The tactic came to light in a trove of hacked police records published by the transparency collective Distributed Denial of Secrets.
Information about United States intelligence agencies purchasing Americans' phone location data and internet metadata without a warrant was revealed this week only after US senator Ron Wyden blocked the appointment of a new NSA director until the information was made public.
Breaches of Microsoft and Hewlett-Packard Enterprise, disclosed in recent days, have pushed the espionage operations of the well-known Russia-backed hacking group Midnight Blizzard back into the spotlight.
Amazon-owned Ring said this week that it is shutting down a feature of its controversial Neighbors app that gave law enforcement a free pass to request footage from users without a warrant.
WIRED had a deep dive this week into the Israel-linked hacking group known as Predatory Sparrow and its notably aggressive offensive cyberattacks, particularly against Iranian targets, which have included crippling thousands of gas stations and setting a steel mill on fire.
With so much going on, we've got the perfect quick weekend project for iOS users who want to feel more digitally secure: Make sure you've upgraded your iPhone to iOS 17.3 and then turn on Apple's new Stolen Device Protection feature, which could block thieves from taking over your accounts.
Each week, we highlight the news we didn't cover in-depth ourselves.
After first disclosing a breach in October, the ancestry and genetics company 23andMe said in December that personal data from 6.9 million users was impacted in the incident stemming from attackers compromising roughly 14,000 user accounts.
These accounts then gave attackers access to information voluntarily shared by users in a social feature the company calls DNA Relatives.
23andMe has blamed users for the account intrusions, saying that they only occurred because victims set weak or reused passwords on their accounts.
A state-mandated filing in California about the incident reveals that the attackers started compromising customers' accounts in April and continued through much of September without the company ever detecting suspicious activity-and that someone was trying to guess and brute-force users' passwords.
The official said that Pyongyang has not yet begun incorporating generative AI into active offensive hacking operations but that South Korean officials are monitoring the situation closely.
More broadly, researchers say they are alarmed by North Korea's development and use of AI tools for multiple applications.
The digital ad industry is notorious for enabling the monitoring and tracking of users across the web.
New findings from 404 Media highlight a particularly insidious service, Patternz, that draws data from ads in hundreds of thousands of popular, mainstream apps to reportedly fuel a global surveillance dragnet.
Researchers from MIT's Computer Science and Artificial Intelligence Laboratory have devised an algorithm that could be used to convert data from smart devices' ambient light sensors into an image of the scene in front of the device.
A tool like this could be used to turn a smart home gadget or mobile device into a surveillance tool.
Ambient light sensors measure light in an environment and automatically adjust a screen's brightness to make it more usable in different conditions.
Because ambient light data isn't considered to be sensitive, these sensors automatically have certain permissions in an operating system and generally don't require specific approval from a user to be used by an app.
As a result, the researchers point out that bad actors could potentially abuse the readings from these sensors without users having recourse to block the information stream.
This Cyber News was published on www.wired.com. Publication date: Sat, 27 Jan 2024 14:43:05 +0000