ZDNET – Don’t tell your AI anything personal, Google warns in new Gemini privacy notice
“What does it all mean? Simply stated, you should definitely heed Google’s warning and never include sensitive information in your Gemini interactions. Ever.“
CNN – Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’
“A finance worker at a multinational firm was tricked into paying out $25 million to fraudsters using deepfake technology to pose as the company’s chief financial officer in a video conference call, according to Hong Kong police.”
CSY – Over de risico’s van phishing e-mails en ransomware – Casus: de hack bij Maastricht University
Een overzicht van de UMaastricht rasomware aanval in 2019, dit in 14 handige slides (met enkele interessante tests).
TechCrunch – ChatGPT is violating Europe’s privacy laws, Italian DPA tells OpenAI
“OpenAI has been told it’s suspected of violating European Union privacy, following a multi-month investigation of its AI chatbot, ChatGPT, by Italy’s data protection authority.”
Helpnetsecurity – What makes ransomware victims less likely to pay up?
“There’s a good reason why ransomware gangs started exfiltrating victims’ data instead of just encrypting it: those organizations pay more.”
De Tijd – Europa beschermt gevoelige technologie tegen China
“De concurrentie in sleuteltechnologie speelt ook een rol bij onderzoek bij universiteiten en onderzoeksinstellingen. ‘Lidstaten mogen niet blind zijn voor de risico’s die inherent zijn aan internationale samenwerking.’”
Bleepingcomputer – Over 5,300 GitLab servers exposed to zero-click account takeover attacks
“Although the flaw does not bypass two-factor authentication (2FA), it is a significant risk for any accounts not protected by this extra security mechanism.”
De Tijd – Hacking beurswaakhond SEC gebeurde door sim-swap
“De SEC zei ook dat de multifactorauthenticatie van zijn X-account afgelopen juli was uitgeschakeld en pas na het incident weer werd ingeschakeld. De multifactorauthenticatie is nu ingeschakeld op alle sociale media van de SEC, zegt de toezichthouder. “
Arstechnica: Microsoft network breached through password-spraying by Russian-state hackers
” A device inside Microsoft’s network was protected by a weak password with no form of two-factor authentication employed. The Russian adversary group was able to guess it by peppering it with previously compromised or commonly used passwords until they finally landed on the right one.”
De Tijd: Verbod op samenwerking met zeven risicovolle Chinese universiteiten
“Vlaanderen verbiedt de samenwerking van kennisinstellingen en universiteiten met zeven Chinese universiteiten, uit vrees dat ze gedeelde kennis inzetten voor militaire ontwikkelingen. “