Sep 20 2023
Welcome to Gone Phishing, your daily cybersecurity newsletter that hates cybercriminals but secretly hopes hackers decimate TikTok’s new subscriber only format. #OnlyFans #TheFallofRome #ArmageddonOuttaHere ????????????
Today’s hottest cybersecurity news stories:
???? Microsoft exposes itself to the tune of 38 terabytes of confidential data ????
???? Transparent Tribe spreads CapraRAT Malware via fake YouTube apps ????
???? WATCH Live Webinar: Overcoming Generative AI Data Leakage Risks ????
If you are a techie and/or in to compliance and security then this newsletter will be right up your street. Its a well written newsletter with great content on software and websites for developers and businesses that use software or rely on 3rd party suppliers for services with a security and compliance focus, lets be honest all business should have a security and compliance focus ????
Sponsored
Highlighting companies with fresh new security and compliance certifications ⚡️
giphy.com
Microsoft took swift action to rectify a major security lapse that exposed 38 terabytes of private data. ???? This incident occurred on the company’s AI GitHub repository and was an inadvertent result of publishing open-source training data. The repository, named “robust-models-transfer,” is now inaccessible.
The leak included sensitive information like secrets, keys, passwords, and over 30,000 internal Teams messages. ???? It was caused by an overly permissive SAS token, an Azure feature for data sharing, and a misconfiguration that allowed “full control” permissions. ????
Microsoft has clarified that no customer data was compromised, and other services remained secure. They revoked the SAS token, blocked external access, and resolved the issue promptly. ????
To prevent future risks, Microsoft is expanding its secret scanning service to identify overly permissive SAS tokens. They also addressed a bug in their scanning system. The incident highlights the importance of securing Azure storage accounts and avoiding the use of Account SAS tokens for external sharing. ????️
This incident isn’t the first of its kind, but it underscores the need for robust security in handling large datasets, especially in AI development. Microsoft remains committed to enhancing its security measures. Stay tuned for more updates on tech security! ????????
I came across ZZZ money club during the crypto market bull run when everyone’s a winner, even during the bear market this discord group has been amazing at giving information on projects and ways to make passive income in various ways.
The group is very active and everyone in this private discord group is very chatty and helpful.
Its run by Yourfriendandy and Decadeinvestor, you can find them here on YouTube, both top guys with great content.
If you are interested in joining the group you can through the link below.
Gif by nettwerkmusic on Giphy
The notorious threat actor, Transparent Tribe (APT36), linked to Pakistan, is back in action! They’re using sneaky Android apps mimicking YouTube to distribute the CapraRAT mobile remote access trojan (RAT). ????
CapraRAT is a nasty tool that lets hackers take control of Android devices, compromising sensitive data. ????????
Transparent Tribe is known for targeting Indian entities with various tools that infiltrate Windows, Linux, and Android systems. CapraRAT is a vital part of their toolkit, disguised as secure messaging and calling apps named MeetsApp and MeetUp. These apps use social engineering tricks to lure victims.
Their latest trick? They’ve created fake YouTube apps, with one even linked to a channel owned by “Piya Sharma.” ????
These apps use romance-based phishing to fool users into installing them. Here’s the list of deceptive app names:
com.Base.media.service
com.moves.media.tubes
com.videos.watchs.share
Once installed, these apps demand intrusive permissions, allowing CapraRAT to swipe sensitive data and send it to the hackers’ server. This RAT can even make phone calls and tamper with SMS messages. ????????????
Transparent Tribe’s tactics may be predictable, but they are persistent. Those involved in diplomatic, military, or activist activities in India and Pakistan regions should beef up their defences against this threat. Stay vigilant! ????️????
Every few weeks, we carefully select three hot newsletters to show you. Reputation is everything, so any links we share come from personal recommendation or carefully researched businesses at the time of posting. Enjoy!
???? HealthHack: Tech is making it easier than ever to reach your fitness goals, from wearable devices to nutrition apps, this newsletter does the research for you, get all the latest health tech gadgets delivered to your inbox.
₿ Crypto Nutshell: A well written and beautifully designed newsletter giving you the lowdown on crypto and web3, highly recommend if interested to get up to date info on the crypto/web3 market.
???? Big Brain: Trending AI news, jobs and tools delivered in 3 minutes per day.
Let us know what you think!
Gif by boomerangtoons on Giphy
As the use of generative AI tools like ChatGPT skyrockets, so does the risk of data exposure. According to Gartner’s “Emerging Tech: Top 4 Security Risks of GenAI” report, privacy and data security are among the top emerging risks in this field. ????
????️ Join the Webinar ????️
In an upcoming webinar featuring a Fortune 100 CISO and the CEO of LayerX, they’ll be diving into this critical risk. They’ll explain why data security is a concern and explore the role of Data Loss Prevention (DLP) solutions in mitigating this risk.
???? Business and Security Risks of Generative AI ????
Generative AI poses risks when employees insert sensitive text into these apps. This data becomes part of the AI’s training set, raising immediate and long-term concerns. Immediate risk includes data leakage, while long-term risks involve data retention, compliance, and governance.
???? 44% Spike in GenAI Usage ????
LayerX’s research reveals a 44% increase in GenAI usage in 2023. Shockingly, 6% of employees are pasting sensitive data into these apps, with 4% doing it weekly!
????️ Where DLP Solutions Fall Short ????️
Traditional DLP solutions excel in safeguarding data files but struggle with text pasting. They aren’t designed for controlling text-based data movement, especially into generative AI apps. Even CASB DLP solutions have limitations outside of sanctioned apps.
???? The Solution: GenAI DLP and Web DLP ????
Generative AI DLP monitors text pasting, identifying sensitive information in real-time and taking immediate action. Web DLP extends this protection to web locations, differentiating between safe and unsafe sites.
???? Join the Webinar to Learn More ????
Get insights from experts, discover Gartner’s take on DLP, and understand how GenAI DLP solutions work.
Sign up now and stay ahead in the world of generative AI security! ???????? That’s all for today, folks!
So long and thanks for reading all the phish!