Socura finds the percentage of women in cybersecurity positions has fallen seven percentage points since 2021 to 17%
Category Archives: News
The AI Fix #18: ChatGPT’s false memories, and would an inner critic stop AI hallucinations?
In episode 18 of “The AI Fix” our hosts discover that OpenAI’s Advanced Voice mode is too emotional for Europeans, a listener writes a Viking saga about LinkedIn, ChatGPT is a terrible doctor, and the voice of Meta AI takes to Meta’s platforms to complain about Meta AI reading things people post on Meta’s platforms.
Mark discovers what Darth Vader really said on Cloud City, Graham rummages through ChatGPT’s false memories, and our hosts find out why AIs need an inner critic.
All this and much more is discussed in the latest edition of “The AI Fix” podcast by Graham Cluley and Mark Stockley.
British Hacker Charged in the US For $3.75m Insider Trading Scheme
UK hacker Robert Westbrook allegedly gained unauthorized access to corporate executives’ email accounts to profit from confidential financial information
Ransomware Attack Forces UMC to Divert Emergency Patients
UMC in Lubbock, Texas, confirmed a ransomware attack last week, disrupting patient care and IT systems
Evil Corp’s LockBit Ties Exposed in Latest Phase of Operation Cronos
The UK has sanctioned 16 members of the notorious Russian hacking group Evil Corp, exposing their links to the prolific LockBit ransomware group
T-Mobile to Pay $15.75m Penalty for Multiple Data Breaches
T-Mobile will pay $15.75m to the US Treasury for multiple data breaches in 2021, 2022 and 2023 and has agreed to invest in improved cybersecurity defenses
Hacking ChatGPT by Planting False Memories into Its Data
This vulnerability hacks a feature that allows ChatGPT to have long-term memory, where it uses information from past conversations to inform future conversations with that same user. A researcher found that he could use that feature to plant “false memories” into that context window that could subvert the model.
A month later, the researcher submitted a new disclosure statement. This time, he included a PoC that caused the ChatGPT app for macOS to send a verbatim copy of all user input and ChatGPT output to a server of his choice. All a target needed to do was instruct the LLM to view a web link that hosted a malicious image. From then on, all input and output to and from ChatGPT was sent to the attacker’s website.
People Know Their Data Rights, and They’re Here to Play Ball
The content of this post is solely the responsibility of the author. LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article.
After being the subject of big-box data pillaging for so long, consumers finally demand control over their own natural resources – and they’ll take their business elsewhere if they don’t get it.
As individuals see global corporate powers haggle over their personal information, they start to sense just how much their data is worth. And they’re not giving it out for free anymore; in a recent Thales report, 87% of consumers expect “some level of privacy rights” from the companies accessing their data. This seems to be a theme; as companies ask for customers’ information, customers are making demands in return. The question is, can companies keep the balance?
People don’t trust you with their data. Period.
When you trust someone with your finances, you give them control over them. This could be an executor, an investment adviser, your spouse – anyone you feel would do as good a job as you or, better, someone with your best interests at heart. When you don’t trust someone, the opposite is true.
Judging by the amount of control consumers now demand over their data, it’s clear that trust is a commodity yet to be earned by corporate entities. Or if once given by default, it is now hastily being snatched back. A report by professional services firm KPMG revealed that 56% want more control over their personal data, and 87% characterize it as a human right. Indeed, digital rights are human rights!
A recent study by the Annenberg School for Communication summed it up: “Eighty percent of Americans believe that what companies know about them can cause them harm.”
“I have data rights and am not afraid to use them!”
More and more, people are recognizing the high value that businesses place on their data – indeed, that it is the source of many businesses – and they want control over who has it, what they do with it, and when it can be obtained.
It also leaves a really, really bad taste in their mouths when organizations try to hide their data collection, “con them out of it,” or refuse to protect it (and them in the process). The Digital Trust Index report highlights what users now expect from the companies sourcing their information. The list amounts to a very short leash, indicative of very minimal trust. It includes:
72% | Online brand interactions that fit around their workday.
22% | Over one in five will give up after a fruitless online customer service interaction.
46% | A clear view of the data they’ve consented to share.
Additionally, the report reveals that these requirements come with a great deal of mistrust surrounding the entities that handle their information. Trust around the globe in social media companies ranges
from a high of 10% in the US and South Africa, to a low of 2% in Japan. When it comes to organizations using Generative AI, nearly half of all respondents were wary (47%), while those in France and the UAE showed above-average concern (54%).
These stats highlight the challenging position this puts many businesses in, although the terrain is to be expected.
How Do I Protect Them? Let Me Count the Ways
Following significant breaches of trust, there has been a decline in consumer trust towards corporations, governments, small businesses, and non-profits when it comes to safeguarding their information. Consumers are increasingly vigilant and assertive in ensuring the security and privacy of their personal data. Clear-cut and aggressive legislation protecting every ounce of data and consumer autonomy over it has been what’s followed, and that ball is still rolling.
It’s worth compiling a list of all, or at least many, of the notable data privacy and protection laws to date. These are the fruits of our misgivings around for-profit companies harvesting our stats without (and even with) our consent. It can only be approximate, as this legislative snowball is picking up steam, and many are in the works as we speak.
Quick spoiler: Of 194 countries represented in the United Nations (technically 193 plus two non-member observer states), 137 have enacted data privacy and protection laws to date. Here are some you might recognize.
GDPR | General Data Protection Regulation (GDPR)
CCPA | California Rights Privacy Act (CRPA)
APRA | American Privacy Rights Act (APRA)
HIPAA | Health Insurance Portability and Accountability Act (HIPAA)
PCI DSS | Payment Card Industry Data Security Standard
GLBA | Gramm-Leach-Bliley Act
In the US, fifteen states have enacted comprehensive data privacy laws, seven more have put more narrow ones in place, and fifteen total have introduced privacy laws in 2023-2024, according to Bloomberg Law.
The Consequence of Breaking [Data] Trust
While the effort required to implement data protection policies around the globe is monumental, it is simply “the cost of doing business” in the modern world. Don’t do it and see what happens. Security Magazine figures indicate that 66% of US consumers would send a clear message to ham-handlers of sensitive data, refusing to trust their information to a company that suffered a breach.
Consultants at Wavestone report over 91% of businesses now derive significant value from customer data, that’s a message for companies worth listening to and acting upon. Investing in a Customer IAM solution that keeps customer privacy front and center of the authentication journey becomes an enabler for compliance, enhanced trust, and improved bottom line.
An ardent believer in personal data privacy and the technology behind it, Katrina Thompson is a freelance writer leaning into encryption, data privacy legislation, and the intersection of information technology and human rights. She has written for Bora, Venafi, Tripwire, and many other sites.
Ten Million Brits Hit By Fraud in Just Three Years
New Santander research claims 10 million UK consumers have suffered fraud since 2021, costing the economy £16bn
ISACA: European Security Teams Are Understaffed and Underfunded
New ISACA research reveals most cybersecurity teams are suffering from staffing and funding shortages