A ransomware gang threatens American university students, Samsung tells staff to stop using ChatGPT, and more.
Welcome to Cyber Security Today. It’s Wednesday, May 3rd, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
A ransomware gang that claims to have struck Virginia’s Bluefield University over the weekend is texting students, faculty and staff. Why? To get them to pressure the administration to pay to get stolen data back. According to TV station WVVA, the messages says if the university doesn’t pay up the data on students will be released on the dark web. The AvosLocker gang is taking credit for the attack. It’s the latest example of how a threat actor goes public to squeeze management for money. The university said it discovered a cyber attack on Sunday. One of the systems impacted is the university’s alert texting service, which is how those threatening messages are going out. One lesson: Servers with data aren’t the only system attackers go after.
Samsung has become the latest company to ban employees from using ChatGPT and other AI-powered chatbots. According to Bloomberg News, this comes after an employee uploaded sensitive code to ChatGPT last month. Then that got leaked. It isn’t clear what the Samsung staffer uploaded. Some developers use ChatGPT to help them write code. But that code can be seen by other users. In an effort to improve privacy controls last week ChatGPT’s developer, OpenAI, said users will be allowed to turn off their chat history feature so their conversations with the chatbot can’t be used to train its models. They will still be stored on the company’s servers, but deleted after 30 days.
Montreal-based Yellow Pages is sending data breach notification letters to current and former employees in Canada and the U.S. In a copy of the April 28th letter filed with the Vermont attorney general’s office, the company says it learned that a hacker got into some of its servers on March 21st. Information copied included names, dates of birth, email addresses, postal addresses, Social Insurance numbers, bank account information and more. The Black Basta ransomware gang has taken credit for the attack.
Apple released its first iPhone, iPad and Mac security updates to the general public through its Rapid Security Response capability. It’s a capability that allows the company to issue patches that install quickly. However, the Bleeping Computer news site says some users report the update has trouble with iPhones. The update should install automatically, but it doesn’t hurt to check it yourself.
Attention users of Amazon’s Fire TV Stick and Insignia’s FireOS TV products. Make sure you’re running the latest version of these streaming devices. Researchers at Bitdefender found some vulnerabilities that need to be patched.
Apple and Google have jointly submitted a proposed industry specification to help stop threat actors from using Bluetooth location-tracking devices to follow you. People can use tracking devices like Apple Air Tags on all sorts of things from purses and camera bags to luggage. But that leads them open to abuse. The proposed specification still has to be approved.
Ten weeks after the U.S. Marshalls’ Service suffered a ransomware attack one of its systems is still offline. That’s according to the Washington Post. The system is one used to track suspects through their cell phones, emails and web usage.
Finally, are you psyched up about King Charles’ coronation on Saturday? Want to be surrounded by flags, shirts and other memorabilia? If so, be careful where you buy the stuff online. Researchers at Kaspersky say websites are pedaling fake coins, mugs, plates and other coronation-related goods. What they are really doing is vacuuming up your personal data and credit card numbers. Only buy any goods online from reputable sites.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.