Posted by BeauHD from Slashdot
From the another-day-another-breach department: An anonymous reader quotes a report from Bloomberg: Dropbox said its digital-signature product, Dropbox Sign, was breached by hackers, who accessed user information including emails, user names and phone numbers. The software company said it became aware of the cyberattack on April 24, sought to limit the incident and reported it to law enforcement and regulatory authorities. "We discovered that the threat actor had accessed data related to all users of Dropbox Sign, such as emails and user names, in addition to general account settings," Dropbox said Wednesday in a regulatory filing. "For subsets of users, the threat actor also accessed phone numbers, hashed passwords, and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication."
Dropbox said there is no evidence hackers obtained user accounts or payment information. The company said it appears the attack was limited to Dropbox Sign and no other products were breached. The company didn't disclose how many customers were affected by the hack. The hack is unlikely to have a material impact on the company's finances, Dropbox said in the filing. The shares declined about 2.5% in extended trading after the cyberattack was disclosed and have fallen 20% this year through the close.
Posted by msmash from Slashdot
From the how-about-that department: The National Archives and Records Administration (NARA) told employees Wednesday that it is blocking access to ChatGPT on agency-issued laptops to "protect our data from security threats associated with use of ChatGPT," 404 Media reported Wednesday. From the report: "NARA will block access to commercial ChatGPT on NARANet [an internal network] and on NARA issued laptops, tablets, desktop computers, and mobile phones beginning May 6, 2024," an email sent to all employees, and seen by 404 Media, reads. "NARA is taking this action to protect our data from security threats associated with use of ChatGPT."
The move is particularly notable considering that this directive is coming from, well, the National Archives, whose job is to keep an accurate historical record. The email explaining the ban says the agency is particularly concerned with internal government data being incorporated into ChatGPT and leaking through its services. "ChatGPT, in particular, actively incorporates information that is input by its users in other responses, with no limitations. Like other federal agencies, NARA has determined that ChatGPT's unrestricted approach to reusing input data poses an unacceptable risk to NARA data security," the email reads. The email goes on to explain that "If sensitive, non-public NARA data is entered into ChatGPT, our data will become part of the living data set without the ability to have it removed or purged."
Posted by msmash from Slashdot
From the how-about-that department: "Tens of millions" of people are using technical workarounds to secretly access WhatsApp in countries where it is banned, the messaging platform's boss has said. From a report: "You'd be surprised how many people have figured it out," Will Cathcart told BBC News. Like many Western apps, WhatsApp is banned in Iran and North Korea and, intermittently, in Syria. And last month, China joined the list of those banning users from accessing the secure platform. Other countries, including Qatar, Egypt, Jordan and the United Arab Emirates, restrict features such as voice calls.
But WhatsApp can see where its users truly are, thanks to their registered phone numbers. "We have a lot of anecdotal reports of people using WhatsApp and what we can do is look at some of the countries where we're seeing blocking and still see tens of millions of people connecting to WhatsApp," Mr Cathcart told BBC News. China ordered Apple to block Chinese iPhone users from downloading WhatsApp from the AppStore in April, a move Mr Cathcart calls "unfortunate" -- although the country was never a major market for the app. "That's a choice Apple has made," he said. "There aren't alternatives. I mean, that is really a situation where they've put themselves in the position to be able to truly stop something."
Posted by msmash from Slashdot
From the tussle-continues department: The US could lose out on valuable AI and tech talent if some of its immigration policies are not modernized, Google says in a letter sent to the Department of Labor. From a report: Google says policies like Schedule A, a list of occupations the government "pre-certified" as not having enough American workers, have to be more flexible and move faster to meet demand in technologies like AI and cybersecurity. The company says the government must update Schedule A to include AI and cybersecurity and do so more regularly.
"There's wide recognition that there is a global shortage of talent in AI, but the fact remains that the US is one of the harder places to bring talent from abroad, and we risk losing out on some of the most highly sought-after people in the world," Karan Bhatia, head of government affairs and public policy at Google, tells The Verge. He noted that the occupations in Schedule A have not been updated in 20 years.
Companies can apply for permanent residencies, colloquially known as green cards, for employees. The Department of Labor requires companies to get a permanent labor certification (PERM) proving there is a shortage of workers in that role. That process may take time, so the government "pre-certified" some jobs through Schedule A. The US Citizenship and Immigration Services lists Schedule A occupations as physical therapists, professional nurses, or "immigrants of exceptional ability in the sciences or arts." While the wait time for a green card isn't reduced, Google says Schedule A cuts down the processing time by about a year.