After months of delays, the U.S. House of Representatives voted Friday to extend the controversial warrantless wiretapping program for two years. The program, known as Section 702, authorizes the U.S. government to collect the communications of foreign nationals abroad. However, this collection also contains a large amount of communications from US citizens, which could be stored for years and later accessed without authorization by the FBI, who had badly misused the program. An amendment requiring law enforcement to obtain such warrants did not pass.
A group of U.S. lawmakers on Sunday unveiled a proposal they hope will become the country's first national privacy law. U.S. privacy rights laws limit the data that companies can collect and give U.S. residents more control over the personal information collected about them. However, passage of such legislation remains a long way off. Congress has been trying to pass a national privacy law for years, but so far has been unsuccessful.
In the absence of US privacy laws, you will have to take matters into your own hands. DuckDuckGo, the privacy-focused company known for its search engine, offers a new product called Privacy Pro that includes a VPN, a tool to remove data from people search websites, and a service to recover your identity if you've been victimized. Masu. Identity theft. There are also steps you can take to restore some of the data used to train your generative AI system. While not all systems offer the option to opt out of data collection, we provide an overview of which systems allow you to opt out and how to exclude your data from AI models.
Data collection is not the only risk associated with advances in AI. AI-generated scam calls are becoming increasingly sophisticated, with cloned voices sounding eerily real. However, there are some precautions you can take to protect yourself from being scammed using AI to impersonate your loved one.
Change Healthcare's ongoing ransomware nightmare appears to be getting worse. The company was originally targeted by a ransomware group known as AlphV in February. However, a rift appears to have developed between AlphV and the affiliated hackers after the hackers received a $22 million payment early last month, with AlphV not paying the other groups that helped carry out the attack and He claims he took the money and fled. Now, another ransomware group, RansomHub, claims to have terabytes of Change Healthcare's data and is attempting to extort the company. Service disruptions due to ransomware attacks are impacting healthcare providers and their patients across the United States.
That's not all. Each week we round up privacy and security news that we haven't covered in detail ourselves. Click on the heading to read the full story and stay safe.
Streaming video service Roku warned customers Friday that 576,000 accounts had been compromised, which was discovered during an investigation into a much smaller intrusion it responded to in March. According to Roku, the hackers did not actually exploit security vulnerabilities to break into Roku's own network, but rather tried users' passwords that had been leaked elsewhere, allowing users to reuse those passwords. The attacker reportedly carried out a “credential stuffing'' attack that infiltrated accounts held by the company. The company noted that there were fewer than 400 cases in which hackers actually abused their access and made purchases with hijacked accounts. However, the company is still resetting users' passwords and implementing two-factor authentication for all user accounts.
Apple sent an email notification to users in 92 countries this week warning that they are being targeted by sophisticated “mercenary spyware” and their devices could be compromised. The notice emphasized that the company had “high confidence” in the warning and urged potential hacking victims to take it seriously. An update to the status page suggested those who received the warning should contact the nonprofit organization Access Now's digital security helpline and enable lockdown mode for future protection. Apple has not released any information about the identity of the hacking victims, their whereabouts, or the hackers behind the attack, but the company's blog post notes that the malware is being sold by an Israeli company with a sophisticated It has been compared to Pegasus spyware. Hacking company NSO Group. The company wrote in a public support post that it has been warning users in a total of 150 countries about similar attacks since 2021.
April continues to be the cruelest month for Microsoft, or perhaps Microsoft's customers. Following the Cybersecurity Review Board's report on a previous breach of Microsoft by Chinese state-sponsored hackers, the Cybersecurity and Infrastructure Security Agency (CISA) announced this week that communications with Microsoft were compromised by a known group. A report has been released warning federal agencies that this is possible. It is believed to be working on behalf of Russia's foreign intelligence agency SVR as APT29, Midnight Blizzard, or Cozy Bear. “Midnight Blizzard's compromise of Microsoft corporate email accounts and the disclosure of communications between government agencies and Microsoft pose a significant and unacceptable risk to government agencies,” CISA said in its emergency directive. Stated. Microsoft said in March that it was still working to remove hackers from its network.
As ransomware hackers look for new ways to bully victims into yielding to their extortion demands, one group has taken a novel approach: calling the front desk of a targeted company and verbally threatening the staff. Thanks to a human resources manager named Beth, that tactic ended up sounding as menacing as a clip from a movie episode. office.
TechCrunch has a transcript of this conversation. A recording of the conversation was posted on a dark web site by a ransomware group calling itself Dragonforce in a misguided attempt to pressure victim companies into paying up. (TechCrunch has not revealed the victim's identity.) The call started out like a tedious attempt to find the right person, after calling a company's public phone number, the hacker Waiting to speak to someone from “management”.
A somewhat farcical conversation ensues as Beth eventually picks up the phone and asks the hacker to explain the situation. When he threatens to use the company's stolen data for “criminal fraud and terrorism,” Beth responds with a completely unimpressed tone: “Oh, I understand.” She then asks if you would like to post the data to “Dragonforce.com”. At another point, she points out to a frustrated hacker that it's illegal to record phone calls in Ohio, to which he replies: I don't care about the law. ” Finally, Beth refuses to negotiate with the hacker, saying, “Well, good luck,” to which the hacker replies, “Thank you, and take care.”
