AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to confirm the legitimacy of all the data in the database, we have confirmed some of the entries are accurate, including those whose data is not publicly accessible for scraping. READ MORE...
A Moldovan national has been sentenced to 42 months in prison in the US for operating an illicit marketplace on which hundreds of thousands of compromised credentials were offered for sale. According to court documents, the man, Sandu Boris Diaconu, 31, created and managed E-Root Marketplace, a series of websites for selling access to compromised systems. Diaconu was arrested in the UK in May 2021 and extradited to the US in October 2023. He pleaded guilty in December 2023. READ MORE...
A team of researchers from the Graz University of Technology in Austria and the University of Rennes in France has demonstrated a new graphics processing unit (GPU) attack impacting several popular browsers and graphics cards. The research focused on WebGPU, an API that enables web developers to use the underlying system's GPU to carry out high-performance computations in a web browser. By leveraging this API, they have demonstrated an attack that works entirely from the web browser. READ MORE...
New data breach reporting rules requiring U.S. telecommunications network operators to notify regulators, law enforcement agencies and customers of breaches more quickly took effect Wednesday. The updated Federal Communications Commission rules, which were adopted in mid-December, cover the exposure of all personally identifiable information that could create a security risk for customers. The data breach reporting rules were added to the Federal Register in February and took effect March 13. READ MORE...
Zero tolerance of failure by information security professionals is unrealistic, and makes it harder for cyber security folk to do the essential part of their job: recovering fast from inevitable attacks, according to Gartner analysts Chris Mixter and Dennis Xiu. In their keynote at the firm's Security & Risk Management Summit in Sydney, Australia, today, VP analyst Mixter and director analyst Xiu argued that no amount of effort can prevent infosec incidents. READ MORE...
Almost as quickly as a paper came out last week revealing an AI side-channel vulnerability, Cloudflare researchers have figured out how to solve it: just obscure your token size. The paper [PDF], from researchers at the Offensive AI Institute at Israel's Ben Gurion University, found an issue with how all non-Google ChatGPT derivatives (including Microsoft Copilot) transmit chat sessions between LLM servers and users. READ MORE...
Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise. Though the method achieves an average success rate of 43%, which is significantly lower than other methods presented in the past, it it does not require controlled recording conditions or a specific typing platform. READ MORE...
It seems like AI large language models (LLMs) are everywhere these days due to the rise of ChatGPT. Now, a software developer named Ishan Anand has managed to cram a precursor to ChatGPT called GPT-2-originally released in 2019 after some trepidation from OpenAI-into a working Microsoft Excel spreadsheet. It's freely available and is designed to educate people about how LLMs work. READ MORE...