Verizon Discloses Internal Data Breach Impacting 63,000 Employees

A Backroom Deal Looms Over Section 702 Surveillance Fight

Top congressional lawmakers are meeting in private to discuss the future of a widely unpopular surveillance program, worrying members devoted to reforming Section 702.

The Hidden Injustice of Cyberattacks

Cyberattacks and criminal scams can impact anyone. But communities of color and other marginalized groups are often disproportionately impacted and lack the support to better protect themselves.

Wazuh in the Cloud Era: Navigating the Challenges of Cybersecurity

Cloud computing has innovated how organizations operate and manage IT operations, such as data storage, application deployment, networking, and overall resource management. The cloud offers scalability, adaptability, and accessibility, enabling businesses to achieve sustainable growth. However, adopting cloud technologies into your infrastructure presents various cybersecurity risks and

London Underground Is Testing Real-Time AI Surveillance Tools to Spot Crime

In a test at one station, Transport for London used a computer vision system to try and detect crime and weapons, people falling on the tracks, and fare dodgers, documents obtained by WIRED show.

Google Starts Blocking Sideloading of Potentially Dangerous Android Apps in Singapore

Google has unveiled a new pilot program in Singapore that aims to prevent users from sideloading certain apps that abuse Android app permissions to read one-time passwords and gather sensitive data. "This enhanced fraud protection will analyze and automatically block the installation of apps that may use sensitive runtime permissions frequently abused for financial fraud when the user attempts

Global Coalition and Tech Giants Unite Against Commercial Spyware Abuse

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse of commercial spyware to commit human rights abuses. The initiative, dubbed the Pall Mall Process, aims to tackle the proliferation and irresponsible use of commercial cyber intrusion tools by

WhatsApp Chats Will Soon Work With Other Encrypted Messaging Apps

New EU rules mean WhatsApp and Messenger must be interoperable with other chat apps. Here’s how that will work.

U.S. Imposes Visa Restrictions on those Involved in Illegal Spyware Surveillance

The U.S. State Department said it's implementing a new policy that imposes visa restrictions on individuals who are linked to the illegal use of commercial spyware to surveil civil society members. "The misuse of commercial spyware threatens privacy and freedoms of expression, peaceful assembly, and association," Secretary of State Antony Blinken said. "Such targeting has been

Italian Data Protection Watchdog Accuses ChatGPT of Privacy Violations

Italy's data protection authority (DPA) has notified ChatGPT-maker OpenAI of supposedly violating privacy laws in the region. "The available evidence pointed to the existence of breaches of the provisions contained in the E.U. GDPR [General Data Protection Regulation]," the Garante per la protezione dei dati personali (aka the Garante) said in a statement on Monday. It also said it

US Lawmakers Tell DOJ to Quit Blindly Funding ‘Predictive’ Police Tools

Members of Congress say the DOJ is funding the use of AI tools that further discriminatory policing practices. They're demanding higher standards for federal grants.

NSA Admits Secretly Buying Your Internet Browsing Data without Warrants

The U.S. National Security Agency (NSA) has admitted to buying internet browsing records from data brokers to identify the websites and apps Americans use that would otherwise require a court order, U.S. Senator Ron Wyden said last week. "The U.S. government should not be funding and legitimizing a shady industry whose flagrant violations of Americans' privacy are not just unethical, but illegal

23andMe Failed to Detect Account Intrusions for Months

Plus: North Korean hackers get into generative AI, a phone surveillance tool that can monitor billions of devices gets exposed, and ambient light sensors pose a new privacy risk.

The Pentagon Tried to Hide That It Bought Americans’ Data Without a Warrant

US spy agencies purchased Americans’ phone location data and internet metadata without a warrant but only admitted it after a US senator blocked the appointment of a new NSA director.

Tech Giant HP Enterprise Hacked by Russian Hackers Linked to DNC Breach

Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email environment to exfiltrate mailbox data. "The threat actor accessed and exfiltrated data beginning in May 2023 from a small percentage of HPE mailboxes belonging to individuals in our cybersecurity, go-to-market, business segments, and other functions,"

Ring Will Stop Giving Cops a Free Pass on Warrantless Video Requests

The Amazon-owned home surveillance company says it is shuttering a feature in its Neighbors app that allows police to request footage from users. But it’s not shutting out the cops entirely.

U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach

Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as well as the theft and release of Personally Identifiable

BreachForums Founder Sentenced to 20 Years of Supervised Release, No Jail Time

Conor Brian Fitzpatrick has been sentenced to time served and 20 years of supervised release for his role as the creator and administrator of BreachForums. Fitzpatrick, who went by the online alias "pompompurin," was arrested in March 2023 in New York and was subsequently charged with conspiracy to commit access device fraud and possession of child pornography. He was later released on a

US Agencies Urged to Patch Ivanti VPNs That Are Actively Being Hacked

Plus: Microsoft says attackers accessed employee emails, Walmart fails to stop gift card fraud, “pig butchering” scams fuel violence in Myanmar, and more.

‘Stablecoins’ Enabled $40 Billion in Crypto Crime Since 2022

A new report from Chainalysis finds that stablecoins like Tether, tied to the value of the US dollar, were used in the vast majority of crypto-based scam transactions and sanctions evasion in 2023.

This Free Discovery Tool Finds and Mitigates AI-SaaS Risks

Wing Security announced today that it now offers free discovery and a paid tier for automated control over thousands of AI and AI-powered SaaS applications. This will allow companies to better protect their intellectual property (IP) and data against the growing and evolving risks of AI usage. SaaS applications seem to be multiplying by the day, and so does their integration of AI

How a 27-Year-Old Codebreaker Busted the Myth of Bitcoin’s Anonymity

Once, drug dealers and money launderers saw cryptocurrency as perfectly untraceable. Then a grad student named Sarah Meiklejohn proved them all wrong—and set the stage for a decade-long crackdown.

Case Study: The Cookie Privacy Monster in Big Global Retail

Explore how an advanced exposure management solution saved a major retail industry client from ending up on the naughty step due to a misconfiguration in its cookie management policy. This wasn’t anything malicious, but with modern web environments being so complex, mistakes can happen, and non-compliance fines can be just an oversight away.Download the full case study here. As a child,

The Sad Truth of the FTC's Location Data Privacy Settlement

The FTC forced a data broker to stop selling “sensitive location data.” But most companies can avoid such scrutiny by doing the bare minimum, exposing the lack of protections Americans truly have.

A Bloody Pig Mask Is Just Part of a Wild New Criminal Charge Against eBay

Plus: Chinese officials tracked people using AirDrop, Stuxnet mole’s identity revealed, AI chatbot hacking, and more.

FTC Bans Outlogic (X-Mode) From Selling Sensitive Location Data

The U.S. Federal Trade Commission (FTC) on Tuesday prohibited data broker Outlogic, which was previously known as X-Mode Social, from sharing or selling any sensitive location data with third-parties. The ban is part of a settlement over allegations that the company "sold precise location data that could be used to track people's visits to sensitive locations such as medical and

LoanDepot Systems Offline Following Ransomware Attack

Facebook, Instagram Now Mine Web Links You Visit To Fuel Targeted Ads

After Injecting Cancer Hospital With Malware, Crims Threaten To Swat Patients

23andMe Blames Users for Recent Data Breach as It's Hit With Dozens of Lawsuits

Plus: Russia hacks surveillance cameras as new details emerge of its attack on a Ukrainian telecom, a Google contractor pays for videos of kids to train AI, and more.

23andMe Told Victims Of Data Breach That Suing Is Futile, Letters Shows

Google Chrome Starts Blocking Data Tracking Cookies

How to Be More Anonymous Online

Being fully anonymous is next to impossible—but you can significantly limit what the internet knows about you by sticking to a few basic rules.

Estes Express Lines Says Personal Data Stolen In Ransomware Attack

Millions Still Haven't Patched Terrapin SSH Protocol Vulnerability

Qualcomm Chip Vulnerability Enables Remote Attack By Voice Call

DOJ Slams XCast with $10 Million Fine Over Massive Illegal Robocall Operation

The U.S. Department of Justice (DoJ) on Tuesday said it reached a settlement with VoIP service provider XCast over allegations that it facilitated illegal telemarketing campaigns since at least January 2018, in contravention of the Telemarketing Sales Rule (TSR). In addition to prohibiting the company from violating the law, the stipulated order requires it to meet other compliance measures,

Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode'

Google has agreed to settle a lawsuit filed in June 2020 that alleged that the company misled users by tracking their surfing activity who thought that their internet use remained private when using the “incognito” or “private” mode on web browsers. The class-action lawsuit sought at least $5 billion in damages. The settlement terms were not disclosed. The plaintiffs had

Google Settles $5 Billion Consumer Privacy Lawsuit

Crooks Push Holiday Misery With Leaksmas Release Of 50M PII Records

The Worst Hacks of 2023

It was a year of devastating cyberattacks around the globe, from ransomware attacks on casinos to state-sponsored breaches of critical infrastructure.

iPhone 0-Click Spyware Campaign Triangulation Detailed

LoanCare Notifying 1.3 Million Of Data Breach

Hackers See Value In Stealing Children's School Records

Ohio Lottery Hit By Ransomwarem Hackers Claim Theft Of Data

Hackers Steal Customer Data From Europe's Largest Parking App Operator

This Clever New Idea Could Fix AirTag Stalking While Maximizing Privacy

Apple updated its location-tracking system in an attempt to cut down on AirTag abuse while still preserving privacy. Researchers think they’ve found a better balance.

New Sneaky Xamalicious Android Malware Hits Over 327,000 Devices

A new Android backdoor has been discovered with potent capabilities to carry out a range of malicious actions on infected devices. Dubbed Xamalicious by the McAfee Mobile Research Team, the malware is so named for the fact that it's developed using an open-source mobile app framework called Xamarin and abuses the operating system's accessibility permissions to fulfill its objectives.

Congress Sure Made a Lot of Noise About Kids’ Privacy in 2023—and Not Much Else

Members of the US Congress touted improvements to children’s privacy protections as an urgent priority. So why didn’t they do anything about it?

Experts Detail Multi-Million Dollar Licensing Model of Predator Spyware

A new analysis of the sophisticated commercial spyware called Predator has revealed that its ability to persist between reboots is offered as an "add-on feature" and that it depends on the licensing options opted by a customer. "In 2021, Predator spyware couldn't survive a reboot on the infected Android system (it had it on iOS)," Cisco Talos researchers Mike Gentile, Asheer Malhotra, and Vitor

ESO Solutions Data Breach Impacts 2.7 Million Individuals

Mr. Cooper Breach Affects 14.6 Million Customers

Xfinity Customer Data Compromised In Attack Exploiting CitrixBleed Vulnerability

Brazil's First Lady To Sue Musk's X Over Hacked Account

Delta Dental Says Data Breach Exposed 7 Million Customers

MongoDB Confirms Hack, Says Customer Data Stolen

MongoDB Suffers Security Breach, Exposing Customer Data

MongoDB on Saturday disclosed it's actively investigating a security incident that has led to unauthorized access to "certain" corporate systems, resulting in the exposure of customer account metadata and contact information. The American database software company said it first detected anomalous activity on December 13, 2023, and that it immediately activated its incident response

Google Just Denied Cops a Key Surveillance Tool

Plus: Apple tightens anti-theft protections, Chinese hackers penetrate US critical infrastructure, and the long-running rumor of eavesdropping phones crystallizes into more than an urban legend.

China's MIIT Introduces Color-Coded Action Plan for Data Security Incidents

China's Ministry of Industry and Information Technology (MIIT) on Friday unveiled draft proposals detailing its plans to tackle data security events in the country using a color-coded system. The effort is designed to "improve the comprehensive response capacity for data security incidents, to ensure timely and effective control, mitigation and elimination of hazards and losses caused

Suspects Can Refuse To Provide Phone Passcodes To Police, Court Rules