Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.
In the grand scheme of things, there have been far worse security breaches than what Peak Design, the popular camera accessory brand, is currently dealing with.
But if you had any customer service interactions with the company between October 2013 and May 2023, well... everything contained in those tickets was accessed by an unknown third party before the issue was fixed. Not great.
Journalist Veronica de Souza had her phone stolen and immediately replaced it, but the thieves very much wanted her to unlock her old iPhone as it was effectively useless without her password.
So they asked her to unlock. Repeatedly.
According to Forbes, TikTok accounts for Paris Hilton and CNN have been hijacked recently by a “zero-day” attack in the app’s DMs that could be activated simply by opening the message.
TikTok spokesperson Alex Haurek sent us this statement:
Our security team is aware of a potential exploit targeting a number of brand and celebrity accounts. We have taken measures to stop this attack and prevent it from happening in the future. We’re working directly with affected account owners to restore access, if needed.
A blog post says the attack has gone on intermittently for three days, making access to the archives inconsistent. However, founder Brewster Kahle says patrons should worry more about lawsuits from book publishers and the recording industry that “are trying to destroy this library entirely and hobble all libraries everywhere.”
OpenAI says that training of its latest frontier model “has recently begun” — something that’s been rumored for a while — on the path to developing artificial general intelligence (AGI).
Altman and Co have also formed a new Safety and Security Committee to help guide critical decisions for OpenAI projects. This follows the resignation of a key OpenAI researcher over concerns that safety had taken ‘a backseat to shiny products.’
RansomHub is claiming responsibility for an attack earlier this month that forced Christie’s to take its website offline for over a week, according to the New York Times. Hackers are now threatening to release details on the auction house’s wealthy clients in the next few days if it doesn’t comply with demands. A sample has already been released.
Cybersecurity journalist Joseph Cox, author of the new book Dark Wire, tells us the wild, true story behind secure phone startup Anom.
The job has never been harder, and the threats have never been stranger.
In response to malware and social engineering attacks that work by snooping notifications or activating screen sharing, Google says Android 15 will hide notifications with one-time passwords (with some exceptions, like wearable companion apps).
They’re also automatically hidden during screen sharing, and developers can enable their apps to check if Google Play Protect is active, or if another app might be capturing the screen during use.
The hackers obtained the names and banking information belonging to an unknown number of UK military personnel, according to reports from the BBC and Sky News.
Members of Parliament will reportedly be made aware of the breach on Tuesday. Although the UK government has not revealed who’s behind the attack, Sky News has linked it to China.
An international police coalition seized the ransomware gang’s dark web site in February, and is now using the site to tease blog posts with a timer hinting that it will reveal information about the group tomorrow at 10AM ET, reports BleepingComputer.
Lockbit previously resurfaced after the coalition’s takedown, claiming to have struck back at the FBI, and reportedly soon resumed its other activities.
[BleepingComputer]
Proton’s encrypted password manager — available on Windows, Android, and iOS — has added a Pass Monitor feature that will alert users if their account information is being sold on the dark web (requires $1.99/mth subscription), and identifies weak and reused passwords and any accounts with missing 2FA (free).