

Unapproved use of ChatGPT and other generative AI tools is creating a growing cybersecurity blind spot for businesses. As employees adopt these technologies without proper oversight, they may inadvertently expose sensitive data — yet many managers still underestimate the risk and delay implementing third-party defenses.

This type of unsanctioned technology use, known as shadow IT, has long posed security challenges. Now, its AI-driven counterpart — shadow AI — is triggering new concerns among cybersecurity experts. Continue reading “Beyond ChatGPT: Shadow AI Risks Lurk in SaaS Tools”

UK Arrests Four in ‘Scattered Spider’ Ransom Group

source: krebsonsecurity.com  |  image: pexels.com

 

Authorities in the United Kingdom this week arrested four people aged 17 to 20 in connection with recent data theft and extortion attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group. The breaches have been linked to a prolific but loosely-affiliated cybercrime group dubbed “Scattered Spider,” whose other recent victims include multiple airlines. Continue reading “UK Arrests Four in ‘Scattered Spider’ Ransom Group”

McDonald’s AI Hiring Bot Exposed Millions of Applicants’ Data to Hackers Who Tried the Password ‘123456’

source: wired.com  |  image: pexels.com

 

Basic security flaws left the personal info of tens of millions of McDonald’s job-seekers vulnerable on the “McHire” site built by AI software firm Paradox.ai.

IF YOU WANT a job at McDonald’s today, there’s a good chance you’ll have to talk to Olivia. Olivia is not, in fact, a human being, but instead an AI chatbot that screens applicants, asks for their contact information and résumé, directs them to a personality test, and occasionally makes them “go insane” by repeatedly misunderstanding their most basic questions. Continue reading “McDonald’s AI Hiring Bot Exposed Millions…”

Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms

source: threatpost.com  |  image: pexels.com

 

Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

Targeted attacks on Twilio and Cloudflare employees are tied to a massive phishing campaign that resulted in 9,931 accounts at over 130 organizations being compromised. The campaigns are tied to focused abuse of identity and access management firm Okta, which gained the threat actors the 0ktapus moniker, by researchers.

Continue reading “Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms”

That Time Chinese Intelligence Tried to Recruit Me

source: substack.com (contributed by Artemus founder, Bob Wallace  |  image: pexels.com

 

How I found myself on the receiving end of a Chinese spy recruitment pitch and stumbled into the strange new frontier of AI-assisted espionage.

 

If you’ve ever thought your inbox was full of suspiciously good offers—say, a Nigerian prince asking for your bank details—you may be missing out on another opportunity: being recruited by a foreign intelligence agency.

Yes, I’m here to report that I was pitched by what can only be described as a Chinese intelligence operation masquerading as a hedge fund consultancy. After 20 years of writing about foreign intelligence operations, I found myself in the middle of one.

Let me set the stage: it all began innocently enough on May 21, with a direct message on X from “Mary Taylor.” Her firm, the Visionary Advisory Group, was exploring the possibility of conflict between China and Taiwan, and I was just the guy whose opinion they wanted to hear about it.

Now, I’m really not that guy. I have at best a rudimentary understanding of the tensions in the Taiwan Strait. Don’t ask me to explain the “One China” policy or “strategic ambiguity.”

Continue reading “That Time Chinese Intelligence Tried to Recruit Me”

FAA will build air traffic control system that can be ‘updated like your iPhone’

source: cybernews.com  |  image: faa.gov

 

US President Donald Trump and US Transportation Secretary Sean Duffy, along with at least a dozen major airline aviation CEOs on Thursday, announce a new plan to “completely rebuild and modernize” the nation’s air traffic control system.

The Secretary said the time has come to finally address the FAA’s antiquated technology infrastructure and the intermittent systemwide failures that have been plaguing the aviation industry for years. Continue reading “FAA will build air traffic control system that can be ‘updated like your iPhone’”

Driving to Mexico or Canada? US Will Snap Pics of Everyone in Your Car

source: pcmag.com  |  image: pexels.com

 

Photographs will be matched to images in passengers’ passports, visas, or travel documents.

US Customs and Border Protection (CBP) plans to begin collecting photographs of everyone leaving the US for Mexico or Canada by car. The photographs will then be matched to the images in the passengers’ passports, visas, or travel documents. Continue reading “Driving to Mexico or Canada? US Will Snap Pics of Everyone in Your Car”

World’s Smallest Pacemaker Goes in Via Syringe — And Dissolves When No Longer Needed

source: nicenews.com  |  image: pixabay.com

Scientists have developed a tiny pacemaker with tiny hearts in mind. A team of engineers at Northwestern University built a device that’s so small it can be inserted noninvasively via syringe and dissolves when it’s no longer needed. That makes it particularly well-suited for newborns with heart defects, who often only need temporary pacing.

“We have developed what is, to our knowledge, the world’s smallest pacemaker,” bioelectronics pioneer John A. Rogers, who led the device development, told Northwestern Now. “There’s a crucial need for temporary pacemakers in the context of pediatric heart surgeries, and that’s a use case where size miniaturization is incredibly important. In terms of the device load on the body — the smaller, the better.”

Experimental cardiologist Igor Efimov, who co-led the research, added that for most of the roughly 1% of children born with congenital heart defects, the heart self-repairs within about a week. “But those seven days are absolutely critical,” Efimov said. “Now, we can place this tiny pacemaker on a child’s heart and stimulate it with a soft, gentle, wearable device. And no additional surgery is necessary to remove it.”

Watch a video of Rogers explaining how it works.

 

TeleMessage, a modified Signal clone used by US government officials, has been hacked

source: techcrunch.com (contributed by FAN, Steve Page)  |  image: pexels.com

 

A hacker has exploited a vulnerability in TeleMessage, which provides modded versions of encrypted messaging apps such as Signal, Telegram, and WhatsApp, to extract archived messages and other data relating to U.S. government officials and companies who used the tool, 404 Media reported.

TeleMessage came into the spotlight last week after it was reported that former U.S. national security adviser Mike Waltz was using TeleMessage’s modified version of Signal. Israel-based TeleMessage, owned by Smarsh, offers its clients a way to archive messages, including voice notes, from encrypted apps. Continue reading “TeleMessage has been hacked”

Countries shore up their digital defenses as global tensions raise the threat of cyberwarfare

source: apnews.com  |  image: pexels.com

 

WASHINGTON (AP) — Hackers linked to Russia’s government launched a cyberattack last spring against municipal water plants in rural Texas. At one plant in Muleshoe, population 5,000, water began to overflow. Officials had to unplug the system and run the plant manually.

The hackers weren’t trying to taint the water supply. They didn’t ask for a ransom. Authorities determined the intrusion was designed to test the vulnerabilities of America’s public infrastructure. It was also a warning: In the 21st century, it takes more than oceans and an army to keep the United States safe.

A year later, countries around the world are preparing for greater digital conflict as increasing global tensions and a looming trade war have raised the stakes — and the chances that a cyberattack could cause significant economic damage, disrupt vital public systems, reveal sensitive business or government secrets, or even escalate into military confrontation. Continue reading “Countries shore up their digital defenses…”