hacking

https://www.theguardian.com/business/2023/dec/04/sellafield-nuclear-site-hacked-groups-russia-china

It is still not known if the malware has been eradicated. It may mean some of Sellafield’s most sensitive activities, such as moving radioactive waste, monitoring for leaks of dangerous material and checking for fires, have been compromised.

Sources suggest it is likely foreign hackers have accessed the highest echelons of confidential material at the site, which sprawls across 6 sq km (2 sq miles) on the Cumbrian coast and is one of the most hazardous in the world.

Sellafield covers 6 sq km on the Cumbrian coast and is one of the most hazardous nuclear sites in the world. Photograph: David Levene/The Guardian
The full extent of any data loss and any ongoing risks to systems was made harder to quantify by Sellafield’s failure to alert nuclear regulators for several years, sources said.

In the face of an escalating military conflict with Hamas and Hezbollah forces, the Israeli government has asked citizens to secure home security cameras or shut them down completely, fearing the devices could be hacked and used for espionage and intelligence collection.

In a memo on Friday, Israel’s National Cyber Directorate has asked camera owners to change their passwords, enable two-factor authentication if present, and enable automatic security updates.

If camera owners can’t change any of their settings, officials have urged owners to either cover camera lenses or shut down devices completely.Israeli officials aren’t taking any chances and have most likely learned a vital lesson from the recent Russo-Ukrainian conflict, where security cameras across Ukraine have been hacked by Russian hackers to track military aid convoys and adjust missile targeting in real-time.

…

In addition, there is also a propaganda aspect to take into consideration. Since the initial Hamas attack on October 7, footage taken from hacked security cameras showing Hamas rockets hitting Israeli homes has also been widely shared online.

Risky Biz News: Israel warns citizens of security camera hack risk

https://www.schneier.com/blog/archives/2023/10/security-vulnerability-of-switzerlands-e-voting-system.html

Online voting is insecure, period. This doesn’t stop organizations and governments from using it. (And for low-stakes elections, it’s probably fine.) Switzerland—not low stakes—uses online voting for national elections.

https://www.bbc.com/news/world-asia-india-66964510

The business model is brutal but simple.
There are many apps that promise hassle-free loans in minutes. Not all of them are predatory. But many – once downloaded – harvest your contacts, photos and ID cards, and use that information later to extort you.
When customers don’t repay on time – and sometimes even when they do – they share this information with a call centre where young agents of the gig economy, armed with laptops and phones are trained to harass and humiliate people into repayment.

https://www.bleepingcomputer.com/news/security/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack/

The initial data leak was limited, with the threat actor releasing 1 million lines of data for Ashkenazi people. However, on October 4, the threat actor offered to sell data profiles in bulk for $1-$10 per 23andMe account, depending on how many were purchased.

A 23andMe spokesperson confirmed the data is legitimate and told BleepingComputer that the threat actors used exposed credentials from other breaches to access 23andMe accounts and steal the sensitive data.

…

https://arstechnica.com/security/2023/10/private-23andme-user-data-is-up-for-sale-after-online-scraping-spree/

The information that has been exposed from this incident includes full names, usernames, profile photos, sex, date of birth, genetic ancestry results, and geographical location.

While there are benefits to storing genetic information online so people can trace their heritage and track down relatives, there are clear privacy threats. Even if a user chooses a strong password and uses two-factor authentication as 23andMe has long urged, their data can still be swept up in scraping incidents like the one recently confirmed. The only sure way to protect it from online theft is to not store it there in the first place.

The International Committee of the Red Cross (ICRC) has, for the first time, published rules of engagement for civilian hackers involved in conflicts.The organisation warns unprecedented numbers of people are joining patriotic cyber-gangs since the Ukraine invasion.The eight rules include bans on attacks on hospitals, hacking tools that spread uncontrollably and threats that engender terror among civilians.

https://www.bbc.com/news/technology-66998064

https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot

Considering that tech giants make most of their revenue from advertising, it wasn’t surprising to see Microsoft introduce ads into Bing Chat shortly after its release. However, online ads have an inherent risk attached to them. In this blog, we show how users searching for software downloads can be tricked into visiting malicious sites and installing malware directly from a Bing Chat conversation.

Turns out pumps at gas stations are controlled via Bluetooth, and that the connections are insecure. No details in the article, but it seems that it’s easy to take control of the pump and have it dispense gas without requiring payment.
https://www.schneier.com/blog/archives/2023/10/hacking-gas-pumps-via-bluetooth.html

https://www.theguardian.com/technology/2023/aug/07/norway-meta-fine-user-privacy-breach-targeted-ads

Country’s data protection regulator said firm cannot harvest user information such as physical locations for showing targeted ads

https://www.schneier.com/blog/archives/2023/08/the-need-for-trustworthy-ai.html

If you ask Alexa, Amazon’s voice assistant AI system, whether Amazon is a monopoly, it responds by saying it doesn’t know. It doesn’t take much to make it lambaste the other tech giants, but it’s silent about its own corporate parent’s misdeeds.

When Alexa responds in this way, it’s obvious that it is putting its developer’s interests ahead of yours. Usually, though, it’s not so obvious whom an AI system is serving. To avoid being exploited by these systems, people will need to learn to approach AI skeptically.