New research reveals that over a million domain names, including those registered by major Fortune 100 firms, are susceptible to being hijacked due to weak authentication methods employed by various web hosting providers and domain registrars. The issue stems from "lame" DNS records, which happen when a domain's authoritative name server lacks sufficient information to resolve queries. This vulnerability allows cybercriminals to assume control of these domains without accessing the legitimate owner’s account, a method previously exploited in high-profile cases to send bomb threats and phishing emails. The research, conducted by Infoblox and Eclypsium, notes that this has been an ongoing issue, with numerous DNS providers still failing to implement adequate domain ownership verification. The hijacked domains, termed "Sitting Ducks," are often used for malicious activities, including phishing and malware distribution. Despite some improvements and ongoing efforts by a few providers, more cooperation among all stakeholders and better regulatory measures are necessary to mitigate these risks.

Don’t Let Your Domain Name Become a “Sitting Duck” KrebsOnSecurity

Meta's new AI Studio allows users to create custom AI-powered chatbots with personalized touches, making it accessible even to those without technical skills. Initially available to Instagram Business accounts in the US, it will soon roll out to all Meta users through Instagram, Messenger, and WhatsApp. The tool enables creators to build chatbots that can interact with followers by answering messages and stories. Customization options include naming the AI, setting its personality, tone, avatar, and tagline. Users can manage auto-replies via Instagram’s professional dashboard, ensuring transparent interactions with followers. Additionally, AI Studio chatbots can be tailored to answer questions or simulate social scenarios.

Meta's new AI Studio helps you create your own custom AI chatbots ZDNet

OpenAI has released its latest AI model, GPT-4o, to power the ChatGPT chatbot, highlighting its advanced capabilities while raising significant privacy concerns. The model's enhanced functions, like interpreting emotions and performing intricate tasks, amplify the amount of data it can collect, including personal information. Despite OpenAI's assurances through their privacy policy that collected data is anonymized and primarily used for improving services, experts worry about potential data misuse and privacy invasions. The company offers some user controls to limit data usage, but the collection scope remains vast, encompassing everything from user prompts to geolocation data. Users can manage their privacy settings to some extent, though doing so may reduce the chatbot's functionality.

Can GPT-4o Be Trusted With Your Private Data? wired

The Cybersecurity and Infrastructure Security Agency (CISA) is preparing to manage an expected surge in cyber incident reports necessitated by the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). A Government Accountability Office (GAO) audit confirmed that while CISA has met 13 of the 59 required reporting mandates, it still faces challenges handling the influx of reports due to limited technology and staff. CISA plans to develop new technical solutions, including an incident reporting portal and ticketing system, but budget constraints impede these efforts. The agency is also working to streamline reporting requirements and ensure efficient information sharing among federal partners to mitigate cybersecurity risks effectively.

New tech, personnel will help CISA with coming rush of cyber incident reports Nextgov