“Bloomberg ETF IQ” focuses on the opportunities, risks and current trends tied to the trillions of dollars in the global exchange traded funds industry. Bloomberg’s Matt Miller, Katie Greifeld and Eric Balchunas are joined by leaders in this market, providing critical intelligence to finance advisers and investors of ETFs.
Bloomberg Chief Washington Correspondent Joe Mathieu delivers insight and analysis on the latest headlines from the White House and Capitol Hill, including conversations with influential lawmakers and key figures in politics and policy.
Series focused on the designers, artists, and craftspeople behind some of the world’s most impressive bespoke creations
JetBlue-Spirit Deal Faces DOJ Antitrust Suit as Soon as Tuesday
Brenntag Considers Buying Back At Least 5% of Stock
Dutch Greenhouses to Ease Europe’s Vegetable Shortage Next Month
ECB Battle Lines Form for March Decision as Future Hikes Debated
Spain’s Falling Deposit Rates Highlight Uneven Impact of Interest Rate Hikes
Red Bull’s Horner Likens F1’s TV Fame to ‘Kardashians on Wheels’
JetBlue-Spirit Deal Faces DOJ Antitrust Suit as Soon as Tuesday
Goldman Says Buy Apple After Years on Sidelines of 300% Advance
Twitter Faces Second Outage in a Week as Users Receive Error Messages on Links
BTS Label Hybe Falls Far Short in Bid to Take Over K-Pop Pioneer
Quiet Politician Steps Up to Challenge Erdogan in Turkish Election
N. Ireland’s DUP Sets Up Group to Assess New UK-EU Brexit Plan
A Nation’s Heavily Indebted Consumers Face a Painful Margin Call
Goldman’s Top Stock Trader Whose Pay Rivaled CEO’s Makes Surprise Exit
Red Bull’s Horner Likens F1’s TV Fame to ‘Kardashians on Wheels’
Shoppers Are Cooling on Luxury Purchases, Saks Fifth Avenue Says
Blackstone CMBS Default Presages Bad Times for Property Owners
ESG Investing Fight Is Less Than Meets the Eye
Women in Tech Are Forever Cast as ‘Adults’ But Rarely as CEO
Yellowstone Backers Wanted to Cash Out—Then the Streaming Bubble Burst
How Countries Leading on Early Years of Child Care Get It Right
Female Execs Are Exhausted, Frustrated and Heading for the Exits
‘Fences’ Producer Gets $90 Million in Funding From Investors Including Goldman Sachs
Only 22% of Speakers at Top Oil Conference Are Women
Tesla Offers an Unprecedented Look at the Bench Behind Elon Musk
UK Grid Readies Reserve Coal Unit for Tuesday’s Cold Snap
How San Francisco Is Making Small Businesses More Accessible
Last ‘Frigo’ in Paris: Urban Plan Threatens Piece of City’s History
This Former Factory Is Now New Taipei’s Edgiest Project
How The FTX Collapse Shook The Bahamas
This Week in Crypto: Ukraine War, Marathon Digital, FTX
AI Hype Comes to Crypto
Jen Easterly
Katrina Manson
Subscriber Benefit
Subscribe
A senior US cybersecurity official described adoption of some of Microsoft Corp. and Twitter Inc.’s security protocols as “disappointing” as part of a broadside against large technology companies’ approach to protecting user accounts.
Jen Easterly, director of the Cybersecurity and Infrastructure Security Agency, said in a speech Monday that bad software and unsafe practices are facilitating ransomware attacks that are crippling the nation’s most essential services, spanning energy supply, food production, hospitals and schools.
Category: Uncategorized
-
Microsoft, Twitter Must Boost Security, US Cyber Official Says – Bloomberg
-
How ChatGPT Can Help Cyber Security Pros Beat Attacks – Security Intelligence
The tech world is all abuzz over ChatGPT, the AI chatbot trained by OpenAI (founded by Elon Musk, Sam Altman and others). The large language model has exploded on the scene, amassing 1 million users in the first five days of its launch in late 2022. The security community is highly interested in this AI tool — and so are hackers. From writing malware code to generating a never-ending stream of phishing campaigns, many have named ChatGPT a dream platform for cyber actors. But what about the good guys?
Nearly any technology these days is a double-edged sword. So how are security pros looking at ChatGPT to help thwart cyber threats? Let’s find out.
Imagine a Russian-speaking cyber gang trying to write a sophisticated spear phishing message targeting a US-based CEO. The hacker would either have to be a language expert or hire a native writer. But now, in seconds, they can just ask ChatGPT to produce a nearly infinite number of believable phishing messages.
Attackers are already using ChatGPT to write malicious code. From infostealer to ransomware to entire Dark Web marketplaces, actors on underground forums are boasting about how they are using the AI chatbot to accelerate their efforts.
Legitimate research has also explored how ChatGPT could impact security. As reported by SC Media, security researcher Dr. Suleyman Ozarslan stated that he was able to utilize the program for a variety of offensive and defensive cybersecurity tasks. These included crafting a World Cup-related email in fluent English, generating Sigma detection rules to identify cybersecurity anomalies and creating evasion code that could circumvent detection rules.
Experts compare ChatGPT to other software, such as Cobalt Strike and Metasploit, which are popular with security professionals and attackers alike. These tools are useful for legitimate penetration testing and simulating potential adversaries. But hacking groups also use the tools to help them break into their victims’ systems.
Jeff Pollard, vice president and principal analyst at Forrester, said the emergence of ChatGPT has enabled him to consider how companies might practically leverage AI for defensive cybersecurity work, as per SC Media.
“I do think there is an aspect of looking at what it’s doing now, and it’s not that hard to see a future where you could take a SOC analyst that maybe has less experience, hasn’t seen as much and they’ve got something like this sitting alongside them that helps them communicate the information, maybe helps them understand or contextualize it, maybe it offers insights about what to do next,” Pollard said.
The strength and versatility of ChatGPT caught the attention of HackerSploit, who did a variety of tests with the chatbot online. He asked the AI chatbot how to scan for SMB (Server Message Block) vulnerabilities with Nmap. I repeated the question on my own, and the results were striking:
ChatGPT explained the process in detail and even included code snippets. What really caught my attention was the part in the answer that said (emphasis added):
“You can also use the NSE script smb-vuln-ms17-010 to check if the target is vulnerable to the ETERNALBLUE exploit, a SMB vulnerability that was used in the WannaCry attack nmap –script smb-vuln-ms17-010 <target>”
For Red Team cybersecurity teams (and criminals), the implications are massive. And what about Blue Team defensive efforts? HackerSploit asked these questions and received high-level answers:
HackerSploit also asked ChatGPT to find problems in a PHP code with a known vulnerability. ChatGPT not only identified the security weakness but also provided the code to fix it.
As cyberattacks grow in volume and complexity, artificial intelligence is already assisting under-staffed security teams to mitigate threats. Curating threat intelligence from across research sources, blogs and news stories, AI technologies like machine learning and natural language processing (NLP) provide actionable insight that cuts through the clutter. And all this drastically reduces response times.
Meanwhile, cognitive security combines the strengths of AI and human intelligence. Cognitive computing is an advanced type of artificial intelligence that leverages machine-learning algorithms and deep-learning networks. And these systems get stronger and smarter over time.
ChatGPT isn’t without its own bugs. Users have flagged the answers the chatbot provides for errors on numerous occasions. And, of course, you should always thoroughly test any code the AI writes before use. Still, the machine continues to learn as it interacts with the world. By design, it will get better and better at providing accurate answers.
Powerful AI tools are already available for both cyber criminals and security teams. The difference will be in which side learns to use the tools with more precision and efficiency. The worry is that these kinds of tools continue to lower the bar for malicious actors to launch attacks. As time goes on, even the most rudimentary skills might be enough to build dangerous cyber campaigns.
While organizations might be able to defend themselves using similar tools, what about the everyday person? How can the masses hope to outwit criminals armed with advanced AI tech?
Maybe, if ChatGPT-like tools remain accessible to everyone, all we will have to do is ask, “How should I defend myself against the threat of cyberattack?” And the chatbot will give us a detailed answer right away.
Jonathan Reed is a freelance technology writer. For the last decade, he has written about a wide range of topics including cybersecurity, Industry 4.0, AI/ML…
3 min read – The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread…
4 min read – Discover how threat actors are waging attacks and how to proactively protect your organization with top findings from the 2023 X-Force Threat Intelligence Index.
12 min read – Dive into the biggest highlights from this year’s X-Force Threat Intelligence Index with report author Michael Worley, a strategic cyber threat analyst at IBM Security. Listen now on Into the Breach.
According to a recent report, the number of attacks on the government sector saw a massive upswing in the second half of 2022 compared to the same period in 2021. The COVID-19 pandemic led to rapid digitization in government organizations, including a significant increase in remote systems access. This expanded the attack surface and further enabled malicious actors to use cyber warfare as a means to target other nations.Cyberattacks continue to affect the entire public sector, including schools and local…
On September 15, 2022, Uber employees logged on to see an unexpected message on the company’s Slack channel. It said, “Hi @here, I announce I am a hacker and Uber has suffered a data breach.” At first, many thought it was a joke. But the reality was not funny in the slightest. The intruder didn’t only infiltrate Slack: Uber’s domain admin, Amazon Web Services admin and GSuite were reportedly among the company’s compromised accounts. As per Group-IB, the hacker gained…
Public safety organizations are common cyberattack targets. But a recent Verizon survey of these organizations reveals that only 15% feel they are “very prepared” against cyberattacks. This survey coincides with a Resecurity report that cites an increase in malicious activity targeting law enforcement agencies during Q2 2022. Any incident can potentially impact community welfare and public safety. The challenge remains in how to improve security on tight public budgets. Luckily, a few simple tactics can begin to make a meaningful…
Technical and non-physical attacks have always been a part of modern warfare. During World War II, the Allies used advanced cryptanalysis to decrypt encoded messages sent by the Axis powers using the Enigma ciphering system. Led by Alan Turing, this breakthrough provided the Allies with valuable military intelligence and helped win the war. Fast forward to present-day warfare, where the cyber front has never been more intense. On February 24, Russia’s computer hackers targeted Ukraine’s satellite communications system, run by…
Analysis and insights from hundreds of the brightest minds in the cybersecurity industry to help you prove compliance, grow business and stop threats. -
Letter: Education can mitigate US cyber security concern – Financial Times
Keep abreast of significant corporate, financial and political developments around the world. Stay informed and spot emerging risks and opportunities with independent global reporting, expert commentary and analysis you can trust.
- Then ₹4,190 per month
- New customers only
- Cancel anytime during your trial
During your trial you will have complete digital access to FT.com with everything in both of our Standard Digital and Premium Digital packages.
Standard Digital includes access to a wealth of global news, analysis and expert opinion. Premium Digital includes access to our premier business column, Lex, as well as 15 curated newsletters covering key business themes with original, in-depth reporting. For a full comparison of Standard and Premium Digital, click here.
Change the plan you will roll onto at any time during your trial by visiting the “Settings & Account” section.
If you do nothing, you will be auto-enrolled in our premium digital monthly subscription plan and retain complete access for ₹4,190 per month.
For cost savings, you can change your plan at any time online in the “Settings & Account” section. If you’d like to retain your premium access and save 20%, you can opt to pay annually at the end of the trial.
You may also opt to downgrade to Standard Digital, a robust journalistic offering that fulfils many user’s needs. Compare Standard and Premium Digital here.
Any changes made can be done at any time and will become effective at the end of the trial period, allowing you to retain full access for 4 weeks, even if you downgrade or cancel.
You may change or cancel your subscription or trial at any time online. Simply log into Settings & Account and select “Cancel” on the right-hand side.
You can still enjoy your subscription until the end of your current billing period.
We support credit card, debit card and PayPal payments.
Find the plan that suits you best.
Premium access for businesses and educational institutions.
Check if your university or organisation offers FT membership to read for free.
We use and other data for a number of reasons, such as keeping FT Sites reliable and secure, personalising content and ads, providing social media features and to analyse how our Sites are used.
International Edition -
Cybersecurity must be tightened up in this era of polycrisis – World Economic Forum
Achieving cyber resilience is one of the biggest cybersecurity challenges. Image: Pixabay
Listen to the articleWhat is the World Economic Forum doing on cybersecurity?
Create a free account and access your personalized content collection with our latest publications and analyses.
License and Republishing
World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.
The views expressed in this article are those of the author alone and not the World Economic Forum.
A weekly update of the most important issues driving the global agendaYou can unsubscribe at any time using the link in our emails. For more details, review our
privacy policy.
7 trends that could shape the future of cybersecurity in 2030
Joanna Bouckaert, Ann Cleaveland and Matthew Nagamine
March 3, 2023
This one simple technique can help you avoid online scams, new research says
Yaniv Hanoch and Nicholas J. Kelley
March 1, 2023
Cyber scams are exploiting Türkiye-Syria earthquake relief efforts. Here’s what to know
Spencer Feingold
February 24, 2023
What is tech diplomacy and why does it matter?
Sebastian Buckup and Mario Canazza
February 23, 2023
Who is responsible for cybersecurity in the home?
Remko Vos
February 22, 2023
Cybersecurity: Why we need to shift the narrative to build a cyber-ready workforce
Santha Subramoni
February 8, 2023
About Us
Events
Media
More from the Forum
Partners & Members
Language Editions
Privacy Policy & Terms of Service
© 2023 World Economic Forum -
Mint Mobile gets affected by T-Mobile recent data breach – TmoNews
Back in January, T-Mobile revealed to its customers that it encountered a security breach during the first week of the month. The Un-carrier said that the breach compromised 37 million accounts but assured that “no financial information was stolen”. Unfortunately, the same cannot be said for some customers of its MVNO partners.
It was already reported that at least one user on Google Fi encountered a security breach that wasn’t the same as what others experienced. The phone number of the Google Fi customer was momentarily transferred to an attacker, who was able to make password reset requests specifically for a crypto wallet app called Coinbase. Fortunately, this customer was able to retrieve his accounts without any losses.
While this specific Google Fi customer is the only one (so far) we know of, there are several others who encountered the same issue on Mint Mobile.
As revealed by 9to5Google, there are at least five Mint Mobile customers who shared their experience on Reddit. These customers lost their cell connection and started to receive a notification that their Coinbase account was compromised. There is even one customer who claims that the attacker stole $15,000 worth of cryptocurrency from his app.
It is unknown whether this was a targeted attack especially since it involved the same app. And for the meantime, Mint Mobile has not yet responded to the report.
Mint Mobile and Google Fi are MVNOs operating on T-Mobile’s networks.Source: 9to5Google
Tags: data breach, Google Fi, Mint Mobile, mvno
Select the amount of total data you need for the entire plan.
For example, if you need 2 lines with 1 GB of data each, you would select 2 GB of data with the data slider below. -
CISA Regions – CISA
An official website of the United States government
Here’s how you know
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search
Across the nation, CISA offers a range of cyber and physical services throughout our 10 regions
CISA’s program of work is carried out across the nation by personnel assigned to its 10 regional offices. To contact your region’s office, click on the appropriate Region below based on your state.
Across the nation, the Cybersecurity and Infrastructure Security Agency (CISA) offers a range of cyber and physical services to support the security and resilience of critical infrastructure owners and operators and state, local, tribal, and territorial partners. Our experts collaborate with critical infrastructure partners and communities at the regional, state, county, tribal, and local levels to:
Within each CISA Region are your local and regional Protective Security Advisors (PSAs), Cyber Security Advisors (CSAs), Emergency Communications Coordinators (ECCs), and Chemical Security Inspectors (CSIs). In order to build stakeholder resiliency and form partnerships, these field personnel assess, advise, and assist and provide a variety of risk management and response services.
CISA maximizes its resources through unified integrated and cohesive stakeholder activities by engaging in speaking events and conferences.
Please direct media inquiries to CISAMedia@cisa.dhs.gov or call 703-235-2010.
Sign up to receive automatic e-mail updates from CISA.gov to keep up with breaking news and information about our various topic areas. -
Why we need global rules to crack down on cybercrime – World Economic Forum
About Us
Events
Media
More from the Forum
Partners & Members
Language Editions
Privacy Policy & Terms of Service
© 2023 World Economic Forum -
Personal Data Breach Notification (Thailand) – Data Protection … – Mondaq
On 15 December 2022, the Notification of the Personal Data Protection Committee re: Rules and Methods for Notification of the Personal Data Breach B.E. 2565 (2022) dated 6 December 2022 (“Notification”) was published in the Government Gazette and became immediately effective thereafter.
One of the obligations of the data controller under the Personal Data Protection Act (“PDPA”) is to make a notification of any personal data breach (“Personal Data Breach”)1 to the Office of the Personal Data Protection Committee (“PDPC Office”) and/or the data subject2. The Notification therefore elaborates on the definition of a Personal Data Breach and the details of the Personal Data Breach notification, which we aim to provide a summary thereof in this article.
The data controller has the duty to notify the PDPC Office when a Personal Data Breach incident as defined in the Notification occurs due to an action of the data controller, data processor, or a staff, employee, contractor, representative, or related person of the said data controller or the data processor, or any other persons, or any other factors (“Data Breach Incident”). Such Data Breach Incident may occur in various forms, as follows:
In the case of a Data Breach Incident, the data controller must:
(1) assess the credibility of such information and preliminarily investigate the Personal Data Breach without undue delay, which includes assessing the risk level of such Personal Data Breach;
(2) prevent, cease, or rectify the Personal Data Breach if the data controller finds that such Personal Data Breach poses a high risk of impacting the rights and freedom of a person;
(3) notify the PDPC Office of the cause of the Data Breach Incident without undue delay and within 72 hours from the time that it becomes aware of the cause, unless such breach does not pose a risk of impacting the rights and freedom of a person;
(4) notify the data subject of the cause of the Data Breach Incident together with the remedy approach without undue delay in the case of such breach posing a high risk of impacting the rights and freedom of a person; and
(5) proceed with the necessary and appropriate measures to cease, response, rectify, or remedy the condition resulting from the Personal Data Breach, and to prevent and reduce the impacts of any similar Personal Data Breach in the future, which includes the review of security measures to ensure their effectiveness.
To supplement the obligations in item 2.2 (3) and (4) above, the details of the notification of the Data Breach Incident shall be as follows:
(1) A notification of the Data Breach Incident to the PDPC Office shall be performed in accordance with the following details:
The data controller may rely on an exemption not to make a notification to the PDPC Office if the data controller can prove, for example, that such Data Breach Incident does not pose a risk of affecting the rights and freedom of a person, etc. In this regard, to rely on such an exemption, the data controller has the duty to provide information or evidence for the PDPC Office to consider.7 However, the method and timeline of the provision of information and evidence in relation to such exemption is not stipulated in the Notification.
(2) Notification of the Data Breach Incident to the data subject shall be performed in accordance with the following details:
In the case where the data controller enters into an agreement with the data processor with respect to an entrustment of data processing, the data controller shall stipulate in such agreement the obligation of the data processor to notify the data controller of the Data Breach Incident without delay within 72 hours from the time which the data processor becomes aware of the cause.9
For the assessment of risk of the Personal Data Breach regarding its impact on the rights and freedom of a person, the data controller may take into account factors as itemized in the Notification, such as the category of the breach, personal data that has been compromised, number and status of affected data subjects, security measures that have been taken or will be taken by the data controller, and the impact of the breach on the public, etc.10
The notification of the Data Breach Incident to the PDPC Office and the data subject is one of the key obligations of the data controller and/or data processor in the perspective of the personal data protection.
To enhance the understanding of the said obligation, the PDPC also published the Manual on Guideline for Assessment of Risk and the Notification of the Personal Data Breach Version 1.0, dated 15 December 2022.
If the data controller fails to make a notification of the Data Breach Incident as required under the PDPA and the Notification, it shall be liable for an administrative fine not exceeding THB 3,000,000 (Three Million Baht).11 Therefore, any person who is considered as a data controller and/or data processor should ensure that they duly comply with the obligation related to the Data Breach Incident under the PDPA and the Notification.
Footnotes
1. Clause 3 of the Notification. In this Notification,
“Personal Data Breach” means a breach of security measures that causes loss, unauthorized or unlawful access, use, alteration, editing, or disclosure of personal data, whether it is intentional, willful, negligent, an unauthorized or unlawful act, computer crime, cyber threat, error or accident, or other causes.
2. Section 37(4) of the PDPA.
3. Clause 4, Paragraph One of the Notification. A Personal Data Breach of which the data controller has the duty to notify the Office or the data subject…may involve a breach of one or more categories as follows:
4. Clause 6 of the Notification.
5. Clause 6 of the Notification.
6. Clause 7 of the Notification.
7. Clause 9 of the Notification.
8. Clause 11 of the Notification.
9. Clause 8 of the Notification.
10. Clause 12 of the Notification. For an assessment of risk that the Personal Data Breach poses in relation to the degree of impact on the rights
and freedom of a person, the data controller may take into account the following factors:
11. Section 83 of the PDPA.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
© Mondaq® Ltd 1994 – 2023. All Rights Reserved.
Passwords are Case SensitiveForgot your password?
Free, unlimited access to more than half a million articles (one-article limit removed) from the diverse perspectives of 5,000 leading law, accountancy and advisory firms
Articles tailored to your interests and optional alerts about important changes
Receive priority invitations to relevant webinars and events
You’ll only need to do it once, and readership information is just for authors and is never sold to third parties.
We need this to enable us to match you with other users from the same organisation. It is also part of the information that we share to our content providers (“Contributors”) who contribute Content for free for your use.
Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.