Sergiu Gatlan reports: A digitally signed and trojanized version of the 3CX Voice Over Internet Protocol (VOIP) desktop client is reportedly being used to target the company’s customers in an ongoing supply chain attack. 3CX is a VoIP IPBX software development company whose 3CX Phone System is used by more than 600,000 companies worldwide and…
Category: Of Note
ChatGPT Suffers First Data Breach, Exposes Personal Information
Dom Nicastro reports: OpenAI’s ChatGPT has suffered its first major personal data breach. The breach came during a March 20 outage and exposed payment-related and other personal information of 1.2% of the ChatGPT Plus subscribers who were active during a specific nine-hour window, according to a blog post by OpenAI Friday, March 24. “In the hours before we…
Cyberattack on debt-buying giant exposes sensitive info on nearly 500,000 people
Jonathan Greig reports: Nearly half a million people had their sensitive financial information leaked during a cyberattack on NCB Management Services – a company that purchases debt. The Pennsylvania-based company sent out breach notification letters last week after discovering the attack on February 4. In documents filed with Maine’s Attorney General, the company said 494,969 people had…
Norwegian data protection authority fines U.S. firm almost $240,000 for failure to notify within 72 hours
It’s encouraging to see breach notification deadlines taken seriously. The Norwegian Data Protection Authority has imposed a monetary penalty of NOK 2.5 million on Argon Medical Devices for breaching Article 33 (1) of the GDPR. That article requires controllers to notify the regulator of a personal data breach within 72 hours. According to Datatilsynet (the…
UK law: Ethical hackers urged to respond to Computer Misuse Act reform proposals
Alex Scroxton reports: Ethical hackers, security researchers and consultants, and the community at large are being urged to step up and make their voices heard as the government explores a series of proposed changes to the Computer Misuse Act (CMA) of 1990. The long-awaited consultation, which has been running since February, is seeking views on a…
Twitter takes legal action after source code leaked online
Dan Milmo reports: Twitter has revealed some of its source code has been released online and the social media platform owned by Elon Musk is taking legal action to identify the leaker. According to a court filing made on Friday, Twitter is demanding that GitHub, a code-sharing service, identifies who released on the platform parts…