Stay updated on the Latest News in Data Privacy and Explore Exciting Careers Prospects in the Field

01. Popular GPUs Used in AI Systems Vulnerable to Memory Leak

A critical vulnerability, named LeftoverLocals, has been discovered in the graphic processing units (GPUs) of popular devices, including Apple, AMD, and Qualcomm. Researchers from Trail of Bits found that the flaw allows attackers to access data from large language models by exploiting how these devices don't isolate kernel memory. The vulnerability could potentially expose model parameters and outputs, increasing the overall threat to language models. The attack involves using open-source LLM models and open-source programming language, OpenCL. Apple has released limited patches, while Qualcomm and AMD are still evaluating the vulnerability. The vulnerability warning aligns with NIST's alert on cyber threats to AI models.

02. Microsoft's Latest Hack Sparks Major Security Concerns

Microsoft faces significant security concerns after Russian state hackers, known as Midnight Blizzard, gained access to senior executives' emails using a password spraying attack. The incident, revealed in late November, raised questions about Microsoft's ability to secure itself and its customers. The hacking technique exploited a legacy non production test tenant account, highlighting vulnerabilities in outdated systems. Experts warned that Microsoft's dependence on legacy technologies and its lack of support for them create systemic risks, leaving the company and its customers susceptible to future attacks from foreign adversaries and criminal groups. The incident underscores the need for organizations to prioritize modernizing their cybersecurity infrastructure. 

03. Mortgage Company Data Breach Affects 14.5 Million People

Mortgage company Mr. Cooper experienced a data breach, exposing personal information of 14.5 million customers, including names, birth dates, and social security numbers. The breach, detected on October 31, 2023, involved unauthorized access to addresses, phone numbers, and email addresses. Mr. Cooper is offering two years of free credit monitoring and has allocated $25 million to address breach-related costs. The company shut down systems to contain the incident and is actively investigating with cybersecurity experts. Customers can enroll in identity protection services, and a dedicated call center has been set up for support. CEO Jay Bray apologized for any concerns and emphasized the company's commitment to customer trust.

Strac’s Latest Views on Securing User Data

01. What are the key security risks and concerns with ChatGPT for an enterprise?

In this blog post, Strac Founder, Aatish Mandelecha explores the security risks associated with ChatGPT in enterprise settings and provides best practices for protecting sensitive data. The article recommends using strong passwords, regular monitoring, and implementing automated tools for sensitive scanning, classification, and redaction. Strac’s solution offers features such as real-time data anonymization, compliance assurance, and a Chrome extension for seamless integration with ChatGPT.

02. Twelve key PCI DSS requirements

In this blog post, Strac Founder, Aatish Mandelecha discusses what to look for in a Payment Card Industry Data Security Standard (PCI DSS) Data Loss Prevention (DLP) solution, outlining the 12 PCI DSS compliance requirements, such as firewalls, encryption, access control, and vulnerability scanning. The benefits of achieving PCI compliance with Strac's DLP solutions are discussed, including enhanced trust, improved security, and risk mitigation. 

03. USB Blocking: Prevent Sensitive Data Sharing from Endpoints

In this article, Hans Hermans, Founding Engineer at Strac discusses the importance of USB blocking in modern businesses to prevent sensitive data sharing from endpoints. USB blockers help control and monitor the use of USB ports, reducing the risk of data leaks and malware threats. The article highlights the challenges, strategies, and the role of Strac in enhancing USB data protection. Key features of effective USB blockers include granular control, real-time monitoring, and cross-platform compatibility. Strac ensures USB data protection through a modern no-code scanner, physical output restrictions, comprehensive data protection, and cross-platform compatibility, making it an essential tool for organizations handling sensitive data. The rise of remote and hybrid work models has increased the potential for security breaches, emphasizing the need for robust USB blocking solutions.

Security Jobs On The Market

1. Twitter is hiring a Corporate Security Analyst

Looking for: “a Corporate Security Analyst to develop and maintain relationships with key stakeholders both within CorpSec and other business units, monitor for, identify, and analyze global political and security risks to determine their impact on and relevance to Twitter…”

Skills required: 4+ years of related experience, ability to adapt to an open, transparent, and highly collaborative corporate culture and effectively balance security with company values, ability to manage ambiguity, and help shape the strategic direction of new programs, time management skills, risk assessment methodologies, data analysis and presentation, analytical writing and briefing.

Learn more here

2. Apple is hiring an IT Risk and Compliance Analyst

Looking for: “a driven IT audit or Information Security professional. Candidates should have experience with SOX, PCI, Privacy, other compliance standards and/or security knowledge that enables them to dive into new processes and technologies, identify risks therein, and design a control responses commensurate with said risks…”

Skills required: minimum of 3 - 5 years of proven experience (in a "Big 4" is a plus), solid understanding of compliance requirements, including PCI, SOX, Global Privacy Standards, SOC 1/2, and NIST Standards, controls experience with systems development life cycle, access management, computer operations, networking, and security required, ability to understand and test SAP automated controls, ability to understand and test cloud IT controls, proven track record in working within a team environment with limited supervision, capable of leading process and systems walkthroughs as part of a risk or control gap assessment, demonstrated project management and organizational skills, strong communication in both presentation and one on one environments.

Learn more here

3. Space X is hiring an Information Systems Security Officer

Looking for: “an Information Systems Security Officer (ISSO) to join our team and help ensure the security of our information systems. Our ISSO must have strong technical skills, a passion for security, and a commitment to staying up to date with the latest security trends...”

Skills required: strong knowledge of information security principles, experience with security assessments and auditing, ability to develop and maintain security policies and procedures, experience with vulnerability management, knowledge of network security technologies, understanding of compliance requirements, familiarity with security frameworks and standards, excellent communication and problem solving skills, network security, risk analysis, incident response, access control, data encryption, intrusion detection, compliance monitoring, security auditing, firewall management.

Learn more here