If it seems like there’s suddenly been a sudden spike in data breaches, you might be right. One of the reasons for this surge is the growing popularity of infostealer malware. This type of malicious software is increasingly being used by cybercriminals to harvest as many login credentials and other sensitive data as possible. The stolen data is then sold on criminal hacker forums and used to break into victim accounts, including those of large corporations. We recommend that you always enable multi-factor authentication wherever it is available.
This week, security researchers revealed they had found more than a dozen unsecured databases containing sensitive information about Illinois county voters. The data, stored by a government contractor, included driver’s license numbers, Social Security numbers and death certificates. While election security has generally improved in recent years, the incident highlights how difficult it is to protect all voter data all the time.
The FBI’s history of confidential informants is long and sordid, and it continues to this day. A WIRED investigation published this week revealed how one informant infiltrated a far-right group and handed over its secrets to the federal government, in the process spreading hateful ideology that has spawned a new generation of violent extremists online.
Hacking computers with lasers has been a rich man’s game until now. Security researchers Sam Beaumont and Larry “Patch” Trowell have released an open-source laser hacking tool called RayV Lite that can be built for just $500, a fraction of the $150,000 price tag of the laser equipment previously used for hardware hacking. The two will be describing RayV Lite in detail next week at the Black Hat security conference in Las Vegas. (WIRED will be on-site at both Black Hat and Defcon.) other There’s a big security conference in Las Vegas next week, so be sure to tune in for our full coverage starting on Tuesday.
Finally, we take a closer look at the details of OpenAI’s ChatGPT-4o, highlighting the privacy benefits and pitfalls of generative AI tools.
But that’s not all. Every week we round up the biggest security and privacy stories we didn’t cover in depth. Click the headline to read the full article. And stay safe.
Regarding the historic prisoner swap between the US and Russia, the Wall Street Journal Reporter Evan Gershkovich Former Marine Paul Whelan was released from a Russian detention facility on Thursday. The White House said the secret deal, negotiated for more than a year, involved 24 prisoners, 16 of whom were transferred from Russia to the West and eight from the West to Russia, including two cybercriminals. NBC News reports This is believed to be the first time the United States has released an international hacker in a prisoner swap.
The two Russian hackers are Roman Seleznev and Vladislav Klyushin. Seleznev was sentenced to 27 years in prison for fraud in 2017. According to the U.S. Department of JusticeIn September 2023, Crisin installed malware on point-of-sale system software and stole millions of credit card numbers from more than 500 U.S. businesses. The U.S. prosecutor It is called a “$93 million hacking conspiracy.”
Facebook and Instagram parent company Meta will pay $1.4 billion to settle a lawsuit brought by the Texas Attorney General. The attorney general’s office accuses the social media giant of illegally collecting biometric data of millions of Texans. In 2022, the state sued Meta for implementing a feature that uses facial recognition to automatically suggest tags for photos and videos uploaded to Facebook. Prosecutors say the feature, originally called “tag suggestions,” violates a Texas law that makes it illegal for companies to obtain and profit from biometric information without a person’s consent. According to Texas Attorney General Ken Paxton’s office, Meta did not admit to any wrongdoing as part of the agreement, which is the largest privacy settlement ever obtained by a state.
Microsoft said on Wednesday that a widespread outage in Microsoft Azure that affected a range of services, including Microsoft 365 products like Office and Outlook, was the result of a cyberattack. The incident lasted for about eight hours on Tuesday and affected “some” customers globally, according to Microsoft’s Azure status history page.
The company described the attack as a distributed denial of service, a malicious attempt by hackers to disrupt targeted companies’ operations by overwhelming their infrastructure with a flood of internet traffic. According to PCMagTwo hacktivist groups claimed responsibility for the attack, and Microsoft plans to publish the results of its investigation into the incident.
