Employees Are Feeding Sensitive Biz Data to ChatGPT | TSA Issues Urgent Directive to Make Aviation More Cyber Resilient

More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. [TechWeb]( Follow Dark Reading: [RSS]( March 09, 2023 LATEST SECURITY NEWS & COMMENTARY [Employees Are Feeding Sensitive Biz Data to ChatGPT, Raising Security Fears]( More than 4% of employees have put sensitive corporate data into the large language model, raising concerns that its popularity may result in massive leaks of proprietary information. [TSA Issues Urgent Directive to Make Aviation More Cyber Resilient]( Will stricter cybersecurity requirements make flying safer? The TSA says yes, and sees it as a time-sensitive imperative. [AI-Powered 'BlackMamba' Keylogging Attack Evades Modern EDR Security]( Researchers warn that polymorphic malware created with ChatGPT and other LLMs will force a reinvention of security automation. [What GoDaddy's Years-Long Breach Means for Millions of Clients]( The same "sophisticated" threat actor has pummeled the domain host on an ongoing basis since 2020, making off with customer logins, source code, and more. Here's what to do. [Key Proposals in Biden's Cybersecurity Strategy Face Congressional Challenges]( The strategy document does nothing to change things on the ground in the near term; legislation, regulation, and follow-up executive action are all going to be key to moving forward the administration's agenda. [Booking.com's OAuth Implementation Allows Full Account Takeover]( Researchers exploited issues in the authentication protocol to force an open redirection from the popular hotel reservations site when users used Facebook to log in to accounts. [EV Charging Infrastructure Offers an Electric Cyberattack Opportunity]( Attackers have already targeted electric vehicle (EV) charging stations, and experts are calling for cybersecurity standards to protect this necessary component of the electrified future. [Emotet Resurfaces Yet Again After 3-Month Hiatus]( More than two years after a major takedown by law enforcement, the threat group is once again proving just how impervious it is against disruption attempts. [CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds]( The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language. [Everybody Wants Least Privilege, So Why Isn't Anyone Achieving It?]( Overcoming the obstacles of this security principle can mitigate the damages of an attack. [Rising Public Cloud Adoption Is Accelerating Shadow Data Risks]( Using a risk-based approach to deal with policy violations and continuous compliance monitoring will help avoid data exposures and fines. [Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems]( The health, manufacturing, and energy sectors are the most vulnerable to ransomware. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [The Role of Verifiable Credentials In Preventing Account Compromise]( As digital identity verification challenges grow, organizations need to adopt a more advanced and forward-focused approach to preventing hacks. [Scams Security Pros Almost Fell For]( By working together as an industry, we can develop the technologies needed to account for human error. [It's Time to Assess the Potential Dangers of an Increasingly Connected World]( With critical infrastructures ever more dependent on the cloud connectivity, the world needs a more stable infrastructure to avoid a crippling cyberattack. [MORE]( EDITORS' CHOICE [Biden's Cybersecurity Strategy Calls for Software Liability, Tighter Critical Infrastructure Security]( The new White House plan outlines proposed minimum security requirements in critical infrastructure — and for shifting liability for software products to vendors. LATEST FROM THE EDGE [Name That Edge Toon: Domino Effect]( Come up with a clever caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Machine Learning Improves Prediction of Exploited Vulnerabilities]( The third iteration of the Exploit Prediction Scoring System (EPSS) performs 82% better than previous versions, giving companies a better tool for evaluating vulnerabilities and prioritizing patching. WEBINARS - [Building Out the Best Response Playbook for Ransomware Attacks]( When ransomware locks up your business's critical data and essential gear, there is no time to panic. The organization needs answers fast: Is the infection going to spread to other endpoints? Will the attackers publicly dump the stolen information? How ... - [SecDevOps: The Smart Way to Shift Left]( DevOps has changed the way software is developed, written, and run. But many organizations are still trying to figure out how to build security into application development. In this webinar, experts discuss the integration of security and DevOps - sometimes ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Securing OT, Remote Access and Converged SOC Operations]( - [IT/OT Security Platform Navigator 2022]( - [The 4 Major Safety Checks Needed to Launch Your ASM Program into Orbit]( - [Attack Surface Management v2.0 by Brad LaPorte]( - [What Elite Threat Hunters See that Others Miss]( - [State of Enterprise Cybersecurity: Invest Now, or Pay Big Later]( - [Seven Ways to Avoid the Nightmare of a Cloud Misconfiguration Attack]( [View More White Papers >>]( FEATURED REPORTS - [The Promise and Reality of Cloud Security]( Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises ... - [10 Hot Talks From Black Hat USA 2022]( Black Hat USA brings together cutting-edge research, new security tools, and sophisticated defensive techniques over the course of two days. There were some recurring themes across the sessions, and many of these topics are going to be important issues to ... - [How Machine Learning, AI & Deep Learning Improve Cybersecurity]( [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [Edgeless Systems Raises $5M to Advance Confidential Computing]( [Lacework Launches Secured by Women Initiative]( [Surge in Cloud Adoption Means a Greater Data Attack Surface for Healthcare and Financial Services]( [99% of Cybersecurity Leaders Are Stressed About Email Security]( [Palo Alto Survey Reveals 90% of Organizations Cannot Resolve Cyberthreats Within an Hour]( [SANS Institute Partners With Google to Launch Cloud Diversity Academy]( [Optiv Launches Full Suite of Operational Technology Services]( [Akamai Technologies Releases New Service and Tools to Stop Advanced Threats and Drive Zero Trust Adoption]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [The Promise and Reality of Cloud Security]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Weekly -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Weekly Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)