<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/18/2024

SHARE

Breaches

AT&T says leaked data of 70 million people is not from its systems

AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. While BleepingComputer has not been able to confirm the legitimacy of all the data in the database, we have confirmed some of the entries are accurate, including those whose data is not publicly accessible for scraping. READ MORE...

Hacking

Moldovan Operator of Credential Marketplace Sentenced to US Prison

A Moldovan national has been sentenced to 42 months in prison in the US for operating an illicit marketplace on which hundreds of thousands of compromised credentials were offered for sale. According to court documents, the man, Sandu Boris Diaconu, 31, created and managed E-Root Marketplace, a series of websites for selling access to compromised systems. Diaconu was arrested in the UK in May 2021 and extradited to the US in October 2023. He pleaded guilty in December 2023. READ MORE...


New Attack Shows Risks of Browsers Giving Websites Access to GPU

A team of researchers from the Graz University of Technology in Austria and the University of Rennes in France has demonstrated a new graphics processing unit (GPU) attack impacting several popular browsers and graphics cards. The research focused on WebGPU, an API that enables web developers to use the underlying system's GPU to carry out high-performance computations in a web browser. By leveraging this API, they have demonstrated an attack that works entirely from the web browser. READ MORE...

Information Security

Stronger FCC data breach reporting rules for telecom go live

New data breach reporting rules requiring U.S. telecommunications network operators to notify regulators, law enforcement agencies and customers of breaches more quickly took effect Wednesday. The updated Federal Communications Commission rules, which were adopted in mid-December, cover the exposure of all personally identifiable information that could create a security risk for customers. The data breach reporting rules were added to the Federal Register in February and took effect March 13. READ MORE...


Infosec teams must be allowed to fail, argues Gartner

Zero tolerance of failure by information security professionals is unrealistic, and makes it harder for cyber security folk to do the essential part of their job: recovering fast from inevitable attacks, according to Gartner analysts Chris Mixter and Dennis Xiu. In their keynote at the firm's Security & Risk Management Summit in Sydney, Australia, today, VP analyst Mixter and director analyst Xiu argued that no amount of effort can prevent infosec incidents. READ MORE...

Exploits/Vulnerabilities

ChatGPT side-channel attack has easy fix: token obfuscation

Almost as quickly as a paper came out last week revealing an AI side-channel vulnerability, Cloudflare researchers have figured out how to solve it: just obscure your token size. The paper [PDF], from researchers at the Offensive AI Institute at Israel's Ben Gurion University, found an issue with how all non-Google ChatGPT derivatives (including Microsoft Copilot) transmit chat sessions between LLM servers and users. READ MORE...


New acoustic attack determines keystrokes from typing patterns

Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise. Though the method achieves an average success rate of 43%, which is significantly lower than other methods presented in the past, it it does not require controlled recording conditions or a specific typing platform. READ MORE...

Science & Culture

Once "too scary" to release, GPT-2 gets squeezed into an Excel spreadsheet

It seems like AI large language models (LLMs) are everywhere these days due to the rise of ChatGPT. Now, a software developer named Ishan Anand has managed to cram a precursor to ChatGPT called GPT-2-originally released in 2019 after some trepidation from OpenAI-into a working Microsoft Excel spreadsheet. It's freely available and is designed to educate people about how LLMs work. READ MORE...

On This Date

  • ...in 1766, the British Parliament repeals the Stamp Act, removing the tax on printed materials produced in the American colonies.
  • ...in 1850, American Express is founded by Henry Wells and William Fargo.
  • ...in 1935, Parker Bros. bought the the rights to Charles Darrow's version of Monopoly, nearly the same as the one still played today.
  • ...in 1965, Soviet cosmonaut Alexey Leonov becomes the first person to walk in space, leaving his Voskhod 2 spacecraft for a full 12 minutes and nine seconds.