Most #healthcare workers don't check #security protocols before trying out new generative AI tools such as #ChatGPT, putting patient and other sensitive data at risk, said Sean Kennedy of software vendor Salesforce, which recently conducted research on potential security gaps in healthcare settings.
A new pattern of sophisticated email spamming is on the rise. Spammers use stolen email accounts of legit organizations, often universities. Thus, spam will not be caught by spam filters. Next, spammers use #ChatGPT to make the scam sound authentic.
Here's an example. This email was sent from an account seemingly belonging to a university student in Hungary. The headers of the email clearly show that it was sent from the university mail server. (This explains why it escaped iCloud's spam filter)
The email is in German. It's grammatically correct, but sounds weird in a few occasions. The spammers use a different name in the letter than the name of the account owner (shown redacted). Also, the spammers set a different email in the "Reply-To" field. They want victims to reply to their email address, probably in case they lose access to the stolen account.
Stolen accounts often belong to universities. Perhaps because they don't enforce SSL.
Help! My Achilles heel at work has always been issues related to broadly understood data encryption and decryption. For some reason my brain can't sort it all out - private keys, public keys, signing keys, AES, SHA, RSA, GPG, SSO, OAuth, etc..
Every time this topic comes up at work, I know that I will be scratching my head for days.
So my question to you guys is, can you recommend a good book to help me understand these things once and for all? Thank you in advance.
"The Mandiant team was facing a textbook example of a software-supply-chain attack—the nefarious alteration of trusted software at its source. In a single stroke, attackers can infect thousands, potentially millions, of machines." —@kimzetter for @WIRED
I should have seen it coming. I (hesitantly) signed up to #LinkedIn for professional reasons. All goes well for two days.
Now my account is restricted until I verify my #IDby uploading a photo of my ID card (which doesn't even work).
The restriction is presumably because of either connecting over a #VPN or not having a profile photo, which are measures I take to protect my #privacy and #security.
I'm of a mind to just send a data erasure request and avoid wasting any more time.
Insanity, but what else is new at the bird site. FYI, where I work inactive accounts are only locked after 30 days, not deleted! After 90 days it is flagged for deletion, but it isn't automatic. We review the list as some are on extended leave and policy is to leave them there until after 365 days of inactivity. We do the housekeeping manually as we have less than 10k accounts. I hope they publish the stats on how many gets deleted.