Francis Scialabba
|
Threat actors are giving consumers another reason why they would rather fill a cavity than contact customer service.
Last month, LastPass warned its customers about a social engineering campaign that uses fake reviews to circulate a phony customer service number operated by threat actors. The password manager application company said in the Oct. 31 blog post that the reviews follow a similar format, each encouraging users to either go online or dial the trick number to get customer service assistance.
Users who have attempted to dial the bogus number, found across multiple five-star reviews on LastPass’s Chrome Web Store app page, have been greeted by a bad actor who has attempted to direct them to a malicious website.
Not the only one. But LastPass is not the only company that has been leveraged in the fake number scheme. According to BleepingComputer, the dud number has been advertised as a customer service number on Chrome extension reviews, company forums, and Reddit for several companies, such as Roku, Paypal, Netflix, and Verizon.
Threat actors have also been using fake customer service numbers to haggle victims for their information directly. Last month, a user on social media platform Bluesky recalled a time when his partner dialed what was thought to be United Airlines’ customer service number, but was instead a number controlled by a scammer who was on the hunt for banking information. The number was allegedly retrieved from Google’s AI-generated summaries.
Read the rest here.—BM
|
|
|
Got a lot of ideas for how you can adopt AI at your org? Yep, so do we all—but only one-third of companies surveyed are actually scaling up their AI use.
So, how can you bridge the implementation gap and use AI practically? Well, according to Shobhit Varshney, VP, senior partner, and Americas AI Leader at IBM Consulting, it all comes down to one thing: integration.
You gotta integrate AI within a larger strategic framework—so you’ll be able to prioritize your investments and focus on concrete, measurable outcomes.
And you aren’t relying on AI alone. After all, human decision-makers leveraging AI (aka augmented intelligence) can go a long way toward streamlining processes.
Learn more about how to successfully implement AI.
|
|
The Landlord/Funny or Die via Giphy
|
One in three small or medium-sized businesses has been hit by a cyberattack, you say? No worries…
The average cost of data breach jumped to $4.88 million? Everything’s fine...
Over one-third of employees share sensitive work data with AI tools and don’t tell their employers about it? No problemo, team…
The chill vibes in response to today’s data threats just might be coming from the C-suite.
A survey from Protiviti and Oxford University found that 86% of executives are “confident or extremely confident that their company is doing everything it possibly can to protect customer data.” The study, which polled 250 CEOs, board members, CFOs, and other business leaders, also found that only 8% of respondents are “concerned or extremely concerned about their company’s ability to protect customer and client data over the next five years.”
While the survey creators noted that CEOs are the type to hype and would likely not want to bring attention to poor data-protection practices, Sameer Ansari, managing director and leader of Protiviti’s Security and Privacy Practice at global consulting firm Protiviti, sees some breach-free CEOs as more lucky than good, and some of the security close calls, or “near misses,” don’t reach the execs.
“You may have data that may have been exposed accidentally, through a manual mistake that maybe had a really small impact…It wasn’t a big list of individuals that got released,” Ansari told IT Brew.
Read more here.—BH
|
|
Lcva2/Getty Images
|
Call it a breach, call it a leak, call it whatever—when it comes to third-party vendors and services, misconfiguration presents challenges.
A recent report from Aaron Costello, chief of SaaS security research at AppOmni, revealed that millions of records were left open to the internet through an API misconfiguration of Microsoft Power Pages. Companies and organizations use the SaaS platform to easily work within Microsoft’s systems to build websites.
The data exposures Costello found “are occurring due to a misunderstanding of access controls within Power Pages, and insecure custom code implementations,” he wrote.
Public health. Costello detailed how that misunderstanding led to the leak of millions of records from the UK National Health Service in an interview with IT Brew.
“Over 1.1 million individuals’ private data was exposed,” Costello said. “That includes email addresses, phone numbers, and, in many cases, their home addresses as well.”
Costello added that he hadn’t seen any evidence that the leak was exploited by threat actors or other hostile figures. The central concern, he said, is that vendors and SaaS providers aren’t always on top of making sure that their products are configured correctly. In this case, Microsoft did provide that guidance—but that doesn’t necessarily translate to people taking it to heart.
Keep reading here.—EH
|
|
AI that makes business sense. Despite rising AI investments, only 34% of AI professionals feel fully equipped with the tools needed to meet business goals, per DataRobot. Thankfully, their new enterprise AI suite can change that. It allows businesses to build custom AI applications tailored to unique business goals, with seamless integration with existing systems. Discover more. |
|
Francis Scialabba
Today’s top IT reads.
Stat: $26 billion. That’s the value of shares returned to investors by US venture firms in 2023, the lowest since 2011, according to PitchBook data. (the Wall Street Journal)
Quote: “His deregulatory views and his affection for Elon Musk are well-known. I expect few surprises.”—Andrew Schwartzman, a veteran telco lawyer, on Trump’s promise to appoint MAGA ally Brendan Carr as FCC chairman (the Washington Post)
Read: The lawsuit between OpenAI and the New York Times continues to heat up. (Ars Technica)
Implement AI: With only one-third of companies scaling AI, integration within a strategic framework is key, according to the pros at IBM. Why? Because a li’l AI can help enhance human decision-making and streamline processes. Learn more.* *A message from our sponsor.
|
|
|
Break free from the job-board cycle. CollabWORK connects you with relevant job openings curated specifically for communities you’re already part of—like IT Brew. Find high-quality opportunities and land your next big break by joining CollabWORK today.
|
|
|
Share IT Brew with your coworkers, acquire free Brew swag, and then make new friends as a result of your fresh Brew swag.
We’re saying we’ll give you free stuff and more friends if you share a link. One link.
Your referral count: 2
Click to Share
Or copy & paste your referral link to others:
itbrew.com/r/?kid=9ec4d467
|
|
ADVERTISE
//
CAREERS
//
SHOP
//
FAQ
Update your email preferences or unsubscribe
.
View our privacy policy
.
Copyright ©
2024
Morning Brew. All rights reserved.
22 W 19th St, 4th Floor, New York, NY 10011
|
|
