A series of breaches targeting customers of cloud platform Snowflake resembles one supply chain attack rolled into another: A hacker who claims to be behind the attacks, known as ShinyHunter, told WIRED that he first compromised an employee of a third-party contractor to steal the victims’ Snowflake credentials (though the contractor said he doesn’t believe he was involved).
As it turns out, the breach of Snowflake customer accounts, including Ticketmaster, banking firm Santander, and possibly more than 160 other companies, was made possible because multi-factor authentication was not enabled on their Snowflake accounts.
Antivirus giant Kaspersky’s worst nightmare has finally come true. The US government announced on Thursday that it will ban the sale of Kaspersky Lab software to new customers in the US, citing national security threats from Russia. (Kaspersky Lab disputes the Biden administration’s claims.) Meanwhile, existing customers will no longer be able to download updates for Kaspersky Lab software after September 29. What’s going to happen?
Perplexity AI, an artificial intelligence-powered search startup, says it’s already valued at $1 billion, but a WIRED investigation published this week found that the company’s secret sauce contains a harsh ingredient. That’s bullshit.
In addition to “hallucinating” the details the chatbot generated, WIRED found that the AI tool appeared to ignore the Robots Exclusion Protocol, a standard web tool used to prevent scraping on the sites of WIRED’s parent company, Condé Nast, and other publications. This appeared to allow the scraping of articles despite the internet equivalent of “No Trespassing” signs posted on WIRED and other Condé Nast sites. Perplexity’s chatbot then plagiarized the same articles when prompted.
According to documents obtained by WIRED, Amazon’s facial recognition tool secretly scanned the faces of people passing through some of the UK’s biggest train stations. The technology, used as part of a trial, predicts a range of traveller attributes, including gender, age and emotion. The surveillance, which privacy advocates have called “worrisome,” could be used to target advertising.
Finally, we detailed the rise of robot “dogs” used by the military, explained what would happen if China invaded Taiwan, and got to the heart of the boring-sounding but serious business of uncovering the multi-billion-dollar fraud tactic known as business email compromise.
But that’s not all. Every week we round up the security and privacy news we didn’t cover in depth. Click the headline to read the full story. And stay safe.
Ransomware gangs have been ravaging the healthcare industry for months, relentlessly targeting Change Healthcare’s national payments network for over 1,000 healthcare providers, Ascension Healthcare’s 140 hospitals, and dozens of other healthcare victims. Now, the hacking epidemic is culminating in yet another devastating hospital hack that has exposed the data of 300 million UK patient records online.
Synobis, a joint venture medical testing company partly owned by the UK’s National Health Service, has been battling and negotiating with Kirin, a Russia-linked ransomware group, for weeks. Kirin has severely disrupted Synobis’ services in an attempt to extort money from the company. As a result, over 1,000 surgeries have been postponed in UK hospitals, and thousands more outpatient consultations have been postponed. Ambulances have also been diverted from affected hospitals, potentially delaying life-saving treatment. Hospitals have had to make new emergency requests for type O blood, as the disruption to testing means other types of blood cannot be used to transfuse patients.
