employees of the US Immigration and Customs Enforcement (ICE) abused law enforcement databases to spy on their romantic partners, neighbors, and business associates, WIRED revealed exclusively this week. New data obtained through records requests shows that hundreds of ICE employees and contractors have faced investigations since 2016 for attempting to access location, biometric and medical data without permission. The disclosures raise more questions about the protections. ICE places in people’s sensitive information.
ESET security researchers found old business routers are full of company secrets. After purchasing and analyzing old routers, the company found many login details for the company’s VPNs, hard-coded root administrator passwords, and details of who the previous owners were. The information would make it easier to impersonate the company that originally owned the router. Meet account security: the race to replace all your passwords with access keys are entering a new messy phase. New technology adoption faces challenges getting off the ground.
The breach in the supply chain of 3CX, a VoIP provider that was compromised by North Korean hackers, is coming into focus, and the attack appears to be more complex than initially believed. Google-owned security firm Mandiant said 3CX was initially compromised by a supply chain attack before its software was used to spread more malware.
Also this week, news broke that the notorious LockBit ransomware gang is develop malware that aims to encrypt Macs. To date, most ransomware has targeted machines running Windows or Linux, not devices made by Apple. If LockBit is successful, it could open up a new frontier of ransomware; however, at the moment, the ransomware does not seem to work.
With the rise of generative AI models like ChatGPT and Midjourney, we also look at how you can protect yourself against AI-powered scams. And a hacker who compromised the Twitter account of right-wing commentator Matt Walsh said they did it because they were “bored.”
But that is not all. Every week, we round up the stories we don’t report in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
Car thieves use a number of small hacking tools, sometimes hidden in Nokia 3310 phones or Bluetooth speakers, to break into and steal vehicles. This week, a report from Motherboard detailed how criminals are using controller area network (CAN) injection attacks to steal cars without having access to their keys. Security researchers say that criminals first have to disconnect a car’s headlights and then connect the hacking tool with two wires. Once connected, it can send fake messages to the car that appear to come from the car’s wireless keys and allow it to unlock and start.
Motherboard reports that the hacking devices are selling online and on Telegram channels for between $2,700 and $19,600, a potentially small price when it comes to stealing luxury cars. security researchers in Canis Labs first detailed the problem after a car was stolen using the technique. The ads claim that the tools can work on vehicles made by Toyota, BMW and Lexus. Security researchers say that encrypting the traffic sent in CAN messages would help stop the attacks.
In recent years, NSO Group’s Pegasus spyware has been used to address political leaders, activists and journalists around the worldwith experts describing the technology as being as powerful as the capabilities of the most elite hackers. In response to sophisticated spyware, Apple released lock mode last year, which adds additional security protections to iPhones and limits how successful spyware could be. Now, new research from the University of Toronto’s Citizen Lab has found that Apple’s security measures are working. The cases reviewed by Citizen Lab showed that iPhones running lockdown mode have blocked hacking attempts linked to NSO’s software and sent notifications to phone owners. The investigation found three new “zero click” exploits that could affect iOS 15 and iOS 16, which had been targeted at members of civil society in Mexico. Block mode detected one of these attacks in real time.
Since OpenAI was released GPT-4 In March, people have been clamoring to get their hands on the text generation system. This, perhaps unsurprisingly, includes cybercriminals. Analysts from security firm Check Point have discovered a thriving market for selling login data for GPT-4. The company says that since the beginning of March, it has seen an “increase in discussion and trading of stolen ChatGPT accounts.” This includes criminals who trade in premium ChatGPT accounts and brute force their way into accounts by guessing email usernames and passwords. In theory, the efforts could help people in Russia, Iran, and China access OpenAI’s system, which is currently blocked in those nations.
Russia has been trying to control access to the Internet and Ukrainian media since Vladimir Putin launched his full-scale invasion in February 2022. Confidential US documents leaked on Discord now show that Russian forces have been experimenting with an electronic warfare system, called Tobol, to disrupt Internet connections from the Starlink satellite system by Elon Musk. According to the the washington post, the Russian Tobol system appears to be more advanced than previously thought, though it is unclear whether it has actually disrupted Internet connections. Analysts initially believed that Tobol was designed for defensive purposes, but have since concluded that it could also be used for offensive purposes, disrupting signals as they are sent from the ground to Earth-orbiting satellites.
For the past four years, UK politicians have been drafting laws designed to regulate the internet, first in the guise of an online torts bill, which later morphed into the Online Safety Bill. It’s been a particularly complicated process, often trying to deal with a dizzying array of online activities, but its impact on end-to-end encryption is alarming tech companies. This week WhatsApp, Signal and the companies behind five other encrypted chat apps signed an open letter saying the UK’s plans could effectively ban encryption, which keeps the conversations of billions of people private and secure. (Only the sender and receiver can see the end-to-end encrypted messages; the companies that own the messengers don’t have access.) “The bill poses an unprecedented threat to the privacy, safety and security of all UK citizens and the people they communicate with around the world, while emboldening hostile governments who may try to draft copycat laws,” the companies say in the letter. .
—————————————————-
Source link