In the troubling case, first reported by WIRED this week, police obtained a digital rendering of the suspect's face generated using DNA evidence and ran it through a facial recognition system. The tactic was revealed in a trove of hacked police records released by the transparency group Distributed Denial of Secrets. Meanwhile, information that US intelligence agencies are purchasing Americans' phone location data and internet metadata without a warrant comes after Sen. Ron Wyden blocked the appointment of a new NSA director until the information was made public. revealed for the first time. And a California teenager who is accused of carrying out hundreds of swatting attacks across the country using the handle Truswatts has been extradited to Florida on felony charges.
Infamous spyware developer NSO Group, creators of Pegasus spyware, are secretly planning a comeback. Its plans include investing millions of dollars in lobbying efforts in Washington, while exploiting the war between Israel and Hamas to stoke global security fears and position its products as necessities. will appear. The Microsoft and Hewlett Packard Enterprise breaches revealed in recent days have brought renewed attention to the espionage efforts of the notorious Russian-backed hacker group Midnight Blizzard. And Amazon-owned Ring announced this week that it would shut down features on its controversial app Neighbors, which gave law enforcement a free pass to request footage from users without a warrant.
WIRED this week reported on an Israeli-linked hacker group known as Predatory Sparrow and its aggressive cyberattacks specifically targeting Iran, including disabling thousands of gas stations and setting a steel mill on fire. I investigated in detail. With so much going on, we've put together an easy weekend project perfect for iOS users looking to improve their digital safety. Make sure you've upgraded your iPhone to iOS 17.3, then turn on Apple's new stolen device protection feature. Block thieves from taking over your account.
There's more. Each week we cover a story that we haven't covered in detail ourselves. Click on the heading below to read the full story. And stay safe outside.
After first disclosing the breach in October, ancestry and genetics company 23andMe announced in December that the personal data of 6.9 million users was affected by the incident, which stemmed from an attacker's compromise of approximately 14,000 user accounts. announced that it had been received. These accounts gave attackers access to information users voluntarily shared in a social feature the company called “DNA Relatives.” 23andMe blames users for the account break-ins only because victims set weak or reused passwords for their accounts. But the attackers began compromising customer accounts in April and continued through most of September without the company detecting any suspicious activity, according to documents the state filed with California regarding the incident. It has been revealed that someone was attempting a brute force attack by guessing users' passwords. .
A senior South Korean National Intelligence Service official who spoke to reporters on condition of anonymity on Wednesday said North Korea uses generative artificial intelligence tools to “search for hacking targets and the technology necessary for hacking.” The official said North Korea has not yet begun deploying generative AI in active offensive hacking operations, but South Korean authorities are closely monitoring the situation. More broadly, researchers say they are alarmed by North Korea's development and use of AI tools for multiple purposes.
The digital advertising industry is famous for allowing users to be monitored and tracked across the web. 404 Media's new findings focus on one particularly insidious service: Patternz. Patternz reportedly extracts data from ads in hundreds of thousands of popular mainstream apps, fueling a global surveillance network. The tool and its visibility are being marketed to governments around the world to integrate with other intelligence agencies' surveillance capabilities. “This pipeline involves small, unknown ad companies as well as ad industry giants like Google. In response to inquiries from 404 Media, Google and another ad company, Pubmatic, are already monitoring We have cut off companies associated with the company,” wrote Joseph Cox of 404.
Researchers at MIT's Computer Science and Artificial Intelligence Laboratory have devised an algorithm that can be used to transform data from a smart device's ambient light sensor into an image of the scene in front of the device. With tools like this, you can turn your smart home gadgets and mobile devices into monitoring tools. The ambient light sensor measures the light in the environment and automatically adjusts the screen brightness to make it easier to use in different situations. However, because ambient light data is not considered sensitive, these sensors are automatically granted certain permissions in the operating system and typically require special approval from the user for use in apps. is not required. As a result, the researchers say malicious actors could exploit readings from these sensors without users having a way to block the information stream.