If it seems like there’s suddenly been a sudden spike in data breaches, you might be right. One of the reasons for this surge is the growing popularity of infostealer malware. This type of malicious software is increasingly being used by cybercriminals to harvest as many login credentials and other sensitive data as possible. The stolen data is then sold on criminal hacker forums and used to break into victim accounts, including those of large corporations. We recommend that you always enable multi-factor authentication wherever it is available.
This week, security researchers revealed they had found more than a dozen unsecured databases containing sensitive information about Illinois county voters. The data, stored by a government contractor, included driver’s license numbers, Social Security numbers and death certificates. While election security has generally improved in recent years, the incident highlights how difficult it is to protect all voter data all the time.
The FBI’s history of confidential informants is long and sordid, and it continues to this day. A WIRED investigation published this week revealed how one informant infiltrated a far-right group and handed over its secrets to the federal government, in the process spreading hateful ideology that has spawned a new generation of violent extremists online.
Hacking computers with lasers has been a rich man’s game until now. Security researchers Sam Beaumont and Larry “Patch” Trowell have released an open-source laser hacking tool called RayV Lite that can be built for just $500, a fraction of the $150,000 price tag of the laser equipment previously used for hardware hacking. The two will be describing RayV Lite in detail next week at the Black Hat security conference in Las Vegas. (WIRED will be on-site at both Black Hat and Defcon.) other There’s a big security conference in Las Vegas next week, so be sure to tune in for our full coverage starting on Tuesday.
Finally, we take a closer look at the details of OpenAI’s ChatGPT-4o, highlighting the privacy benefits and pitfalls of generative AI tools.
But that’s not all. Every week we round up the biggest security and privacy stories we didn’t cover in depth. Click the headline to read the full article. And stay safe.
In a historic prisoner swap between the United States and Russia, Wall Street Journal reporter Evan Gershkovich and former Marine Paul Whelan were released from Russian custody on Thursday. The secret deal, negotiated for more than a year, involves 24 prisoners, 16 of whom were transferred from Russia to the West and eight from the West to Russia, according to the White House, including two cybercriminals. NBC News reports that this is likely the first time the United States has released international hackers in a prisoner swap.
The two Russian hackers are Roman Seleznev and Vladislav Klyushin. Seleznev was sentenced to 27 years in prison for fraud in 2017. According to the US Department of Justice, he installed malware in point-of-sale system software and stole millions of credit card numbers from more than 500 US companies. In September 2023, Klyushin was sentenced to nine years in prison for what US prosecutors described as a “$93 million hacking transaction conspiracy.”
Facebook and Instagram parent company Meta will pay $1.4 billion to settle a lawsuit brought by the Texas Attorney General. The attorney general’s office accuses the social media giant of illegally collecting biometric data of millions of Texans. In 2022, the state sued Meta for implementing a feature that uses facial recognition to automatically suggest tags for photos and videos uploaded to Facebook. Prosecutors say the feature, originally called “tag suggestions,” violates a Texas law that makes it illegal for companies to obtain and profit from biometric information without a person’s consent. According to Texas Attorney General Ken Paxton’s office, Meta did not admit to any wrongdoing as part of the agreement, which is the largest privacy settlement ever obtained by a state.
Microsoft said on Wednesday that a widespread outage in Microsoft Azure that affected a range of services, including Microsoft 365 products like Office and Outlook, was the result of a cyberattack. The incident lasted for about eight hours on Tuesday and affected “some” customers globally, according to Microsoft’s Azure status history page.
The company described the attack as a distributed denial of service, a malicious attempt by hackers to disrupt a target’s operations by overwhelming the company’s infrastructure with a flood of Internet traffic. Two hacktivist groups claimed responsibility, according to PCMag. Microsoft plans to release the results of its investigation into the incident.
