Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections.
https://www.bbc.com/news/world-asia-india-66964510
The business model is brutal but simple.
There are many apps that promise hassle-free loans in minutes. Not all of them are predatory. But many – once downloaded – harvest your contacts, photos and ID cards, and use that information later to extort you.
When customers don’t repay on time – and sometimes even when they do – they share this information with a call centre where young agents of the gig economy, armed with laptops and phones are trained to harass and humiliate people into repayment.
The initial data leak was limited, with the threat actor releasing 1 million lines of data for Ashkenazi people. However, on October 4, the threat actor offered to sell data profiles in bulk for $1-$10 per 23andMe account, depending on how many were purchased.
A 23andMe spokesperson confirmed the data is legitimate and told BleepingComputer that the threat actors used exposed credentials from other breaches to access 23andMe accounts and steal the sensitive data.
[…]
The information that has been exposed from this incident includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location.
While there are benefits to storing genetic information online so people can trace their heritage and track down relatives, there are clear privacy threats. Even if a user chooses a strong password and uses two-factor authentication as 23andMe has long urged, their data can still be swept up in scraping incidents like the one recently confirmed. The only sure way to protect it from online theft is to not store it there in the first place.
The International Committee of the Red Cross (ICRC) has, for the first time, published rules of engagement for civilian hackers involved in conflicts.The organisation warns unprecedented numbers of people are joining patriotic cyber-gangs since the Ukraine invasion.The eight rules include bans on attacks on hospitals, hacking tools that spread uncontrollably and threats that engender terror among civilians.
Considering that tech giants make most of their revenue from advertising, it wasn’t surprising to see Microsoft introduce ads into Bing Chat shortly after its release. However, online ads have an inherent risk attached to them. In this blog, we show how users searching for software downloads can be tricked into visiting malicious sites and installing malware directly from a Bing Chat conversation.
Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment.
https://www.schneier.com/blog/archives/2023/10/hacking-gas-pumps-via-bluetooth.html
https://www.theguardian.com/technology/2023/aug/07/norway-meta-fine-user-privacy-breach-targeted-ads
Country’s data protection regulator said firm cannot harvest user information such as physical locations for showing targeted ads
https://www.schneier.com/blog/archives/2023/08/the-need-for-trustworthy-ai.html
If you ask Alexa, Amazon’s voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesn’t know. It doesn’t take much to make it lambaste the other tech giants, but it’s silent about its own corporate parent’s misdeeds.
When Alexa responds in this way, it’s obvious that it is putting its developer’s interests ahead of yours. Usually, though, it’s not so obvious whom an AI system is serving. To avoid being exploited by these systems, people will need to learn to approach AI skeptically.
https://therecord.media/norway-investigates-cyberattack-affecting-government-ministries
The Norwegian police are investigating a cyberattack uncovered earlier this month that affected the IT systems used by a dozen government ministries.
Norway’s Office of the Prime Minister, as well as its foreign, defense, and justice ministries, were not affected by the hack because they use a different IT platform, said Erik Hope, head of the government agency in charge of providing security and services to the ministries, during a press briefing on Monday.
…
According to Hope, the hackers exploited a now-patched vulnerability in the platform of one of the government’s suppliers. The government’s security specialists identified the attack following “unusual” traffic on the supplier’s platform. Hope declined to provide more details until the investigation is over.
The attack didn’t disrupt the government’s operation. As a result of the hack, employees of several Norwegian ministries couldn’t access some shared services on their mobile phones, including email, but they could still use work devices without issue, Norwegian cybersecurity officials said.
A former executive at TikTok’s parent company, ByteDance, has alleged that the Chinese Communist party accessed user data from the social video app belonging to Hong Kong protesters and civil rights activists.
Yintao Yu, a former head of engineering at ByteDance’s US operation, claimed in a legal filing that a committee of Communist party members accessed TikTok data that included the users’ network information, Sim card identifications and IP addresses in a bid to identify the individuals and their locations.
The claims, in a wrongful dismissal lawsuit brought by Yu in a California court and reported by the Wall Street Journal, also allege the party accessed TikTok users’ communications, monitored Hong Kong users who uploaded protest-related content and that Beijing-based ByteDance maintained a “backdoor channel” for the party to access US user data.
Yu alleges in the filing that members of a Communist party committee inside ByteDance had access to a “superuser” credential which was also called a “God credential” and allowed them to view all data collected by ByteDance.