Researchers Urge Immediate Action on New EmailGPT Vulnerability Exposing Users to Data Breach
The implications of this EmailGPT vulnerability are profound. Read More
Ticketmaster is Tip of Iceberg: 165+ Snowflake Customers Hacked
Not Our Fault, says CISO. Read More
NVIDIA and Arm Urge Customers to Patch Bugs
Special effort may be needed to find these vulnerable systems and patch them, which will likely require a reboot. Read More
Ticketmaster is Tip of Iceberg: 165+ Snowflake Customers Hacked
Not Our Fault, says CISO. Read More
Cybersecurity pros change strategies to combat AI-powered threats
97% of respondents are concerned their organization will suffer a security incident due to adversarial AI. Read More
Netgear WNR614 Flaws Allow Device Takeover, no Fix Available
Vulnerabilities allow attackers to bypass authentication, intercept communications, and retrieve credentials. Read More
Supreme Court Will Take Up Meta’s Bid to End Lawsuit Over Cambridge Analytica Privacy Scandal
The Supreme Court said Monday it will consider shutting down a multibillion-dollar class action investors’ lawsuit. Read More
UK and Canada's data chiefs join forces to investigate 23andMe mega-breach
The three-pronged approach aims to uncover any malpractice at the Silicon Valley biotech biz. Read More
Pandabuy was Extorted Twice by the Same Threat Actor
Pandabuy had previously paid a ransom to an extortion group to prevent stolen data from being published, but the same threat actor extorted the company again this week. Read More
26% of organizations lack any form of IT security training
The survey found that one in four organizations had suffered a cybersecurity breach or incident – 23% of which had occurred in the last year. Read More
Cyber Insurance isn’t the Answer for Ransom Payments
26% experienced a loss of productivity, while 25% encountered disruptions to internal or customer-related services. Read More
The CyRC Vulnerability Advisory has reported a critical security flaw in EmailGPT, an AI-powered email writing assistant and Google Chrome extension that streamlines your email correspondence using advanced AI technology. This EmailGPT vulnerability (CVE-2024-5184), known as prompt injection, enables malicious actors to manipulate the service, potentially leading to the compromise of sensitive data. The core of this vulnerability in EmailGPT is the exploitation of API service, which allows malicious users to inject direct prompts, thereby gaining control over the service’s logic.
Ticketmaster was part of a broader hacking spree targeting Snowflake customers, which now includes hundreds of victims, raising questions about Snowflake's security measures. Snowflake's CISO, Brad Jones, shifted the blame onto customers for not using multi-factor authentication (MFA), despite the breaches being facilitated by weak credential management. Critics argue that Snowflake's lack of enforced security policies and customer support, such as mandatory MFA, makes them partially responsible for the breaches.
Get in touch with us to learn more about how the team of experts at JANUS can help protect your business effectively. Follow us on Twitter and LinkedIn.