The hottest Security Measures Substack posts right now

The New York Attorney General sued Citibank for insufficient data security measures and failure to address scams.
Citibank is accused of not doing enough to prevent unauthorized account takeovers and misleading customers about their rights after being hacked.
The lawsuit alleges that Citibank has overpromised and underdelivered on security measures and failed to respond to red flags.

The events of the US Capitol insurrection showed concerning signs of possible inside help.
Multiple investigations are ongoing to determine who was involved and the extent of their actions.
Media personnel also faced danger and harassment during the attack on the Capitol building.

Password spray attacks can be stealthy and evade detection for extended periods.
Defend against password spray attacks by using strong, unique passwords and enabling multi-factor authentication.
The cyber talent shortage is not about degree requirements but unrealistic job expectations.

Frontline in Ukraine had minimal changes; Situation seemed stable but signs indicate a possible major Ukrainian push
Russian forces did not advance in Kharkiv Oblast; Some unconfirmed gains made in Bilohorivka in Luhansk Oblast
Russians did not change frontlines in Donetsk Oblast; Ukrainians may have progressed in Avdiivka; Wagner forces transferred responsibility to Donetsk People's Republic in Bakhmut

PyPI, a popular repository for Python developers, suspended new uploads and user registrations due to an influx of malicious code.
Malicious packages on PyPI pose severe security threats, like running unintentional malware in your system.
Security measures to take include verifying package provenance, checking package names for accuracy, and using trusted hosts with pip.

Get a weekly roundup of the best Substack posts, by hacker news affinity:

An inference attack against AI involves gaining private information from a system by analyzing its outputs and other available data.
There are two main types of inference attacks: model inversion attacks aim to reconstruct input data, while membership inference attacks try to determine if specific data points were part of the training dataset.
To mitigate inference attacks, techniques like differential privacy, federated learning, secure multi-party computation, data obfuscation, access control, and regular model updates can be used.

The Aviator app values user privacy and outlines how it collects and uses information.
Location data is collected to show planes nearby and is shared with trusted third parties like OpenSky Network.
Users remain anonymous on Aviator and their personal data is not sold or traded.

GDPR is a crucial regulation that transforms how organizations handle personal data globally.
Understanding key GDPR terminology and principles is essential for ensuring compliance and data protection.
GDPR compliance in IT outsourcing requires careful consideration of roles, responsibilities, and implementing key requirements.

Unsecure employee behavior, like clicking on phishing emails and using weak passwords, poses a significant threat to an organization's data security.
To address these risks, companies should focus on educating employees, implementing strict security protocols, and fostering a culture of security awareness and responsibility.
Common unsecure behaviors include sharing passwords, using unsecured Wi-Fi networks, and failing to update software, all of which can lead to data breaches and cyberattacks.