alberg

@[email protected]
108 Followers
107 Following
1.5K Posts
CISO, volunteer EMT, tech and history nerd. All posts reflect my personal opinions, not those of my employer or anyone else.
CountryUS
PronounsHe/Him
albergMar 16
Don't think I really needed a full blown academic study to tell me that spouters of meaningless corporate jargon just ain't that bright. Please, nobody tell the stock market. https://news.cornell.edu/stories/2026/03/workers-who-love-synergizing-paradigms-might-be-bad-their-jobs
albergMar 13
One click on this fake Google Meet update can give attackers control of your PC https://securityboulevard.com/2026/03/one-click-on-this-fake-google-meet-update-can-give-attackers-control-of-your-pc/
One click on this fake Google Meet update can give attackers control of your PC

We found a fake Google Meet update that enrolls the victim's Windows PC in an attacker's device management system.

Security Boulevard
albergMar 12
If you are not controlling what browser extensions your users can install on your corporate devices, stories like this should give you pause. Attackers are really leaning in to using extensions (even known good ones) as attack vectors. https://thehackernews.com/2026/03/chrome-extension-turns-malicious-after.html
Chrome Extension Turns Malicious After Ownership Transfer, Enabling Code Injection and Data Theft

Malicious Chrome extensions tied to ownership transfers push malware and steal data, exposing thousands to credential theft and system compromise.

The Hacker News
albergMar 12
Call me cynical, but this makes me think of foxes and hen houses. A think tank considering the societal impact of AI should not be controlled by the people who stand to profit most from unbridled growth and adoption. If this is society's answer to looking at AI's long term impacts, we are screwed. https://www.anthropic.com/news/the-anthropic-institute
Introducing The Anthropic Institute

We’re launching The Anthropic Institute, a new effort to confront the most significant challenges that powerful AI will pose to our societies.

albergMar 11
It's US tax season and we are faced with another scam seeking to drain our wallets. In this (rare) case the scam is not being conducted by the government. https://hackread.com/social-security-scam-emails-fake-tax-doc-hijack-pc/
albergMar 10
Yikes - AI is truly just like us... https://x.com/joshkale/status/2030116466104643633
Josh Kale (@JoshKale) on X

An AI broke out of its system and secretly started using its own training GPUs to mine crypto... This is a real incident report from Alibaba's AI research team The AI figured out that compute = money and quietly diverted its own resources, while researchers thought it was just

X (formerly Twitter)
albergMar 9
Interesting EU opinion requires banks to immediately refund losses to phishing victims - even if the bank was not at fault in the fraud. If the bank later finds that customer negligence played a role, they can go after the customer to recover the refund. Seems reasonable to me - banks have the resources to monitor their brands for phishing sites while consumers do not. https://www.bleepingcomputer.com/news/legal/eu-court-adviser-says-banks-must-immediately-refund-phishing-victims/
albergMar 7
Yup, sending people to AI chatbots for medical care is gonna work out just fine... https://mindgard.ai/blog/doctronic-is-now-accepting-new-patients-and-unsafe-instructions
albergMar 3
Smart move by the bad guys… the typical picture of a hacker is a guy in a hoodie. Anything you can do as an attacker to break that mold might cause the help desk to drop its guard a bit.
albergFeb 28
Pretty clever - users are so used to getting updates to Zoom when they check in for a meeting that I can see how this can work quite effectively. Another reason for web filtering - not only in the corporate world but at home these days. I have been using NextDNS for this and am quite happy. https://securityboulevard.com/2026/02/fake-zoom-meeting-update-silently-installs-surveillance-software/