The LockBit ransomware group claimed to have hacked the US Federal Reserve, but leaked data from an Arkansas-based bank.
The post Evolve Bank Data Leaked After LockBit’s ‘Federal Reserve Hack’ appeared first on SecurityWeek.
SecurityWeek – Read More
The internet in recent weeks has been abuzz with talk of Meta’s new security policy. The company behind Facebook, Instagram, and WhatsApp informed a portion of its user base that, starting June 26, their personal data is to be used to train the generative artificial intelligence developed by its subdivision Meta AI.
To find out what data is affected, whether or not you can opt out, and how to stay digitally safe, read on.
Meta AI has been around for over nine years already. Training its neural networks requires data — lots and lots of it — and it appears that the content generated by users of the world’s largest social networks might soon become Meta’s AI knowledge base.
It all started in May 2024, when posts about changes to Meta’s security policies began circulating online. The rumor was that, starting late June, the company planned to use content from Facebook and Instagram for generative AI training. However, these notifications weren’t sent to everyone — only to a select group of users in the EU and US.
Following a wave of outrage, Meta issued an official statement to EU residents. However, this seemed to generate more questions than answers. There was no press release explicitly stating, “As of this date, Meta AI will use your data for training”. Instead, a new page titled Generative AI at Meta appeared, detailing what data the company plans to use to develop artificial intelligence, and how. Again, with no specific dates.
According to company representatives — no, Meta AI won’t be reading your private messages. Chief Product Officer Chris Cox made clear that only public user photos posted on Facebook and Instagram would be used for AI training. “We don’t train on private stuff”, Cox is on the record as saying.
The executive’s statement is echoed on the company’s official page dedicated to generative AI. It states that the company will solely utilize publicly available data from the internet, licensed information, and information shared by users within Meta products and services. Furthermore, it explicitly mentions, “We do not use the content of your private messages with friends and family to train our AIs”.
Be that as it may, Meta AI has been scraping users’ public posts for at least a year now. This data, however, is depersonalized: according to company claims, the generative AI doesn’t link your Instagram photos with your WhatsApp statuses or Facebook comments.
Sadly, there’s no nicely labeled “I prohibit the use of my data to train Meta AI” button; instead, the opt-out mechanism is rather complicated. Users are required to fill out a lengthy form on Facebook or Instagram providing a detailed reason for opting out. This form is hidden within the maze of privacy settings for EU residents: Menu → Settings and privacy → Settings → Security policy. Alternatively, you can find it on the new Meta Privacy Center page, under Privacy and Generative AI.
The link is so well hidden it’s almost as if Meta doesn’t want you to find it. But we did the digging for you: here’s the form to opt out of Meta AI training on your personal data, although the official title is deliberately more vague: “Data subject rights for third-party information used for AI at Meta”.
But even armed with our direct link to this form, don’t get your hopes up: regardless of which of the three options you choose, a most convoluted and confusing form-filling process awaits.
Note the rather curious disclaimer in the description: “We don’t automatically fulfill requests sent using this form. We review them consistent with your local laws”. In other words, even if you opt out, your data might still be opted-in. It’s crucial to correctly state your reasons for wanting to opt out, and be a citizen of a country in which the GDPR is in effect. This data protection regulation can serve as the basis for deciding in favor of the user — not Meta AI. It stipulates that Meta must obtain explicit consent to participate in voluntary data sharing, and not just publish a hidden opt-out form.
This situation has caught the attention of NOYB (None Of Your Business) – the European Center for Digital Rights. Its human rights advocates have filed 11 complaints against Meta in courts across Europe (Austria, Belgium, France, Germany, Greece, Ireland, Italy, the Netherlands, Norway, Poland, and Spain) and, seeking to protect the personal data of their citizens.
The Irish Data Protection Commission took note of these claims and issued an official request to Meta to address the lawsuits. The tech giant’s reaction could have been predicted without any algorithms: the company publicly accused the plaintiffs of hindering the development of generative AI in Europe. Meta stated they believe their initial approach to be legally sound, and so will likely continue their attempts to integrate AI into users’ lives.
So far, the saga appears to be just another spat between Meta and the media. The latter claim that Meta wants to process personal data — including the most intimate messages and photos, while Meta bosses are trying to pour cold water on the allegations.
Remember: you are primarily responsible for your own digital security. Be sure to use reliable protection, read privacy policies carefully, and always stay informed about your rights regarding the use of your data.
Kaspersky official blog – Read More
A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia’s full-blown military invasion of Ukraine in early 2022.
Amin Timovich Stigal, the defendant in question, is assessed to be affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian
The Hacker News – Read More
The non-profit cybersecurity organization, the Shadowserver Foundation, has observed exploitation attempts against CVE-2024-5806. They noted that the exploitation began soon after the vulnerability details were made public.
Cyware News – Latest Cyber News – Read More
Aqua Security shows that code in repositories remains accessible even after being deleted or overwritten, continuing to leak secrets.
The post ‘Phantom’ Source Code Secrets Haunt Major Organizations appeared first on SecurityWeek.
SecurityWeek – Read More
A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database.
Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139.
“An SQL injection vulnerability in
The Hacker News – Read More
These vulnerabilities include SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses. Ubuntu has released updates for various versions, including Ubuntu 22.04 LTS, 20.04 LTS, 18.04 ESM, and 16.04 ESM.
Cyware News – Latest Cyber News – Read More
The adoption of ransomware in cyberespionage attacks helps adversaries blur the lines between APT and cybercriminal activity, leading to potential misattribution or concealing the true nature of the operation.
Cyware News – Latest Cyber News – Read More
Beware! Chinese cyberespionage group ChamelGang targets critical infrastructure like aviation and government systems. SentinelOne report reveals potential attacks across Asia. Learn more about ChamelGang’s cyberespionage activities.
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
The company has removed online steps for switching from a Microsoft account to a local one and has killed off a past trick for choosing a local account in Windows 11.
Latest stories for ZDNET in Security – Read More
