A Chinese government entity responsible for public relations attempted to open a stealth account on TikTok targeting Western audiences with propaganda, according to internal messages seen by Bloomberg.
https://www.wired.com/story/starlink-internet-dish-hack/
It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes.
Amazon’s Ring devices are not just personal security cameras. They are also police cameras—whether you want them to be or not. The company now admits there are “emergency” instances when police can get warrantless access to Ring personal devices without the owner’s permission. This dangerous policy allows police, in conjunction with Ring, to decide when access should be granted to private video.
A zero-day vulnerability in Google Chrome was discovered when attackers exploited it to target users in the Middle East, including journalists, cybersecurity firm Avast said Thursday.
The company attributed the attacks to a secretive Israeli firm known as Candiru — named after a notorious parasitic fish — that sells spyware to governments.
https://www.vice.com/en/article/z34xnw/hackers-say-they-can-unlock-and-start-honda-cars-remotely
The Honda models that Kevin2600 and his colleagues tested the attack on use a so-called rolling code mechanism, which means that—in theory—every time the car owner uses the keyfob, it sends a different code to open it. This should make it impossible to capture the code and use it again. But the researchers found that there is a flaw that allows them to roll back the codes and reuse old codes to open the car, Kevin2600 said.
Apparently, the first system breakdown of a driverless robot taxi fleet occurred. In San Francisco, at least a dozen autonomous Chevrolet Bolts from GM Cruise Automation were spotted blocking the intersection at Gough Street and Fulton Street for a couple of hours
https://www.reuters.com/investigates/special-report/usa-hackers-litigation/
A trove of thousands of email records uncovered by Reuters reveals Indian cyber mercenaries hacking parties involved in lawsuits around the world – showing how hired spies have become the secret weapon of litigants seeking an edge.
…
Reuters identified 35 legal cases since 2013 in which Indian hackers attempted to obtain documents from one side or another of a courtroom battle by sending them password-stealing emails.
The messages were often camouflaged as innocuous communications from clients, colleagues, friends or family. They were aimed at giving the hackers access to targets’ inboxes and, ultimately, private or attorney-client privileged information.
https://www.theregister.com/2022/06/14/airtag_tracking_murder_charge/
https://tidbits.com/2022/06/27/why-passkeys-will-be-simpler-and-more-secure-than-passwords/
Apple has unveiled its version of passkeys, an industry-standard replacement for passwords that offers more security and protection against hijacking while simultaneously being far simpler in nearly every respect.
https://www.flatpanelshd.com/news.php
Samsung has been caught cheating by designing its TVs to recognize and react to test patterns used by reviewers
The Federal Trade Commission is taking action against Twitter, Inc. for deceptively using account security data for targeted advertising. Twitter asked users to give their phone numbers and email addresses to protect their accounts. The firm then profited by allowing advertisers to use this data to target specific users.
https://www.nrk.no/norge/datatilsynet-gir-nav-5-mill.-kroner-i-gebyr-for-cv-deling-1.15976963
– Vi gir en smekk til Nav. De har krevd at arbeidssøkere har tilgjengeliggjort CV-en sin i en database hvor alle personopplysninger da er tilgjengelig for alle arbeidsgivere, sier Stang Dahl.
https://www.fastcompany.com/90745234/apple-security-features-2022
Millions of digital locks worldwide, including on Tesla cars, can be remotely unlocked by hackers exploiting a vulnerability in Bluetooth technology, a cybersecurity firm said on Tuesday.
In a video shared with Reuters, NCC Group researcher Sultan Qasim Khan was able to open and then drive a Tesla using a small relay device attached to a laptop which bridged a large gap between the Tesla and the Tesla owner’s phone.
“This proves that any product relying on a trusted BLE connection is vulnerable to attacks even from the other side of the world,” the UK-based firm said in a statement, referring to the Bluetooth Low Energy (BLE) protocol – technology used in millions of cars and smart locks which automatically open when in close proximity to an authorised device.
…
NCC Group said such a vulnerability was not like a traditional bug which could be fixed with a software patch and added BLE-based authentication was not originally designed for use in locking mechanisms.
https://apnews.com/article/technology-california-los-angeles-a8412a63a4e392e95a47da1b4a539a68
The driver of a Tesla operating on autopilot must stand trial for a crash that killed two people in a Los Angeles suburb, a judge ruled Thursday.
https://nrkbeta.no/2022/05/11/ny-eu-lov-mot-overgrepsmateriale-kan-fore-til-omfattende-overvakning/
Onsdag la EU-kommisjonen frem et forslag til en ny lov som kan få store konsekvenser for nordmenns digitale liv. Lovforslaget er ment å bedre beskytte barn mot overgrep, men rettighetsgrupper har lenge vært bekymret for at det kan undergrave retten til privatliv og sikker kommunikasjon.
[…]
– Dette forslaget legger opp til en overvåkningsmaskin som vi aldri har sett maken til i demokratiske land, og er det nærmeste vi kommer autoritær kontroll over digitalt innhold på samme måte som de gjør i Kina, sier stipendiat Tjerand Silde ved NTNU.
Den profilerte teknologen Alec Muffett lekket tirsdag et utkast til lovforslaget. Han er svært kritisk:
– I dag er dagen EU erklærer krig mot ende-til-ende kryptering, skriver Alec Muffett på Twitter.[…]
En rekke høyt respekterte akademikere og teknologer advarte i fjor høst mot å innføre denne typen teknologi. De mente at skanning av innhold lokalt på en digital enhet, gjerne forkortet til CSS, i ytterste konsekvens kan svekke demokratiet.
– Introduksjonen av skanning på våre personlige enheter – enheter som lagrer informasjon fra våre gjørelister, tekstmeldinger og bilder – går midt imot enkeltborgeres behov for personvern. Denne formen for masseinnsamling kan føre til omfattende nedkjølingseffekter på ytringsfriheten og faktisk på selve demokratiet, skrev ekspertene i en artikkel publisert på forskningsnettstedet arXiv.
– Vi mener at CSS verken garanterer effektiv kriminalitetsbekjempelse eller forhindrer overvåkning. Faktisk er effekten det motsatte. CSS vil skape alvorlige sikkerhets- og personvernsrisikoer for hele samfunnet, men hjelpen det kan gi politimyndigheter i beste fall er problematisk, skrev de.
[…]
Leder for IT-politiskforening i Danmark, Jesper Lund, er svært kritisk til det endelige lovforslaget. Hans organisasjon samarbeider med EDRi.
– Forslaget er et åpenbart angrep på kryptering selv om EU-kommisjonen påstår noe annet, skriver han til NRK.
https://www.nrk.no/norge/dataangrep-mot-norkart_-3_3-millioner-kan-vaere-berort-1.15962268
Selskapet Norkart, som leverer IT-systemer for kart- og eiendomsinformasjon, er utsatt for et dataangrep. Persondata for opp mot 3,3 millioner innbyggere er på avveier.
Selskapet varslet om dataangrepet tirsdag. Alle som eier eiendom i Norge kan være berørt.
[…]
– Det vi ønsker nå er at alle som er eiere eller festere er ekstra årvåkne når det gjelder forsøk på svindel. Et godt råd er å sperre seg for sjekk av kredittopplysninger og følge med på hva som skjer i postkassen din.
Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies.