[ad_1]
Because the Israel-Hamas struggle continues, with Israeli troops transferring into the Gaza Strip and encircling Gaza Metropolis, one piece of expertise is having an outsized affect on how we see and perceive the struggle. Messaging app Telegram, which has a historical past of lax moderation, has been utilized by Hamas to share grotesque pictures and movies. The knowledge has then unfold to different social networks and tens of millions extra eyeballs. Sources inform WIRED that Telegram has been weaponized to unfold horrific propaganda.
Microsoft has had a tough few months relating to the corporate’s personal safety, with Chinese language-backed hackers stealing its cryptographic signing key, continued points with Microsoft Change Servers, and its prospects being impacted by failings. The corporate has now unveiled a plan to cope with the ever-growing vary of threats. It’s the Safe Future Initiative, which plans, amongst a number of parts, to make use of AI-driven instruments, enhance its software program growth, and shorten its response time to vulnerabilities.
Additionally this week, we’ve appeared on the privateness practices of Bluesky, Mastodon, and Meta’s Threads as the entire social media platforms jostle for house in a world the place X, previously often called Twitter, continues to implode. And issues aren’t precisely nice with this subsequent era of social media. With November arriving, we now have an in depth breakdown of the safety vulnerabilities and patches issued final month. Microsoft, Google, Apple, and enterprise corporations Cisco, VMWare, and Citrix all fastened main safety flaws in October.
And there is extra. Every week, we spherical up the safety and privateness information we didn’t cowl in depth ourselves. Click on the headlines to learn the complete tales, and keep protected on the market.
The Flipper Zero is a flexible hacking instrument designed for safety researchers. The pocket-size pen-testing gadget can intercept and replay every kind of wi-fi indicators—together with NFC, infrared, RFID, Bluetooth, and Wi-Fi. Meaning it is attainable to learn microchips and examine indicators being admitted from gadgets. Barely extra nefariously, we have discovered it will probably simply clone building-entry playing cards and browse bank card particulars by means of individuals’s garments.
Over the previous few weeks, the Flipper Zero, which prices round $170, has been gaining some traction for its means to disrupt iPhones, significantly by sending them into denial of service (DoS) loops. As Ars Technica reported this week, the Flipper Zero, with some customized firmware, is ready to ship “a continuing stream of messages” asking iPhones to attach by way of Bluetooth gadgets equivalent to an Apple TV or AirPods. The barrage of notifications, which is distributed by a close-by Flipper Zero, can overwhelm an iPhone and make it just about unusable.
“My cellphone was getting these pop-ups each jiffy, after which my cellphone would reboot,” safety researcher Jeroen van der Ham advised Ars a couple of DoS assault he skilled whereas commuting within the Netherlands. He later replicated the assault in a lab atmosphere, whereas different safety researchers have additionally demonstrated the spamming means in current weeks. In van der Ham’s exams, the assault solely labored on gadgets operating iOS 17—and for the time being, the one strategy to stop the assault is by turning off Bluetooth.
In 2019, hackers linked to Russia’s intelligence service broke into the community of software program agency SolarWinds, planting a backdoor and finally discovering their approach into 1000’s of techniques. This week, the US Securities and Change Fee charged Tim Brown, the CISO of SolarWinds, and the corporate with fraud and “inner management failures.” The SEC alleges that Brown and the corporate overstated SolarWinds’ cybersecurity practices whereas “understating or failing to reveal recognized dangers.” The SEC claims that SolarWinds knew of “particular deficiencies” within the firm’s safety practices and made public claims that weren’t mirrored in its personal inner assessments.
“Moderately than handle these vulnerabilities, SolarWinds and Brown engaged in a marketing campaign to color a false image of the corporate’s cyber controls atmosphere, thereby depriving buyers of correct materials data,” Gurbir S. Grewal, director of the SEC’s Division of Enforcement stated in an announcement. In response, Sudhakar Ramakrishna, the CEO of SolarWinds, stated in a weblog publish that the allegations are a part of a “misguided and improper enforcement motion.”
For years, researchers have proven that face recognition techniques, skilled on tens of millions of images of individuals, can misidentify ladies and other people of shade at disproportionate charges. The techniques have led to wrongful arrests. A brand new investigation from Politico, specializing in a yr’s value of face recognition requests made by police in New Orleans, has discovered that the expertise was nearly solely used to attempt to establish Black individuals. The system additionally “did not establish suspects a majority of the time,” the report says. Evaluation of 15 requests for the usage of face recognition expertise discovered that solely one among them was for a white suspect, and in 9 instances the expertise did not discover a match. Three of the six matches have been additionally incorrect. “The info has just about confirmed that [anti-face-recognition] advocates have been principally right,” one metropolis councilor stated.
Id administration firm Okta has revealed extra particulars about an intrusion into its techniques, which it first disclosed on October 20. The corporate stated the attackers, who had accessed its buyer assist system, accessed recordsdata belonging to 134 prospects. (In these cases, prospects are particular person firms that subscribe to Okta’s companies). “A few of these recordsdata have been HAR recordsdata that contained session tokens which might in flip be used for session hijacking assaults,” the corporate disclosed in a weblog publish. These session tokens have been used to “hijack” the Okta periods of 5 separate firms. 1Password, BeyondTrust, and Cloudflare have all beforehand disclosed they detected suspicious exercise, however it’s not clear who the 2 remaining firms are.
[ad_2]
Source link