3 Interesting Articles

Carmakers can collect — and sell — too much data about you, watchdog says
Washington Post ($): Car manufacturers are amassing excessive personal data from drivers without giving them an adequate choice to opt out, according to a study of 25 car brands conducted by the Mozilla Foundation. Every car brand evaluated received a “Privacy Not Included” warning, indicating substantial privacy concerns. While all the car brands were found to collect an overwhelming amount of personal data, 84% of them also shared or sold this data, with over half indicating the potential to share user data with government entities based on informal requests. The findings underscore the growing concerns about data privacy as vehicles become more technologically integrated, with the potential for personal details, from medical information to driving habits, being gathered and disseminated without clear user consent.

MGM Resorts takes systems offline following cyberattack
The Record: MGM Resorts experienced a cyberattack, prompting the shutdown of some of its online systems on Monday. As a result, slot machines and ATMs at its Las Vegas casinos were inoperative, and its website was taken offline. The breach also affected the computer systems at MGM-owned hotels, including the Bellagio, rendering them unable to process credit card transactions. This incident isn’t MGM’s first brush with hackers; in December, its online betting platform BetMGM reported a breach, and in 2020, data of 10.6 million MGM Resort users was leaked. The global hotel industry, holding vast amounts of customer financial data, remains an attractive target for cybercriminals.

Former Twitter executives: Privacy and security practices deteriorated under Musk
CyberScoop: The Federal Trade Commission (FTC) is investigating whether X Corp., formerly known as Twitter, violated a 2011 agreement on privacy practices following its acquisition by Elon Musk. Court documents reveal that several former executives allege that Musk ignored warnings about security and privacy, including issues concerning user data. After a number of layoffs by Musk, it was claimed that no one was responsible for nearly 37% of X Corp.’s privacy controls. The filing also highlighted concerns that the platform’s subscription service, Twitter Blue, could be exploited by scammers, an issue that led to its quick suspension. X Corp. has petitioned to terminate its 2011 agreement with the FTC, but the Department of Justice has requested that this petition be rejected.

2 Stats You Should Know

94% of CISOs surveyed suffer from work-related stress, with nearly two-thirds (65%) admitting that their stress levels are compromising their ability to protect their organizations. (source)

According to OWASP Top 10 Risks for LLM Applications, Prompt Injections are the biggest risk. Per OWASP, “A prompt injection manipulates a large language model (LLM) through crafty inputs, causing unintended actions by the LLM. Direct injections overwrite system prompts, while indirect ones manipulate inputs from external sources.” (source)

1 More Thing