🚨 Slack AI Model Outrage, SEC Breach Notification Amendment, Banking Malware, GitHub Exploit

CyberHub Podcast

1×

0:00

-13:33

🚨 Slack AI Model Outrage, SEC Breach Notification Amendment, Banking Malware, GitHub Exploit

Today’s top cybersecurity news and the latest threats from Practicing CISO James Azar, tune in to hear how practitioners breakdown the latest to bolster their cybersecurity programs

James Azar

May 20, 2024

Transcript

Slack Faces Backlash Over AI Data Training

Slack has come under fire for automatically opting users into a program that uses their data to train AI models. Despite promises of technical controls to prevent data leaks, the company has now decided to switch to an opt-in system following significant public outcry.

Action Points:

Review and Adjust Settings: Corporate admins should review and adjust their Slack settings to ensure they opt out of any unwanted data sharing.
Stay Informed: Regularly check for updates from Slack regarding data privacy policies to ensure compliance and user privacy.

SEC Amends Regulation SP

The SEC has adopted amendments to Regulation SP, requiring financial institutions to notify impacted individuals of data breaches within 30 days of discovery. This regulation aims to enhance the protection of consumer financial information.

Action Points:

Update Compliance Procedures: Financial institutions should update their data breach response plans to ensure timely notifications within the new 30-day window.
Implement Stronger Data Protection: Develop and maintain robust policies to detect, respond to, and recover from unauthorized access to sensitive information.

WebTPA Data Breach Affects Millions

WebTPA has disclosed a data breach impacting over 2.4 million individuals. The breach, discovered in December, involved unauthorized access to PII, including names, contact info, and Social Security numbers.

Action Points:

Monitor Personal Information: Affected individuals should monitor their personal information and financial accounts for suspicious activity.
Enhance Security Measures: Organizations should strengthen their cybersecurity measures to prevent similar breaches in the future.

Grandiorio Banking Trojan Resurfaces

The Grandiorio banking trojan is back with a large-scale phishing campaign targeting 1,500 banks in over 60 countries. Despite previous disruptions, the malware has returned with new features and improved encryption.

Action Points:

Educate Employees Conduct training sessions to educate employees about phishing threats and how to recognize them.
Deploy Advanced Security Tools: Utilize advanced security tools to detect and prevent malware infections.

GitHub Targeted by Software Supply Chain Attacks

A new campaign, dubbed "Get Caught," is targeting GitHub with software supply chain attacks. These attacks misuse authentic internet services and involve multiple malware variants targeting various operating systems.

Action Points:

Secure Code Repositories: Implement stringent security measures for code repositories to prevent unauthorized access and malicious modifications.
Regularly Audit Dependencies: Conduct regular audits of software dependencies to identify and mitigate potential vulnerabilities.

Concerns Over NYPD's Use of Chinese-Made Drones

Congressional leaders have raised concerns about the NYPD's use of Chinese-made drones, citing potential national security risks. The NYPD defended the use, stating the effectiveness and affordability of these drones.

Action Points:

Evaluate Alternatives: Explore and evaluate alternative drone suppliers to mitigate potential security risks.

Strengthen Data Security: Implement robust data security measures to protect sensitive information collected by drones.

Nigeria Halts Cybersecurity Tax Amid Public Outcry

The Nigerian government has suspended a proposed tax on domestic electronic transactions intended to fund a national cybersecurity program. The decision followed widespread public criticism amid economic challenges.

Action Points:

Seek Alternative Funding: Explore alternative funding mechanisms to support national cybersecurity initiatives without burdening the public.
Engage with Stakeholders: Engage with stakeholders to understand their concerns and develop more acceptable solutions.

Palo Alto and IBM Announce Strategic Partnership

Palo Alto and IBM have announced a significant partnership to jointly provide cybersecurity solutions. IBM will also expand its deployment of Palo Alto security platforms and train consultants on Palo Alto products.

Action Points:

Leverage New Services: Businesses should consider leveraging the new joint cybersecurity solutions and consulting services offered by Palo Alto and IBM.
Stay Updated: Keep informed about the latest developments in this partnership to benefit from new security innovations.

Conclusion:

Stay informed, stay prepared, and stay cyber safe. Tune in tomorrow for more updates and insights. Remember to subscribe to our podcast and follow us on social media for the latest cybersecurity news.

Discussion about this podcast

CyberHub Podcast

Today’s top cybersecurity news and the latest from Practicing CISO James Azar, tune in to hear how practitioners read, view and work after hearing the latest headlines and how these stories help keep practitioners sharp and ready.

Listen on