Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Corporate data. Show all posts
data security
AI Risks AI Systems ChatGPT. OpenAI Corporate data Cyber Security Data protection Data Risk data security

China Warns Government Staff Against Using OpenClaw AI Over Data Security Concerns

 

Recently, Chinese government offices along with public sector firms began advising staff not to add OpenClaw onto official gadgets - sources close to internal discussions say. Security issues are a key reason behind these alerts. As powerful artificial intelligence spreads faster across workplaces, unease about information safety has been rising too. 

Though built on open code, OpenClaw operates with surprising independence, handling intricate jobs while needing little guidance. Because it acts straight within machines, interest surged quickly - not just among coders but also big companies and city planners. Across Chinese industrial zones and digital centers, its presence now spreads quietly yet steadily. Still, top oversight bodies along with official news outlets keep pointing to possible dangers tied to the app. 

If given deep access to operating systems, these artificial intelligence programs might expose confidential details, wipe essential documents, or handle personal records improperly - officials say. In agencies and big companies managing vast amounts of vital information, those threats carry heavier weight. A report notes workers in public sector firms received clear directions to avoid using OpenClaw, sometimes extending to private gadgets. Despite lacking an official prohibition, insiders from a federal body say personnel faced firm warnings about downloading the software over data risks. 

How widely such limits apply - across locations or agencies - is still uncertain. A careful approach reveals how Beijing juggles competing priorities. Even as officials push forward with plans to embed artificial intelligence into various sectors - spurring development through widespread tech adoption - they also work to contain threats linked to digital security and information control. Growing global tensions add pressure, sharpening concerns about who manages data, and under what conditions. Uncertainty shapes decisions more than any single policy goal. 

Even with such cautions in place, some regional projects still move forward using OpenClaw. Take, for example, health-related programs under Shenzhen’s city government - these are said to have run extensive training drills featuring the artificial intelligence model, tied into wider upgrades across digital infrastructure. Elsewhere within the same city, one administrative area turned to OpenClaw when building a specialized helper designed specifically for public sector workflows. 

Although national leaders call for restraint, some regional bodies might test limited applications tied to progress targets. Whether broader limits emerge - or monitoring simply increases - stays unclear. What happens next depends on shifting priorities at different levels. Recently joining OpenAI, Peter Steinberger originally created OpenClaw as an open-source initiative hosted on GitHub. Attention around the tool has grown since his new role became known. 

When AI systems gain greater independence and embed themselves into daily operations, questions about safety will grow sharper - especially where confidential or controlled information is involved.
Read more »
Sensitive data
AI Chatbots Artificial Intelligence Corporate data Cyber Security data compliance Google OpenAI Sensitive data

Why Long-Term AI Conversations Are Quietly Becoming a Major Corporate Security Weakness

 



Many organisations are starting to recognise a security problem that has been forming silently in the background. Conversations employees hold with public AI chatbots can accumulate into a long-term record of sensitive information, behavioural patterns, and internal decision-making. As reliance on AI tools increases, these stored interactions may become a serious vulnerability that companies have not fully accounted for.

The concern resurfaced after a viral trend in late 2024 in which social media users asked AI models to highlight things they “might not know” about themselves. Most treated it as a novelty, but the trend revealed a larger issue. Major AI providers routinely retain prompts, responses, and related metadata unless users disable retention or use enterprise controls. Over extended periods, these stored exchanges can unintentionally reveal how employees think, communicate, and handle confidential tasks.

This risk becomes more severe when considering the rise of unapproved AI use at work. Recent business research shows that while the majority of employees rely on consumer AI tools to automate or speed up tasks, only a fraction of companies officially track or authorise such usage. This gap means workers frequently insert sensitive data into external platforms without proper safeguards, enlarging the exposure surface beyond what internal security teams can monitor.

Vendor assurances do not fully eliminate the risk. Although companies like OpenAI, Google, and others emphasize encryption and temporary chat options, their systems still operate within legal and regulatory environments. One widely discussed court order in 2025 required the preservation of AI chat logs, including previously deleted exchanges. Even though the order was later withdrawn and the company resumed standard deletion timelines, the case reminded businesses that stored conversations can resurface unexpectedly.

Technical weaknesses also contribute to the threat. Security researchers have uncovered misconfigured databases operated by AI firms that contained user conversations, internal keys, and operational details. Other investigations have demonstrated that prompt-based manipulation in certain workplace AI features can cause private channel messages to leak. These findings show that vulnerabilities do not always come from user mistakes; sometimes the supporting AI infrastructure itself becomes an entry point.

Criminals have already shown how AI-generated impersonation can be exploited. A notable example involved attackers using synthetic voice technology to imitate an executive, tricking an employee into transferring funds. As AI models absorb years of prompt history, attackers could use stylistic and behavioural patterns to impersonate employees, tailor phishing messages, or replicate internal documents.

Despite these risks, many companies still lack comprehensive AI governance. Studies reveal that employees continue to insert confidential data into AI systems, sometimes knowingly, because it speeds up their work. Compliance requirements such as GDPR’s strict data minimisation rules make this behaviour even more dangerous, given the penalties for mishandling personal information.

Experts advise organisations to adopt structured controls. This includes building an inventory of approved AI tools, monitoring for unsanctioned usage, conducting risk assessments, and providing regular training so staff understand what should never be shared with external systems. Some analysts also suggest that instead of banning shadow AI outright, companies should guide employees toward secure, enterprise-level AI platforms.

If companies fail to act, each casual AI conversation can slowly accumulate into a dataset capable of exposing confidential operations. While AI brings clear productivity benefits, unmanaged use may convert everyday workplace conversations into one of the most overlooked security liabilities of the decade.

Read more »
Social Engineering
Corporate data Data Breach Extortion Scheme FBI Hackers Salesforce Social Engineering

FBI Warns of Hackers Exploiting Salesforce to Steal Corporate Data

 



The Federal Bureau of Investigation (FBI) has issued a pressing security alert regarding two cybercriminal groups that are breaking into corporate Salesforce systems to steal information and demand ransoms. The groups, tracked as UNC6040 and UNC6395, have been carrying out separate but related operations, each using different methods to compromise accounts.

In its official advisory, the FBI explained that attackers are exploiting weaknesses in how companies connect third-party tools to Salesforce. To help organizations defend themselves, the agency released a list of warning signs, including suspicious internet addresses, user activity patterns, and malicious websites linked to the breaches.


How the Attacks took place 

The first campaign, attributed to UNC6040, came to light in mid-2024. According to threat intelligence researchers, the attackers relied on social engineering, particularly through fraudulent phone calls to employees. In these calls, criminals pretended to be IT support staff and convinced workers to link fake Salesforce apps to company accounts. One such application was disguised under the name “My Ticket Portal.” Once connected, the attackers gained access to sensitive databases and downloaded large amounts of customer-related records, especially tables containing account and contact details. The stolen data was later used in extortion schemes by criminal groups.

A newer wave of incidents, tied to UNC6395, was detected a few months later. This group relied on stolen digital tokens from tools such as Salesloft Drift, which normally allow companies to integrate external platforms with Salesforce. With these tokens, the hackers were able to enter Salesforce systems and search through customer support case files. These cases often contained confidential information, including cloud service credentials, passwords, and access keys. Possessing such details gave the attackers the ability to break into additional company systems and steal more data.

Investigations revealed that the compromise of these tokens originated months earlier, when attackers infiltrated the software provider’s code repositories. From there, they stole authentication tokens and expanded their reach, showing how one breach in the supply chain can spread to many organizations.


The Scale of this Campaign 

The campaigns have had far-reaching consequences, affecting a wide range of businesses across different industries. In response, the software vendors involved worked with Salesforce to disable the stolen tokens and forced customers to reauthenticate. Despite these steps, the stolen data and credentials may still pose long-term risks if reused elsewhere.

According to industry reports, the campaigns are believed to have impacted a number of well-known organizations across sectors, including technology firms such as Cloudflare, Zscaler, Tenable, and Palo Alto Networks, as well as companies in finance, retail, and enterprise software. Although the FBI has not officially attributed the intrusions, external researchers have linked the activity to criminal collectives with ties to groups known as ShinyHunters, Lapsus$, and Scattered Spider.


FBI Recommendations

The FBI is urging organizations to take immediate action by reviewing connected third-party applications, monitoring login activity, and rotating any keys or tokens that may have been exposed. Security teams are encouraged to rely on the technical indicators shared in the advisory to detect and block malicious activity.

Although the identity of the hackers remains uncertain, the scale of the attacks highlights how valuable cloud-based platforms like Salesforce have become for criminals. The FBI has not confirmed the groups’ claims about further breaches and has declined to comment on ongoing investigations.

For businesses, the message is clear: protecting cloud environments requires not only technical defenses but also vigilance against social engineering tactics that exploit human trust.



Read more »
IT Industry
AI technology AI tools Corporate data Cyber Security cybersecurity posture cybersecurity risks data security Data Visualisation Generative AI IT Industry

How Generative AI Is Accelerating the Rise of Shadow IT and Cybersecurity Gaps

 

The emergence of generative AI tools in the workplace has reignited concerns about shadow IT—technology solutions adopted by employees without the knowledge or approval of the IT department. While shadow IT has always posed security challenges, the rapid proliferation of AI tools is intensifying the issue, creating new cybersecurity risks for organizations already struggling with visibility and control. 

Employees now have access to a range of AI-powered tools that can streamline daily tasks, from summarizing text to generating code. However, many of these applications operate outside approved systems and can send sensitive corporate data to third-party cloud environments. This introduces serious privacy concerns and increases the risk of data leakage. Unlike legacy software, generative AI solutions can be downloaded and used with minimal friction, making them harder for IT teams to detect and manage. 

The 2025 State of Cybersecurity Report by Ivanti reveals a critical gap between awareness and preparedness. More than half of IT and security leaders acknowledge the threat posed by software and API vulnerabilities. Yet only about one-third feel fully equipped to deal with these risks. The disparity highlights the disconnect between theory and practice, especially as data visibility becomes increasingly fragmented. 

A significant portion of this problem stems from the lack of integrated data systems. Nearly half of organizations admit they do not have enough insight into the software operating on their networks, hindering informed decision-making. When IT and security departments work in isolation—something 55% of organizations still report—it opens the door for unmonitored tools to slip through unnoticed. 

Generative AI has only added to the complexity. Because these tools operate quickly and independently, they can infiltrate enterprise environments before any formal review process occurs. The result is a patchwork of unverified software that can compromise an organization’s overall security posture. 

Rather than attempting to ban shadow IT altogether—a move unlikely to succeed—companies should focus on improving data visibility and fostering collaboration between departments. Unified platforms that connect IT and security functions are essential. With a shared understanding of tools in use, teams can assess risks and apply controls without stifling innovation. 

Creating a culture of transparency is equally important. Employees should feel comfortable voicing their tech needs instead of finding workarounds. Training programs can help users understand the risks of generative AI and encourage safer choices. 

Ultimately, AI is not the root of the problem—lack of oversight is. As the workplace becomes more AI-driven, addressing shadow IT with strategic visibility and collaboration will be critical to building a strong, future-ready defense.
Read more »
Third Party Access Audit
Corporate data Cyber Security Cyberattacks CyberCrime Data Safety Third Party Access Audit

Securing Corporate Data: The Crucial Role of Third-Party Access Audits

 


Organizations' data and systems can be compromised by seemingly benign entities—third-party contractors, vendors, and outsourced service providers—when those entities are seemingly innocent. External entities that perform these tasks must have access to sensitive data and systems. However, improper management of these access rights often results in data breaches and other security incidents when they are not properly managed. 

According to a Security Scorecard study (via Security magazine) published in February 2024, third parties pose a continuing security risk to organizations. According to the report, 98% of all companies have been compromised by a third party, and 29% of all breaches have been attributed to third-party attacks. Consequently, organizations should consider implementing efficient and effective third-party risk management strategies to safeguard their assets from the threat of external threats. 

Keeping an organization's security, compliance, and operational concerns in mind is essential when it comes to auditing the access rights of external vendors and contractors. In addition to protecting data integrity, confidentiality, and availability, it also serves multiple other important functions within an organization. Security Posture Enhanced by Auditor: Audits ensure that only authorized third parties can access sensitive systems, and as a result, security incidents can be prevented by monitoring activity for abnormal behaviour. Data Access Control over data access is part of several compliance standards across regulated industries. 

By conducting regular third-party access audits, companies can ensure compliance with regulations such as GDPR, HIPAA, and SOX, document access specifics, and prevent potential legal and financial repercussions. To ensure the continuity of business, organizations need to enforce access controls that align with the roles of third parties to prevent unauthorized changes or disruptions that may hurt their operations. Critical systems will benefit from this approach in terms of operational integrity. 

Third-Party Access Auditing: Third-party access auditing helps prevent the risk of security breaches and privacy incidents, which could result in significant financial losses, legal fees, and fines in the future due to remediation costs and legal fees. In addition to protecting their data, organizations can protect their financial health from the negative impacts of data breaches by proactively managing and auditing third-party access. It is important to maintain stakeholder trust and reputation by conducting regular audits that demonstrate users' commitment to data security, which in turn strengthens stakeholder trust. The process assists in preventing breaches of customer trust, which can result in loss of customer trust as well as damage to users' reputations, thereby fostering long-term customer relationships. 

There is a potential risk associated with third-party access, which is why organizations need to manage and audit these permissions continuously. This article will provide users with five key steps they can follow to effectively audit their third-party access. Identify and catalogue third-party accounts by identifying and cataloguing them. Users' enterprise resource planning (ERP) systems could contain vendor accounts, while their project management tools may contain contractor accounts. The need to list these accounts, describe their access levels, and make clear the data or systems they can interact with is extremely important. 

Check the scope of access, and ensure that it is necessary. This involves reviewing the third party's roles and responsibilities concerning the scope of access. There must be no more access granted to third parties than is necessary to fulfil their contractual obligations and they should follow the principle of least privilege. It is vital to understand how third-party entities manage employee lifecycles. Engage with these entities to learn, in particular, how they manage the creation, modification, and termination of access rights. Having an audit trail is imperative because a mistake in deactivating the access of an ex-employee could result in unauthorized access and potential security breaches. 

Establish a regular audit trail. Invest in implementing a system that will audit the access of third parties regularly, such as a platform for identity governance and administration. It involves logging all access events as well as reviewing these logs to detect any unauthorized or abnormal patterns of access. It is important to determine how frequently these audits should be conducted based on the sensitivity of the information being accessed and the history of the third party. The third-party access policy should be integrated into the overall security policy of users' organizations. 

For a firm's security policy to function effectively, third-party access controls and auditing also need to become a standard part of it. Using this policy control, users can ensure that any access granted to third parties is subject to the same security measures and scrutiny as any access granted to internal users. Access by third parties raises several red flags Organizations must keep an eye out for certain warning signs that may indicate that third-party access rights are being misused or mismanaged. The use of generic email accounts or shared log-ins should be avoided by third parties. 

This can cause challenges in attributing actions to specific users since a generic email address or shared login allows them to use multiple accounts. Accessing data unexpectedly during unusual hours, accessing data unexpectedly or making too many attempts to log in can all be indicators that the account of a third party has been compromised. Offboarding Processes Lack: Make sure that there are processes in place that will make sure not only that new third-party access is obtained, but that these third-party access processes will make sure it is effectively offboarded when the contract expires or changes. 

A third-party attack poses a significant risk that is often overlooked until it leads to a breach of the security system. To mitigate this risk, organizations can rely on robust auditing practices to ensure that they are handling it correctly. It is not just about protecting sensitive data, it is also about maintaining the integrity of the IT environment and maintaining customers' and stakeholders' trust in it, as well as ensuring that data is kept confidential. Achieving and managing third-party access is imperative for businesses today. It is both a security measure and an imperative for business operations.
Read more »
Subscribe to: Comments (Atom)