NYC Subway Disables Trip-History Feature Over Tap-and-Go Privacy Concerns

The move by New York's Metropolitan Transit Authority (MTA) follows a report that showed how easy it is for someone to pull up another individual's seven-day ride history through the One Metro New York (OMNY) website. [TechWeb]( Follow Dark Reading: [RSS]( September 05, 2023 LATEST SECURITY NEWS & COMMENTARY [NYC Subway Disables Trip-History Feature Over Tap-and-Go Privacy Concerns]( The move by New York's Metropolitan Transit Authority (MTA) follows a report that showed how easy it is for someone to pull up another individual's seven-day ride history through the One Metro New York (OMNY) website. [MSSQL Databases Under Fire From FreeWorld Ransomware]( The sophisticated attacks, tracked as DB#JAMMER, run shell commands to impair defenses and deploy tools to establish persistence on the host. [Inaugural Pwn2Own Automotive Contest Dangles $1M for Car Hackers]( The competition encourages automotive research and allows for contestants to take part in person or remotely. [Key Group Ransomware Foiled by New Decryptor]( Researchers crack Key Group's ransomware encryption and release free tool for victim organizations to recover their data. [Proposed SEC Cybersecurity Rule Will Put Unnecessary Strain on CISOs]( The Security and Exchange Commission's Proposed Rule for Public Companies (PPRC) is ambiguous. [Realism Reigns on AI at Black Hat and DEF CON]( Realistic expectations and caution began to replace wonder and confusion for generative AI at the recent security industry gatherings. [(Sponsored Article) Visibility Is Just Not Enough to Secure Operational Technology Systems]( Visibility is just the first step to secure your operational technology environment against today's threats. You need a proactive, defense-in-depth approach. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [A Brief History of ICS-Tailored Attacks]( It's on the cyber defenders to learn from the past and make industrial control system networks hostile to attackers. [Cyberattackers Swarm OpenFire Cloud Servers With Takeover Barrage]( The Kinsing threat group has launched more than 1,000 cyberattacks in less than two months, exploiting a security vulnerability in the internal corporate messaging app in order to upload the malware and a cryptominer. [Paramount, Forever 21 Data Breaches Set Stage for Follow-on Attacks]( The Forever 21 breach alone affects a half-million people, who could be a mix of consumers and employees; Paramount is staying mum on who exactly is impacted. [MORE]( EDITORS' CHOICE [Cybercriminals Team Up to Upgrade 'SapphireStealer' Malware]( A hacker published a real gem of an infostealer to GitHub that requires zero coding knowledge to use. Then a community sprung up around it, polishing the code to a high shine and creating new, even more robust features. LATEST FROM THE EDGE [Confusion Surrounds SEC's New Cybersecurity Material Rule]( Determining what to report and which details to disclose are complex questions with elusive answers. LATEST FROM DR TECHNOLOGY [Will the AI Arms Race Lead to the Pollution of the Internet?]( Content creators want to protect their intellectual property from AI by poisoning data. Could this destroy the machine learning ecosystem? LATEST FROM DR GLOBAL [US Government Denies Blocking Sales of AI Chips to Middle East]( Nvidia and AMD do face expanded export rules for their A100 and H100 artificial intelligence (AI) chips in the Middle East, but it's not yet clear why. WEBINARS - [How Businesses Can Counterpunch against Generative AI-Powered Ransomware]( Join industry experts in AI and cybersecurity as they examine how ChatGPT and other generative AI tools are currently being used to improve the efficacy of ransomware attacks, how that will affect the cyber risk posture of most businesses, and ... - [Managing Security In a Hybrid Cloud Environment]( Many enterprises have embraced hybrid- and multi-clouds. They spread their workloads across private data centers and public cloud, or across multiple cloud providers. How do you manage security when the tools are all different? How do you enforce security controls ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [Threat Intelligence: Data, People and Processes]( - [Building Cyber Resiliency: Key Strategies for Proactive Security Operations]( - [Mandiant Threat Intelligence at Penn State Health]( - [Essential SASE Must-haves]( - [2023 Work-From-Anywhere Global Study]( - [Rediscovering Your Identity]( - [Cybersecurity in 2023 and beyond: 12 leaders share their forecasts]( [View More White Papers >>]( FEATURED REPORTS - [Concerns Mount Over Ransomware, Zero-Day Bugs, and AI-Enabled Malware]( - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... - [Successfully Managing Identity in Modern Cloud and Hybrid Environments]( Cloud promised to simplify the security and management of enterprise systems. In many ways it has, but when it comes to identity management it's as complicated as ever. This report details how to get identity programs on track -- and ... [View More Dark Reading Reports >>]( PRODUCTS & RELEASES [ReasonLabs Summer 2023 Trends Report Reveals Top Consumer Security Threats]( [AI for Good: Voxel AI Tech Increases Funding to $30M With Strategic Funding Round]( [Lacework Expands Partnership With Google Cloud to Deliver Enterprise Flexibility in the Cloud]( [3 out of 4 Cyberattacks in the Education Sector Are Associated With a Compromised On‑Premises User or Admin Account]( [MORE PRODUCTS & RELEASES]( CURRENT ISSUE [How Supply Chain Attacks Work, and How to Stop Them]( [DOWNLOAD THIS ISSUE]( [VIEW BACK ISSUES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=117994&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_09.05.23&sp_cid=49690&utm_content=DR_NL_Dark%20Reading%20Daily_09.05.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#3e If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)