Welcome reader to your CybersecurityHQ report

Headlines

A letter to the Securities and Exchange Commission alleges that OpenAI, the company behind popular tools like ChatGPT, illegally stopped employees from warning outside agencies about potential safety risks. The whistleblowers who wrote the letter detail how the company used terms of employment and non-disclosure agreements to control workers. If true, the terms of employment violate federal laws and regulations meant to protect whistleblowers.

In response, a spokesperson for OpenAI said, “Our whistleblower policy protects employees’ rights to make protected disclosures. Additionally, we believe rigorous debate about this technology is essential and have already made important changes to our departure process to remove nondisparagement terms.”

North Korean hacker group Lazarus sent $150,000 worth of crypto to the Cambodian payments firm Huione Pay. Tracked on the blockchain, the transfer gives international authorities critical insights into how this notorious group launders money in Southeast Asia.

As of about a year ago, Lazarus was known to have stolen somewhere in the neighborhood of $160 million worth of crypto. The US government alleges that these funds are used to pay for North Korean weapons programs.

AT&T paid hackers almost $400,000 to delete data stolen from its customers. The trove included tens of millions of calls, texts, and even landline data. Almost every customer was affected.

The hacker group ShinyHunters was negotiated down from $1 million, instead opting for 5.7 Bitcoin. It’s another incident related to poorly secured Snowflake accounts—connecting it to the recent attacks at Ticketmaster and Santander.

Interesting Read

This write-up by Kaspersky shows the rising tide of threats against small and medium-sized businesses (SMBs). The issues continue to escalate as more companies are choosing to use a variety of digital tools. Everything from ZenDesk to QuickBooks can be a threat.

These are significant vectors for malware. Their research shows that SMBs have experienced an 8% increase in malware and unwanted software just in the last year. Along with phishing, the threat landscape is as complex and challenging as ever for these companies.

Twitter Highlights

Employment Tip: Cloud Security

Cloud security is a focus area with lots of growth potential. The explosion of cloud environments in recent years means that tons of companies are overexposed, and as they grow, they need teams to protect their data and manage access.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team