Published on September 25th, 2023 📆 | 2470 Views ⚑
0You Need to Update Google Chrome or Whatever Browser You Use
China-linked hackers are increasingly moving beyond espionage and into the disturbing world of power grid attacks. Threat researchers at security software firm Symantec this week released new evidence that the Chinese hacking group known as APT41 infiltrated the power grid of an Asian nation. Some details of the latest intrusion echo a 2021 attack on Indiaās power grid, suggesting the same hackers are responsible.
In Argentina, a scandal is playing out over the use of facial recognition software in Buenos Aires. Despite laws that require authorities to limit searches to known fugitives, an investigation by a judge found that the system was used to look up people not wanted for any crimes. In other cases, errors led police to arrest or question the wrong people. While Buenos Aires is attempting to get the system back online after legal rulings ordered it turned off, the debacle shows how dangerous facial recognition can be even when laws are in place to limit it.
Facial recognition isnāt the only artificial-intelligence-powered system governments are using in new and upsetting ways. Like everyone else, state and local governments around the United States have begun to play with generative AI tools like ChatGPT. And so far, thereās no consensus on how to use the technology. Some US states, like Maine, have temporarily banned its use altogether, fearing cybersecurity concerns, while others are using it to craft speeches and social media posts.
Meanwhile, the US Senate is in the midst of getting an AI education. Around 60 senators attended a closed-door briefing this week, where they heard from major tech CEOs, including Elon Musk, Mark Zuckerberg, and Sam Altman, as well as civil liberties advocates and AI ethics experts. The Senate has been learning about AI and its myriad issues for much of the year, and another forum on AI innovation is scheduled for later this year. Despite these cramming sessions, some lawmakers question whether theyāre any closer to tackling AI responsibly.
Finally, the cyberattack against MGM casinos continues to cause havoc for guests of its resorts nearly a week after the attack began. While an attack on a major casino company is inevitably high-profile, the group behind the breach, known as Alphv, has a long history of targeting schools and hospitalsāattacks that are far more consequential.
Thatās not all. Each week, we round up the security and privacy news we didnāt cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.
Unless you updated your browser in the past few days, it likely contains a critical flaw. The recently disclosed vulnerability exists in the WebP code library known as libwebp, which encodes and decodes images in the widely used WebP format. Known generally as a āheap buffer overflow,ā the flaw can be exploited using a specially crafted malicious image, allowing an attacker to run malicious code on a targeted device. Google says the bug has already been exploited in the wild.
Initially identified early this week as a zero-day vulnerability in Googleās Chrome browser, the libwebp bug impacts browsers built using Chromium, which means Chrome, Mozillaās Firefox, Microsoft Edge, Opera, Brave, and more. It also affects apps like Telegram, 1Password, Thunderbird, and Gimp. Patches for the flaw are rolling out now, so keep your eyes peeled for updates.
Malicious online adsāalso known as āmalvertisingāāhave been around for years. Now, theyāre going pro. Several Israeli companies are developing exploits that take advantage of weaknesses in the technical mechanisms that bombard you with ads online, Haaretz reports, allowing attackers to track people and hack their devices. The exploit takes advantage of the online advertising bidding process, in which bots are competing for specific ad slots on web pages in real time. Taking advantage of the fraction of a second before an ad slot is filled, these companies have figured out how to show you an ad that reportedly contains āadvanced spyware.ā While thereās no quick fix for stopping the spread of this malware, there is something simple you can do to protect yourself: Use an ad blocker.
European data regulators fined TikTok ā¬345 million ($368 million) this week for breaking laws related to the privacy of underage users. The Irish Data Protection Commission (DPC) said the company violated GDPR by failing to make the accounts of child users private by default. The DPC also says TikTokās āfamily pairingā feature, which enables an adult to take control of a childās account settings, did not ensure that the adult with access to the feature was a parent or guardian. TikTok says it opposes the fine because it had updated its settings to make the accounts of anyone under 16 years old private by default before the investigation began.
Turns out, secretly interfering in the battle plans of a United States ally doesnāt go over well in Washington. The US Senate Armed Services Committee has launched an inquiry into Elon Muskās decision to not enable Starlink satellite communications in Crimea ahead of a Ukrainian military attack on Russian forces. The move, first revealed in author Walter Isaacsonās new biography on Musk, also prompted several Democratic senators to send a letter to the US defense secretary, Lloyd Austin, asking him to explain what actions the Department of Defense (DOD) has taken, or plans to take, to āprevent further dangerous meddlingā by Musk.
āSpaceX is a prime contractor and a critical industry partner for the [DOD] and the recipient of billions of dollars in taxpayer funding,ā the letter reads. āWe are deeply concerned with the ability and willingness of SpaceX to interrupt their service at Mr. Muskās whim and for the purpose of handcuffing a sovereign countryās self-defense, effectively defending Russian interests.ā
Even if you have a spotless record, passing a background check can be one of the most stressful parts of landing a new job or an apartment. We have bad news: Itās possible the information used to assess your eligibility might not be accurate. The US Federal Trade Commission (FTC) this week announced a $5.8 million fine against background check providers TruthFinder and Instant Checkmate for āfailing to ensure the maximum possible accuracy of their consumer reports,ā a violation of the Fair Credit Reporting Act. The FTC alleges that the companies āmade millionsā by selling subscriptions that would alert people when a ācriminal recordā was found in their background check, āwhen the record was merely a traffic ticket.ā The company also displayed āRemoveā and āFlag as Inaccurateā buttons that the FTC says ādid not work as advertised.ā
The regulatory ding against TruthFinder and Instant Checkmate comes several months after the companies confirmed a data breach. In January, hackers leaked the personal information of millions of customers by leaking an April 2019 database backup stolen from the companies.
Gloss