November 15, 2024 at 05:09PM Israeli firm NSO Group allegedly exploited WhatsApp vulnerabilities to deploy its Pegasus spyware, even after legal actions were initiated. Using various zero-day exploits like “Erised” and “Eden,” NSO’s clients could remotely infiltrate devices. Despite being sanctioned by the U.S., NSO claims limited responsibility for clients’ surveillance actions. Here are the … Read more
November 13, 2024 at 04:45PM Data for 122 million individuals was stolen from DemandScience and leaked by a hacker known as ‘KryptonZambie’ in February 2024. Although the company initially denied a breach, investigations later revealed the leaked information came from a decommissioned system, now added to Have I Been Pwned for notifications. **Meeting Takeaways:** 1. … Read more
November 8, 2024 at 08:04AM Recent updates to the Google mobile app for Android have caused shared links to be prepended with a “search.app” domain, raising user concerns about potential malware. This domain, similar to other link redirectors, allows Google to gather analytics and block unsafe content, though its lack of documentation remains puzzling. **Meeting … Read more
November 1, 2024 at 04:28PM OpenAI’s “ChatGPT search” Chrome extension redirects address bar searches to ChatGPT, akin to a typical search hijacker. While it promises real-time answers, cybersecurity experts view it as lacking value, as users can create search shortcuts without the extension. Caution is advised regarding potential future privacy concerns. ### Meeting Takeaways: OpenAI’s … Read more
October 28, 2024 at 05:08PM A cybersecurity researcher, Alexander Hagenah, has released a tool that bypasses Google’s App-Bound encryption, enabling the extraction of saved credentials from Chrome. While it reflects a method similar to existing infostealer malware, its public availability increases risks for users storing sensitive data in the browser. Google is aware of the … Read more
October 25, 2024 at 12:06AM UnitedHealth reported that over 100 million individuals had their personal and healthcare data compromised in a ransomware attack on Change Healthcare in February. This incident, attributed to the BlackCat gang, is the largest healthcare data breach in recent years, causing significant disruptions and estimated losses of $2.45 billion. ### Meeting … Read more
October 9, 2024 at 06:22PM Smart TVs are increasingly monitoring viewers and exploiting their data for targeted advertising, mirroring existing online privacy concerns. A report by the Center for Digital Democracy highlights widespread commercial surveillance practices that undermine consumer privacy and calls for regulatory intervention amid growing corporate lobbying against privacy legislation. **Meeting Takeaways: Smart … Read more
October 8, 2024 at 08:36AM Malicious browser extensions are evading Google’s latest Chrome Web Store security, posing significant risks to individuals and organizations. Researchers showcased the ability to steal data and manipulate permissions. While Google aims to enhance privacy and security with Manifest V3, vulnerabilities still exist. Companies are advised to review and restrict browser … Read more
October 7, 2024 at 03:53PM US police use facial recognition technology without disclosure to suspects, lawyers. Washington Post’s investigation shows limited data sharing, misidentifications, and procedural violations. Miami Police conducted 2,500 searches, resulting in over 50 convictions. Local governments enact bans, but law enforcement bypasses them. Clearview AI’s tool is widely used, despite restrictions on … Read more
October 4, 2024 at 04:11PM Apple has released updates for iOS and iPadOS (18.0.1) to address two privacy-centric bugs. The first bug, affecting VoiceOver accessibility, could read passwords aloud. The second issue involved voice messages recording users before their awareness. Users are advised to update their devices to mitigate these vulnerabilities. However, these issues do … Read more