Next presents the industry news of the week, summarized for your Friday.
Multiple outlets report of an attack, allegedly carried out by the BlackCat (ALPHV) ransomware gang, that stole 80GB of data from Reddit. The breach was a result of a phishing attack where an employee fell victim and their credentials were compromised. The attackers gained access to internal documents, source code, employee data, and information about the company's advertisers. Reddit's production systems were not breached, and user passwords, accounts, and credit card information were not impacted. The phishing attack on Reddit was similar to a previous attack on Riot Games, where source code for League of Legends and other games was stolen.
Privacy watchdogs from the G7 countries, including the United States, France, Germany, Italy, United Kingdom, Canada, and Japan, are working on a common vision for addressing data protection challenges associated with generative AI models like ChatGPT. The authorities have expressed concerns about the risks and potential harm to privacy and fundamental human rights posed by the rapid proliferation of generative AI models. They emphasize the need for proper development and regulation of these models. The regulators call for measures such as legal authority for processing personal information, security safeguards, transparency, explainability, and individuals' rights to access, rectify, and erase personal data. The European Union (EU) is also developing a voluntary Code of Conduct on generative AI, and the EU is also close to adopting comprehensive legislation on AI.
At Infosecurity Europe 2023, Chris Denbigh-White, CSO at Next, discussed some of the biggest changes in DLP with Beth Maundrill. The increasing sophistication of cyberattacks and the growing number of remote workers make it more important than ever for companies to have strong insider threat management and data protection programs in place.
Source: https://www.infosecurity-magazine.com/interviews/next-dlp-insider-threat-infose/
Hackers exploited a vulnerability in a vendor's cybersecurity system to steal the personal information of approximately 769,000 retirees and beneficiaries from the California Public Employees' Retirement System (CalPERS). Names, social security numbers, and other details were compromised. CalPERS took action to protect members and is offering two years of free credit monitoring. The breach occurred through a vulnerability in internal software. Former CalPERS members may also be affected. CalPERS assured the security of funds and advised affected individuals to monitor accounts and report any fraud.
Source: https://www.sacbee.com/news/politics-government/capitol-alert/article276638381.html
The University of Manchester has been targeted by a ransomware attack, and the threat actors have now begun sending emails to students, warning them that their data will be leaked since the extortion demand was not met.
The attackers claim to have stolen 7 terabytes of data during the June 6th cyberattack. Although the university confirmed the attack, no further details were provided. While no specific group has claimed responsibility for the attack, the situation may unfold further if the stolen data is published on a data leak site.
Blog
Blog
Blog
Blog
Resources
Resources
Resources
Resources
