China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents

China's Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The effort is designed to "improve the comprehensive response capacity for data security incidents, to ensure timely and effective control, mitigation and elimination of hazards and losses caused

Suspects Can Refuse To Provide Phone Passcodes To Police, Court Rules

Information For 45,000 Stolen In Idaho National Laboratory Data Breach

Google's New Tracking Protection in Chrome Blocks Third-Party Cookies

Google on Thursday announced that it will start testing a new feature called "Tracking Protection" beginning January 4, 2024, to 1% of Chrome users as part of its efforts to deprecate third-party cookies in the web browser. The setting is designed to limit "cross-site tracking by restricting website access to third-party cookies by default," Anthony Chavez, vice president of Privacy

Think Tank Report Labels NSO, Lazarus As Cyber Mercenaries

Nearly A Million Non-Profit Donors' Details Left Exposed In Unsecured Database

Unveiling the Cyber Threats to Healthcare: Beyond the Myths

Let's begin with a thought-provoking question: among a credit card number, a social security number, and an Electronic Health Record (EHR), which commands the highest price on a dark web forum?  Surprisingly, it's the EHR, and the difference is stark: according to a study, EHRs can sell for up to $1,000 each, compared to a mere $5 for a credit card number and $1 for a social

Toyota Germany Says Customer Data Stolen In Ransomware Attack

North Ireland Cops Count Human Cost Of August Data Breach

Apple Releases Security Updates to Patch Critical iOS and macOS Security Flaws

Apple on Monday released security patches for iOS, iPadOS, macOS, tvOS, watchOS, and Safari web browser to address multiple security flaws, in addition to backporting fixes for two recently disclosed zero-days to older devices. This includes updates for 12 security vulnerabilities in iOS and iPadOS spanning AVEVideoEncoder, ExtensionKit, Find My, ImageIO, Kernel, Safari

Congress Clashes Over the Future of America’s Section 702 Spy Program

Competing bills moving through the House of Representatives both reauthorize Section 702 surveillance—but they pave very different paths forward for Americans’ privacy and civil liberties.

SpyLoan Scandal: 18 Malicious Loan Apps Defraud Millions of Android Users

Cybersecurity researchers have discovered 18 malicious loan apps for Android on the Google Play Store that have been collectively downloaded over 12 million times. "Despite their attractive appearance, these services are in fact designed to defraud users by offering them high-interest-rate loans endorsed with deceitful descriptions, all while collecting their victims' personal and

End-to-End Encrypted Instagram and Messenger Chats: Why It Took Meta 7 Years

Mark Zuckerberg personally promised that the privacy feature would launch by default on Messenger and Instagram chat. WIRED goes behind the scenes of the company’s colossal effort to get it right.

Meta Begins Rolling Out End-To-End Encryption

Governments May Spy on You by Requesting Push Notifications from Apple and Google

Unspecified governments have demanded mobile push notification records from Apple and Google users to pursue people of interest, according to U.S. Senator Ron Wyden. "Push notifications are alerts sent by phone apps to users' smartphones," Wyden said. "These alerts pass through a digital post office run by the phone operating system provider -- overwhelmingly Apple or Google. Because of

Meta Launches Default End-to-End Encryption for Chats and Calls on Messenger

Meta has officially begun to roll out support for end-to-end encryption (E2EE) in Messenger for personal calls and one-to-one personal messages by default in what it called the "most significant milestone yet." "This isn't a routine security update: we rebuilt the app from the ground up, in close consultation with privacy and safety experts," Loredana Crisan, vice president of

The Binance Crackdown Will Be an 'Unprecedented' Bonanza for Crypto Surveillance

Binance’s settlement requires it to offer years of transaction data to US regulators and cops, exposing the company—and its customers—to a “24/7, 365-days-a-year financial colonoscopy.”

Police Can Spy on Your iOS and Android Push Notifications

Governments can access records related to push notifications from mobile apps by requesting that data from Apple and Google, according to details in court records and a US senator.

Governments Spying On Apple, Google Users Through Push Notifications

New Report: Unveiling the Threat of Malicious Browser Extensions

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easily turn malicious through developer actions or attacks on legitimate extensions. Recent incidents like

23andMe Confirms Nearly 7 Million Customers Affected In Data Leak

US Lawmakers Want to Use a Powerful Spy Tool on Immigrants and Their Families

Legislation set to be introduced in Congress this week would extend Section 702 surveillance of people applying for green cards, asylum, and some visas—subjecting loved ones to similar intrusions.

New Relic Says Hackers Accessed Internal Environment Using Stolen Credentials

Inside America's School Internet Censorship Machine

A WIRED investigation into internet censorship in US schools found widespread use of filters to censor health, identity, and other crucial information. Students say it makes the web entirely unusable.

ChatGPT Spit Out Sensitive Data When Told to Repeat ‘Poem’ Forever

Plus: A major ransomware crackdown, the arrest of Ukraine’s cybersecurity chief, and a hack-for-hire entrepreneur charged with attempted murder.

Zoom Flaw Enabled Hijacking Of Accounts With Access To Meetings, Team Chat

WhatsApp's New Secret Code Feature Lets Users Protect Private Chats with Password

Meta-owned WhatsApp has launched a new Secret Code feature to help users protect sensitive conversations with a custom password on the messaging platform. The feature has been described as an "additional way to protect those chats and make them harder to find if someone has access to your phone or you share a phone with someone else." Secret Code builds on another feature

Dollar Tree Impacted By Data Breach Affecting 2 Million

This Free Solution Provides Essential Third-Party Risk Management for SaaS

Wing Security recently announced that basic third-party risk assessment is now available as a free product. But it raises the questions of how SaaS is connected to third-party risk management (TPRM) and what companies should do to ensure a proper SaaS-TPRM process is in place. In this article we will share 5 tips to manage the third-party risks associated with SaaS, but first...  What

U.S. Treasury Sanctions Sinbad Cryptocurrency Mixer Used by North Korean Hackers

The U.S. Treasury Department on Wednesday imposed sanctions against Sinbad, a virtual currency mixer that has been put to use by the North Korea-linked Lazarus Group to launder ill-gotten proceeds. "Sinbad has processed millions of dollars' worth of virtual currency from Lazarus Group heists, including the Horizon Bridge and Axie Infinity heists," the department said. "Sinbad is

Google Cloud Environment Flaw Lets Attackers Access Critical Data, Systems

Okta Says Hackers Stole Data For All Customer Support Users In Cyber Breach

Plex Embarrasses Everyone By Sharing Viewing Habits

OpenAI’s Custom Chatbots Are Leaking Their Secrets

Released earlier this month, OpenAI’s GPTs let anyone create custom chatbots. But some of the data they’re built on is easily exposed.

A Civil Rights Firestorm Erupts Around a Looming Surveillance Power Grab

Dozens of advocacy groups are pressuring the US Congress to abandon plans to ram through the renewal of a controversial surveillance program that they say poses an “alarming threat to civil rights.”

Critics Of Serbia's Government Targeted With Military-Grade Spyware

Section 702 Surveillance Reauthorization May Get Slipped Into ‘Must-Pass’ NDAA

Congressional leaders are discussing ways to reauthorize Section 702 surveillance, including by attaching it to the National Defense Authorization Act, Capitol Hill sources tell WIRED.

ownCloud Flaws Lead To Sensitive Info Disclosure, Auth Bypass

U.S., U.K., and Global Partners Release Secure AI System Development Guidelines

The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence (AI) systems. "The approach prioritizes ownership of security outcomes for customers, embraces radical transparency and accountability, and establishes organizational structures where secure design is a top priority," the U.S.

Private and Secure Web Search Engines: DuckDuckGo, Brave, Kagi, Startpage

What you look for online is up to you—just make sure no one else is taking a peek.

Gulf Air Exposed To Data Breach, Vital Operations Not Affected

185,000 Individuals Impacted By MOVEit Hack At AutoZone

SEC's 4-Day Breach Disclosure Rule Hits Opposition In Congress

LummaC2 4.0 Infostealer Uses Trigonometry To Avoid Sandboxes

Tor Network Removes Risky Relays Associated With Crypto Scheme

Canadian Military, Police Impacted By Data Breach

New Agent Tesla Malware Variant Using ZPAQ Compression in Email Attacks

A new variant of the Agent Tesla malware has been observed delivered via a lure file with the ZPAQ compression format to harvest data from several email clients and nearly 40 web browsers. "ZPAQ is a file compression format that offers a better compression ratio and journaling function compared to widely used formats like ZIP and RAR," G Data malware analyst Anna Lvova said in a Monday analysis.

Secretive White House Surveillance Program Gives Cops Access to Trillions of US Phone Records

A WIRED analysis of leaked police documents verifies that a secretive government program is allowing federal, state, and local law enforcement to access phone records of Americans who are not suspected of a crime.

Morgan Stanley Fined $6.5 Million For Exposing Customer Info

Cybersecurity Industry Baffled by FBI’s Lack of Action on Ransomware Gang

Plus: Hackers reveal flaws in crypto wallets holding $1 billion, a massive breach of Danish electric utilities, and more.

US Congress Report Calls for Privacy Reforms After FBI Surveillance 'Abuses'

A new report by an oversight committee in the US House of Representatives says the FBI has routinely violated rules governing FISA’s Section 702 surveillance program and must be reined in.

Running Signal Will Soon Cost $50 Million a Year

Signal’s president reveals the cost of running the privacy-preserving platform—not just to drum up donations, but to call out the for-profit surveillance business models it competes against.

FBI Director: FISA 702 Warrant Requirement A De Facto Ban

A Spy Agency Leaked People's Data Online—Then the Data Was Stolen

The National Telecommunication Monitoring Center in Bangladesh exposed a database to the open web. The types of data leaked online are extensive.

Asian Americans Raise Alarm Over ‘Chilling Effects’ of Section 702 Surveillance Program

More than 60 groups advocating for Asian American and Pacific Islander communities are pushing the US Congress to reform the Section 702 surveillance program as Senate leaders move to renew it.

In A First, Cryptographic Keys Protecting SSH Connections Stolen In New Attack

US Privacy Groups Urge Senate Not to Ram Through NSA Spying Powers

An effort to reauthorize a controversial US surveillance program by attaching it to a must-pass spending bill has civil liberties advocates calling foul.

New Ransomware Group Emerges with Hive's Source Code and Infrastructure

The threat actors behind a new ransomware group called Hunters International have acquired the source code and infrastructure from the now-dismantled Hive operation to kick-start its own efforts in the threat landscape. "It appears that the leadership of the Hive group made the strategic decision to cease their operations and transfer their remaining assets to another group, Hunters

Senate Leaders Plan to Prolong NSA Surveillance Using a Must-Pass Bill

Top senate officials are planning to save the Section 702 surveillance program by attaching it to a crucial piece of legislation. Critics worry a chance to pass privacy reforms will be missed.

Police Use of Face Recognition Is Sweeping the UK

Face recognition technology has been controversial for years. Cops in the UK are drastically increasing the amount they use it.