News

'Minor issue' with showing accounting customers 'unrelated business information' required repairs

Sage Group plc has confirmed it temporarily suspended its Sage Copilot, an AI assistant for the UK-based business software maker's accounting tools, this month after it blurted customer information to other users.…

PLUS: Allstate sued for allegedly tracking drivers; Dutch DDoS; More fake jobs from Pyongyang; and more

Infosec in brief  Hogwarts doesn’t teach an incantation that could have saved Harry Potter publisher Scholastic from feeling the power of an online magician who made off with millions of customer records - except perhaps the wizardry of multifactor authentication.…

PLUS: Salt Typhoon and IT worker scammers sanctioned; Alibaba Cloud’s K8s go global; Amazon acquires Indian BNPL company

Asia In Brief  When food delivery “superapps” started operations in Indonesia, users started putting on weight – and that’s not an entirely bad thing.…

Incoming president promises to allow ongoing operations for 90 days just as made-in-China app started to go dark

US president-elect Donald Trump appears to have proposed the government he will soon lead should acquire half of made-in-China social media service TikTok’s stateside operations.…

The S in LLM stands for Security

OpenAI's ChatGPT crawler appears to be willing to initiate distributed denial of service (DDoS) attacks on arbitrary websites, a reported vulnerability the tech giant has yet to acknowledge.…

Plus: Uncle Sam is cross with this one Chinese biz over Salt Typhoon mega-snooping

Decades-old legislation requiring American telcos to lock down their systems to prevent foreign snoops from intercepting communications isn't mere decoration on the pages of law books – it actually means carriers need to secure their networks, the FCC has huffed.…

Ransomware, AI, secure software, digital IDs – there's something for everyone in the presidential directive

Analysis  Joe Biden, in the final days of his US presidency, issued another cybersecurity order that is nearly as vast in scope as it is late in the game.…

Competition hots up with Ivanti over who can have the worst start to a year

Fortinet has confirmed that previous analyses of records leaked by the Belsen Group are indeed genuine FortiGate configs stolen during a zero-day raid in 2022.…

With Biden reportedly planning to skirt enforcement and kick the can to Trump, this saga might still not be over

updated  The US Supreme Court has upheld a law requiring TikTok to either divest from its Chinese parent company ByteDance or face a ban in the United States. The decision eliminates the final legal obstacle to the federal government forcing a shutdown of the platform on January 19.…

Turns out tool does both file transfers and security fixes fast

Don't panic. Yes, there were a bunch of CVEs affecting potentially hundreds of thousands of users found in rsync in early December – and made public on Tuesday – but a fixed version came out the same day, and was further tweaked for better compatibility the following day.…

Pastes allegedly stolen documents on leak site with £600K demand

Another year and yet another UK local authority has been pwned by a ransomware crew. This time it's Gateshead Council in North East England at the hands of the Medusa group.…

If you want a picture of the future, imagine your infosec team stamping on software forever

Microsoft brainiacs who probed the security of more than 100 of the software giant's own generative AI products came away with a sobering message: The models amplify existing security risks and create new ones.…