Security News

The complaint follows a similar protest in the European Union under the General Data Protection Regulation, which resulted in the social media biz agreeing to pause plans to train AI models on EU users' Facebook and Instagram users' posts. Although UK data protection law currently mirrors that in the EU, its decision to leave the economic and political bloc came into effect at the end of 2020.

In terms of subscriptions, PureVPN and NordVPN employ similar subscription tiers. PureVPN and NordVPN offer almost identical VPN protocols with their respective services.

Threat actors are also hijacking non-human identities, including service accounts and OAuth authorizations, and riding them deep into SaaS applications. When threat actors get through the initial defenses, having a robust Identity Threat Detection and Response system in place as an integral part of Identity Security can prevent massive breaches.

Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: an enduring campaign that aims to infect Facebook users with the SYS01 information stealer, which grabs everything the attackers need to carry on with it endlessly.

Cybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server. The packages in question - img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy - have been downloaded 190 and 48 times each.

The Iranian nation-state actor known as MuddyWater has been observed using a never-before-seen backdoor as part of a recent attack campaign, shifting away from its well-known tactic of deploying legitimate remote monitoring and management software for maintaining persistent access. "Compared to previous campaigns, this time MuddyWater changed their infection chain and did not rely on the legitimate Atera remote monitoring and management tool as a validator," Sekoia said in a report shared with The Hacker News.

An advanced persistent threat group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida. "Variations of the Atlantida campaign have been highly active throughout 2024 and have evolved to use CVE-2024-38112 as part of Void Banshee infection chains," security researchers Peter Girnus and Aliakbar Zahravi said.

This rings true; I've spoken with nearly 100 enterprise CISOs in the first half of 2024, and their primary concerns are how to get visibility over employee AI use, how to enforce corporate policies on acceptable AI use, and how to prevent loss of customer data, intellectual property, and other confidential information. How is AI acceptable use policy expressed? Consider an AI data access policy: a law or consulting firm might require that LLM data from client A can't be used to generate answers for client B. A public company's general counsel might want an AI topic access policy: employees outside of finance and below the VP level can't ask about earnings info.

First, learners should familiarize themselves with the learning modes available to help them study for certification exams. Learners can track their learning path progress and set "Micro" learning "Goals" in the lead-up to the certification exam.

Russian security vendor Kaspersky has said it's exiting the U.S. market nearly a month after the Commerce Department announced a ban on the sale of its software in the country citing a national security risk. The company is expected to wind down its U.S. operations on July 20, 2024, the same day the ban comes into effect.