Critical AI vulnerability EchoLeak exposed in Microsoft 365 Copilot! Learn about the zero-click attack and its implications. #DataExfiltration #AI #Cybersecurity https://redoracle.com/News/AI-Data-Leaks-EchoLeak-Vulnerability-Exposed.html
@mwdawson Yeah, just like #CloudAct demands from anyone residing within the #USA, conducting business in the USA or having a parent/subsidiary operating in the #US.
Something #GAFAMs work hard to let people do: KEEP #selfCustody of their data!
Cybersecurity researchers have uncovered two malicious packages, zebo and cometlogger, on the Python Package Index (PyPI) that exfiltrate sensitive data from compromised systems! 
With over 280 downloads before removal, these packages employ advanced techniques for surveillance and credential theft. Always verify code before running! 
#Cybersecurity #Malware #Python #DataExfiltration #Fortinet #newz
https://thehackernews.com/2024/12/researchers-uncover-pypi-packages.html
Keep an eye on unexpected #WinRAR activity—legitimate software doesn't always mean legitimate use. Identifying unusual command-line options can help uncover potential threats early.
@gurkanctn @nazgul not just invading, but illegal...
/home/ directory and preemptively upload all the PDFs and OOXML files to OneDrive just in case you want to sent them from your laptop...This is called an "info stealer" and it's classified as a malware for very good reasons!
@nickali @nazgul that's because they never faced actual accountability nor consequences.
https://infosec.space/@kkarhan/113413999824933801
https://infosec.space/@kkarhan/113414012396154242
@femme_mal @Catawu @DamonWakes @lrhodes @nazgul either way I'm convinced this shit is so flatout illegal in the EU that it's literally a felony in places like Germany, where even having such functionality may fall under "production, possession, distribution and use of tools to facilitate data manipulation and/or extraction against the owners' consent" (§202c penal code)...
But that's just my opinion, and #NotLegalAdvice!
@jodmentum @nazgul why is there no "no thanks" option with a tickbox "don't ask me again" next to it?
@briankrebs The best way to prevent #dataexfiltration when breached is not to collect or store unnecessary data in the first place. That makes many of the current spate of #databreaches avoidable, self-inflicted incidents for which large companies are never held accountable in any truly meaningful way.
You're spot on when you say that #databrokers rely on large #datalakes of sensitive data they don't need directly. They also rely on large data sets where any typical datum may be harmless in itself, but often becomes sensitive or dangerous when aggregated, and often exponentially more so when connected to intrinsically sensitive data such as #PII, #PHI, or identity.
Setting aside the financial incentives and lack of accountability for the data brokers, how do #businessleaders, #regulatoryagencies, and #electedpoliticians justify this state of affairs to you? It's not like the public and private sectors don't also have data they want to protect, so why allow this shadow industry to prosper? This seems even more mystifying when it's so clearly a double-edged sword even for the brokerages' paying customers!
Latest issue of my curated #cybersecurity and #infosec list of resources for week #32/2023 is out! It includes the following and much more:
➝ 
Nearly 1.5 million affected by data breach at Alberta Dental Service Corporation
➝ 
EY breach exposes Bank of America customer credit card numbers
➝ 
Northern Ireland Police Officers Vulnerable After #DataLeak
➝ 
U.K. election admin agency #breach exposed personal information of tens of millions voters
➝ 
#Spyware maker #LetMeSpy shuts down after hacker deletes server data
➝ 
Researchers Shed Light on #APT31's Advanced Backdoors and #DataExfiltration Tactics
➝ 
#Satellite hack on eve of #Ukraine war was a coordinated, multi-pronged assault
➝ 
#Belarus hackers target foreign diplomats with help of local ISPs, researchers say
➝ 
#Interpol takes down 16shop #phishing-as-a-service platform
➝ 
New #ransomware gang emerges in #Vietnam
➝ 
#Lazarus hack Russian missile maker as #Moscow pleas for shells
➝ 
Cyber Safety Review Board to analyze cloud security in wake of Microsoft hack
➝ 
#India Passes Data Protection Legislation in Parliament. Critics Fear #Privacy Violation
➝ 
Russia Starts Blocking #VPN Protocols
➝ #China-Linked Hackers Strike Worldwide: 17 Nations Hit in 3-Year Cyber Campaign
➝ 
White House launches #AI cyber challenge to identify and fix open-source software #vulnerabilities
➝ 
#Russia scrambles to hide sensitive data from investigative journalists
➝ 
#Microsoft finds vulnerabilities it says could be used to shut down power plants
➝ 
️ New SystemBC #Malware Variant Targets Southern African Power Company
➝ 
Meet the Brains Behind the Malware-Friendly AI Chat Service ‘#WormGPT’
➝ 
The number of #ransomware attacks targeting #Finland increased fourfold since it started the process to join #NATO
➝ 
Popular #opensource project #Moq criticized for quietly collecting data
➝ Hacker vs. machine at #DEFCON: Thousands of security researchers vie to outsmart AI in Las Vegas
➝ 
“Downfall” bug affects years of #Intel #CPU's, can leak #encryption keys and more
➝ 
Bringing threat intelligence and adversary insights to the forefront: #XForce Research Hub
This week's recommended reading is: "Visual Threat Intelligence: An Illustrated Guide For Threat Researchers" by Thomas Roccia
Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end 
https://infosec-mashup.santolaria.net/p/infosec-mashup-week-322023
A lot of pointing fingers here. #DataBreach activities happen due to human error all the time. This is why I’m in favour of #DataExfiltration technologies to mitigate these risks.
This is a constant struggle with #OpenData.
@jessdkant Such #airgap-hopping is nothing new.
It doesn't take experts like @stman to turn this into a crude narrowband modem...
And yes, there has been #malware in the wild that does #DataExfiltration by modulating the speed of fans - just in case someone things unplugging or desoldering a speaker works...
IMHO people owning or having said #Govware - #Appliances in their homes are either dangerously incompetent #TechIlliterates or dangerous #ignorants for not banning this shit from prems.
A Republican poll worker charged with violating election law admitted he used a personal flash drive to export the electronic poll book at a Michigan precinct
#Michigan #Republican #PollWorker #DataExfiltration #USBFlashDrive #ElectionLaw
https://www.woodtv.com/news/kent-county/testimony-poll-worker-admitted-to-using-usb-drive/
