BU-CERT – Page 14 – Bournemouth University Computer Emergency Response Team

What is ISO 27701 PIMS?

Posted on 31 May 2024

From securityboulevard.com

In today’s data-driven world, protecting personal information is of greater significance. The International Organisation for Standardisation (ISO) has developed ISO 27701, a comprehensive Privacy Information Management System (PIMS) standard aimed at improving privacy management within organizations. This blog will look at the specifics of ISO 27701 PIMS, its significance, and how it may help organizations strive for improved privacy policies.

Understanding ISO 27701 PIMS Compliance

ISO 27701 PIMS stands for ISO 27701 Privacy Information Management System. It is an extension of the ISO/IEC 27001 and ISO/IEC 27002 standards, which focus on information security management systems (ISMS). The ISO 27701 standard specifically addresses the management of personal data (personally identifiable information or PII) by providing a framework for organizations to enhance their data privacy controls.

Encrypted Notepad: Open-source text editor

Posted on 31 May 2024

From helpnetsecurity.com

Encrypted Notepad, an open-source text editor, ensures your files are saved and loaded encrypted with AES-256. With no ads, no network connection required, and no unnecessary features, it’s a tool that simply works.

OpenAI is very smug after thwarting five ineffective AI covert influence ops

Posted on 31 May 2024

From theregister.com

OpenAI on Thursday said it has disrupted five covert influence operations that were attempting to use its AI services to manipulate public opinion and elections.

These influence operations (IOs), the super lab said, did not have a significant effect on audience engagement or in amplifying the reach of the manipulative messages.

“Over the last three months, our work against IO actors has disrupted covert influence operations that sought to use AI models for a range of tasks, such as generating short comments and longer articles in a range of languages, making up names and bios for social media accounts, conducting open-source research, debugging simple code, and translating and proofreading texts,” the biz said.

Critical Memory Corruption In Cloud Logging Infrastructure Enables Code Execution Attack

Posted on 21 May 2024

From gbhackers.com

Fluent Bit, a widely used open-source data collector and processor, has been found to have a major memory loss flaw.

Many big cloud providers use Fluent Bit for their logging because it is easy to use and can be scaled up or down as needed.

Tenable Research found the flaw, which affects Fluent Bit’s built-in HTTP server and has been designated CVE-2024-4323.

This bug could cause a denial of service (DoS), the loss of information, or the execution of code from afar (RCE).

Cybercriminals shift tactics to pressure more victims into paying ransoms

Posted on 21 May 2024

From helpnetsecurity.com

This was primarily driven by an explosion in “indirect” ransomware incidents which increased by more than 415% in 2023 than in 2022. Standing out among the biggest loss drivers were remote access tools, which accounted for 58% of ransomware attacks. Double leverage attacks – those using both data encryption and exfiltration – also grew by 51% in 2023, demonstrating that threat actors shifted their tactics to pressure more victims into paying ransoms.

“Vulnerabilities in remote access products continue to drive too many successful ransomware attacks,” said Rotem Iram, CEO of At-Bay. “Technology providers and cybersecurity professionals must prioritize securing the perimeter by default and improving response to emerging threats, understanding that small businesses are unlikely to be able to solve those on their own.”

Grandoreiro Malware Hijacks Outlook Client to Send Phishing Emails

Posted on 21 May 2024

From gbhackers.com

X-Force identified a phishing campaign targeting Latin American users since March 2024, where emails impersonate legitimate entities like tax and utility services, urging recipients to click links for invoices or account statements.

Clicking the link redirects users in specific countries to a fake PDF icon while downloading a malicious ZIP archive containing an executable disguised as a PDF, which leverages urgency and exploits trust in official institutions to trick users into compromising their systems.

Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses

Posted on 21 May 2024

From thehackernews.com

Microsoft on Monday confirmed its plans to deprecate NT LAN Manager (NTLM) in Windows 11 in the second half of the year, as it announced a slew of new security measures to harden the widely-used desktop operating system.

“Deprecating NTLM has been a huge ask from our security community as it will strengthen user authentication, and deprecation is planned in the second half of 2024,” the tech giant said.

The Windows maker originally announced its decision to drop NTLM in favor of Kerberos for authentication in October 2023.