zackwhittaker

zackwhittaker, 3 days ago to random

NEW, by me: The check-in computers at several hotels around the U.S. are running a consumer-grade spyware app called pcTattletale.

pcTattletale was seen stealthily and continually capturing screenshots of the hotel booking systems, which contained guest information and reservation details.

This was discovered because a security researcher found a flaw in the spyware is exposing these screenshots to the internet, not just the spyware's intended users.

More: https://techcrunch.com/2024/05/22/spyware-found-on-hotel-check-in-computers/

buherator, 2 days ago to random

[RSS] Inside the iOS bug that made deleted photos reappear

https://www.synacktiv.com/en/publications/inside-the-ios-bug-that-made-deleted-photos-reappear

molly0xfff, 4 days ago to ai

back in my day we called this spyware

#AI #privacy #Microsoft

w7voa, 8 days ago to random

University students found and reported earlier this year a security flaw allowing anyone to avoid paying for laundry provided by over a million internet-connected laundry machines in residences and college campuses around the world. https://techcrunch.com/2024/05/17/csc-serviceworks-free-laundry-million-machines/

evacide, 9 days ago to random

When I talk about digital privacy, there is always some smug genius who shrugs and tells me, "Who cares? We all know we don't have any privacy anyway." Nothing could be more wrong. Convincing you that the fight is already over to the way people in power get you to stop resisting.

dustinvolz, 9 days ago to random

Wild story. An Arizona woman arrested yesterday is accused of helping North Korea fund its nuclear weapons program by aiding the regime's efforts to nab hundreds of remote IT jobs at U.S. companies as a way to earn easy paychecks and hack companies.

https://www.wsj.com/politics/national-security/american-it-scammer-helped-north-korea-fund-nuclear-weapons-program-u-s-says-65430aa7

jagmeets13, 9 days ago to random

New: A hacker claims to be selling user records associated with known Indian online brokerage firm Samco Securities.

https://techcrunch.com/2024/05/16/hacker-claims-theft-samco-account-data/

evacide, 11 days ago to random

If you own a Tesla, your car is covered in cameras that take images reviewed by Tesla employees, who share them with each other, joke about them, and make them into memes.

https://www.reuters.com/technology/tesla-workers-shared-sensitive-images-recorded-by-customer-cars-2023-04-06/

zackwhittaker, 12 days ago to random

NEW, by me: Since mid-2023, a cybercrime operation called Estate has allowed hundreds of members to carry out thousands of automated phone calls aimed at tricking victims into turning over their one-time passcodes.

Oftentimes, that one-time passcode is all the attacker needs to break into a victim’s online account.

But a bug in Estate's code exposed the site's backend database, which was not encrypted. A security researcher shared the database with TechCrunch.

https://techcrunch.com/2024/05/13/cyber-criminals-stealing-one-time-passcodes-sim-swap-raiding-bank-accounts/

jasonkoebler, 13 days ago to random

Scoop: Solar storm is causing farmers' tractor GPS systems to go haywire. Many have shut down planting altogether during a critical period. A Deere dealer said accuracy is "extremely compromised"

https://www.404media.co/solar-storm-knocks-out-tractor-gps-systems-during-peak-planting-season/

jagmeets13, 15 days ago to random

New: Some Indian government websites have allowed scammers to plant advertisements capable of redirecting visitors to online betting platforms.

https://techcrunch.com/2024/05/10/scammers-found-planting-online-betting-ads-on-indian-government-websites/

alng, 15 days ago to random

New: The TSA fought senators' proposal to make its policy to allow opt-outs for facial recognition scans at airports into a law as it plans to mandate biometric scans in the future https://subscriber.politicopro.com/article/2024/05/tsa-fought-against-proposal-to-require-facial-recognition-opt-outs-at-airports-00157411

bbbhltz, 16 days ago to random

Stole this off LinkedIn

The title was "Companies adding AI to their product"

Fast food prep in a polystyrene container, lots of sauce is added before and after each ingredient. Sauce is then added on top of the container and the bag.

maia, 18 days ago to random

#FuckStalkerware pt. 5 - déjà vu? OwnSpy pwned again

reporting on stalkerware feels like being trapped in a timeloop

written by me, edited by @rhinozz, cover art by Mukky's World

https://maia.crimew.gay/posts/fuckstalkerware-5/

zackwhittaker, 25 days ago to random

New, by me: The ransomware gang that hacked into U.S. health tech giant Change Healthcare used a set of stolen credentials to remotely access the company's systems that weren't protected by MFA, according to the CEO of its parent company UnitedHealth.

It’s not known why Change did not set up MFA on this system, but this will likely become a focus for investigators trying to understand potential deficiencies in the insurer’s systems.

More: https://techcrunch.com/2024/04/30/uhg-change-healthcare-ransomware-compromised-credentials-mfa/

w7voa, 26 days ago to random

Washington Post cites what it calls the most explicit evidence yet that an assassination plan on American soil— ultimately thwarted by US authorities — was directed from high within India’s RAW spy service. https://www.washingtonpost.com/world/2024/04/29/india-assassination-raw-sikhs-modi/

GossiTheDog, 29 days ago to random

My Mastodon server, cyberplace.social, has received a legal threat in an attempt to have a user's thread deleted. It is styled as a cease and desist.

I have published the email here:
https://github.com/GossiTheDog/Cyberplace/blob/main/LegalThreats/Cease%20and%20Desist%20Order%20-%20Felix%20Juhl

#mastoadmin

w7voa, 29 days ago to random

Apple removes some AI image generation apps from its App Store after they were advertised as capable of creating nonconsensual nudes.
https://www.404media.co/apple-removes-nonconsensual-ai-nude-apps-following-404-media-investigation/

jagmeets13, 1 month ago to random

India's ICICI Bank exposed the sensitive data of thousands of new credit cards to customers who were not their intended recipients.
https://techcrunch.com/2024/04/25/india-icici-bank-exposed-credit-cards/

stroughtonsmith, 1 month ago to random

Rabbit's R1 sounds like a major security disaster waiting to happen

“There's no artificial intelligence or large action model in sight”

"What's even more alarming is that they ask you to login through their web portal, which is just a virtual machine connected via NoVNC. They also expect you to fill in your private passwords on their VMs. To make matters worse, they store the user sessions on their machines without any additional layers of security.”

https://github.com/rabbitscam/rabbitr1

/via @mikecane

zackwhittaker, 1 month ago to random

NEW, by me: A security researcher found bugs in a popular location tracking app, iSharing, which allowed anyone to access any other users' coordinates, even if the user wasn’t actively sharing their location data with anybody else.

We asked the researcher to test the bug by extracting our location from a test Android phone. It took him only a few seconds to locate this reporter down to a few feet.

iSharing, which has 35 million users, has fixed the bugs.

More: https://techcrunch.com/2024/04/24/security-flaws-isharing-tracking-app-exposed-millions-precise-locations

zackwhittaker, 1 month ago to random

BREAKING: UnitedHealth has confirmed that a ransomware attack on its health tech subsidiary Change Healthcare earlier this year resulted in a huge theft of Americans’ private healthcare data.

In a statement, UHG said the criminal hackers stole files containing personal data and protected health information that it says may “cover a substantial proportion of people in America.”

https://techcrunch.com/2024/04/22/unitedhealth-change-healthcare-hackers-substantial-proportion-americans/

riana, 1 month ago to random

Big New Report: Today, my colleagues and I at the Stanford Internet Observatory, led by @shelbygrossman , are publishing a comprehensive report about the CyberTipline, the pipeline by which platforms report child sex abuse material (CSAM) they find on their services.

https://io.stanford.edu/CyberTiplineReport

dustinvolz, 1 month ago to random

"The Cyberspace Administration of China asked Apple to remove WhatsApp and Threads from the App Store because both contain political content that includes problematic mentions of the Chinese president, according to a person familiar with the matter." https://www.wsj.com/tech/apple-removes-whatsapp-threads-from-china-app-store-on-government-orders-a0c02100?mod=hp_lead_pos1

GossiTheDog, 3 months ago to random

Huge US healthcare provider Change Healthcare has a “cybersecurity incident” going on for 15 hours and has shut down systems. https://techcrunch.com/2024/02/21/change-healthcare-cyberattack/