×
Security

FBI Warned Agents It Believes Phone Logs Hacked Last Year (yahoo.com) 10

An anonymous reader shares a report: FBI leaders have warned that they believe hackers who broke into AT&T's system last year stole months of their agents' call and text logs, setting off a race within the bureau to protect the identities of confidential informants, a document reviewed by Bloomberg News shows.

FBI officials told agents across the country that details about their use on the telecom carrier's network were believed to be among the billions of records stolen, according to the document and interviews with a current and a former law enforcement official. They asked not to be named to discuss sensitive information. Data from all FBI devices under the bureau's AT&T service for public safety agencies were presumed taken, the document shows.

The cache of hacked AT&T records didn't reveal the substance of communications but, according to the document, could link investigators to their secret sources. The data was believed to include agents' mobile phone numbers and the numbers with which they called and texted, the document shows. Records for calls and texts that weren't on the AT&T network, such as through encrypted messaging apps, weren't part of the stolen data.

Microsoft

Microsoft Begins Forcing Windows 24H2 Updates on PCs (pcworld.com) 41

Microsoft began mandatory rollouts of the Windows 11 2024 Update (24H2) for eligible devices running Home and Pro editions, the company announced on its Windows 11 issues page. The update, which Microsoft describes as a "full code swap," requires longer installation times, with users reporting processes exceeding an hour.

While users can briefly postpone the installation, the company is now pushing updates to mainstream users not managed by IT departments. The 24H2 update introduces USB4's 80Gbps support, Bluetooth LE Audio for hearing aids, and enhanced Energy Saver controls.
Microsoft

Microsoft Research: AI Systems Cannot Be Made Fully Secure (theregister.com) 20

Microsoft researchers who tested more than 100 of the company's AI products concluded that AI systems can never be made fully secure, according to a new pre-print paper. The 26-author study, which included Azure CTO Mark Russinovich, found that large language models amplify existing security risks and create new vulnerabilities. While defensive measures can increase the cost of attacks, the researchers warned that AI systems will remain vulnerable to threats ranging from gradient-based attacks to simpler techniques like interface manipulation for phishing.
Microsoft

Microsoft Patches Windows To Eliminate Secure Boot Bypass Threat (arstechnica.com) 39

Microsoft has patched a Windows vulnerability that allowed attackers to bypass Secure Boot, a critical defense against firmware infections, the company said. The flaw, tracked as CVE-2024-7344, affected Windows devices for at least seven months. Security researcher Martin Smolar discovered the vulnerability in a signed UEFI application within system recovery software from seven vendors, including Howyar.

The application, reloader.efi, circumvented standard security checks through a custom PE loader. Administrative attackers could exploit the vulnerability to install malicious firmware that persists even after disk reformatting. Microsoft revoked the application's digital signature, though the vulnerability's impact on Linux systems remains unclear.
IT

Nvidia Reveals AI Supercomputer Used Non-Stop For Six Years To Perfect Gaming Graphics (pcgamer.com) 38

Nvidia has dedicated a supercomputer running thousands of its latest GPUs exclusively to improving its DLSS upscaling technology for the past six years, a company executive revealed at CES 2025. Speaking at the RTX Blackwell Editor's Day in Las Vegas, Brian Catanzaro, Nvidia's VP of applied deep learning research, said the system operates continuously to analyze failures and retrain models across hundreds of games.
United States

A New Jam-Packed Biden Executive Order Tackles Cybersecurity, AI, and More (wired.com) 103

U.S. President Joe Biden has issued a comprehensive cybersecurity executive order, four days before leaving office, mandating improvements to government network monitoring, software procurement, AI usage, and foreign hacker penalties.

The 40-page directive aims to leverage AI's security benefits, implement digital identities for citizens, and address vulnerabilities that have allowed Chinese and Russian intrusions into U.S. government systems. It requires software vendors to prove secure development practices and gives the Commerce Department eight months to establish mandatory cybersecurity standards for government contractors.
Government

Governments Call For Spyware Regulations In UN Security Council Meeting (techcrunch.com) 13

An anonymous reader quotes a report from TechCrunch: On Tuesday, the United Nations Security Council held a meeting to discuss the dangers of commercial spyware, which marks the first time this type of software -- also known as government or mercenary spyware -- has been discussed at the Security Council. The goal of the meeting, according to the U.S. Mission to the UN, was to "address the implications of the proliferation and misuse of commercial spyware for the maintenance of international peace and security." The United States and 15 other countries called for the meeting. While the meeting was mostly informal and didn't end with any concrete proposals, most of the countries involved, including France, South Korea, and the United Kingdom, agreed that governments should take action to control the proliferation and abuse of commercial spyware. Russia and China, on the other hand, dismissed the concerns.

John Scott-Railton, a senior researcher at The Citizen Lab, a human rights organization that has investigated spyware abuses since 2012, gave testimony in which he sounded the alarm on the proliferation of spyware made by "a secretive global ecosystem of developers, brokers, middlemen, and boutique firms," which "is threatening international peace and security as well as human rights." Scott-Railton called Europe "an epicenter of spyware abuses" and a fertile ground for spyware companies, referencing a recent TechCrunch investigation that showed Barcelona has become a hub for spyware companies in the last few years.

Representatives of Poland and Greece, countries that had their own spyware scandals involving software made by NSO Group and Intellexa, respectively, also intervened. Poland's representative pointed at local legislative efforts to put "more control, including by the judiciary, on the relevant operational activities of the security and intelligence services," while also recognizing that spyware can be used in a legal way. "We are not saying that the use of spyware is never justified or even required," said Poland's representative. And the Greek representative pointed to the country's 2022 bill to ban the sale of spyware.

Security

Russia's Largest Platform For State Procurement Hit By Cyberattack (therecord.media) 52

Roseltorg, Russia's main electronic trading platform for government and corporate procurement, confirmed it was targeted by a cyberattack claimed by the pro-Ukraine hacker group Yellow Drift. The group allegedly deleted 550 terabytes of data, causing significant operational delays and client concerns. The Record reports: The company initially confirmed last Thursday that its services had been temporarily suspended, without providing further details. In a recent Telegram statement, Roseltorg disclosed that it had been targeted by "an external attempt to destroy data and the entire infrastructure of electronic trading." Roseltorg stated that all data and infrastructure affected by the recent attack had been fully restored, and trading systems are expected to resume operations shortly. However, as of the time of writing, the company's website remains offline.

Last week, the previously unknown pro-Ukraine hacker group Yellow Drift claimed responsibility for the attack on Roseltorg, stating they had deleted 550 terabytes of data, including emails and backups. As proof, the hackers published screenshots from the platform's allegedly compromised infrastructure on their Telegram channel. "If you support tyranny and sponsor wars, be prepared to return to the Stone Age," the hackers said.

The cyberattack on Roseltorg is already impacting clients who rely on the platform's operations, including government agencies, state-owned companies and suppliers. Following the company's announcement, many clients expressed concerns in the comments section, complaining about potential financial losses and delays in the procurement process. Roseltorg said in a statement that once access to the trading systems is reinstated, all deadlines for procedures, including contract signings, will be automatically extended without requiring any requests from users.

Security

Dead Google Apps Domains Can Be Compromised By New Owners (arstechnica.com) 34

An anonymous reader quotes a report from Ars Technica: Lots of startups use Google's productivity suite, known as Workspace, to handle email, documents, and other back-office matters. Relatedly, lots of business-minded webapps use Google's OAuth, i.e. "Sign in with Google." It's a low-friction feedback loop -- up until the startup fails, the domain goes up for sale, and somebody forgot to close down all the Google stuff. Dylan Ayrey, of Truffle Security Co., suggests in a report that this problem is more serious than anyone, especially Google, is acknowledging. Many startups make the critical mistake of not properly closing their accounts -- on both Google and other web-based apps -- before letting their domains expire.

Given the number of people working for tech startups (6 million), the failure rate of said startups (90 percent), their usage of Google Workspaces (50 percent, all by Ayrey's numbers), and the speed at which startups tend to fall apart, there are a lot of Google-auth-connected domains up for sale at any time. That would not be an inherent problem, except that, as Ayrey shows, buying a domain allows you to re-activate the Google accounts for former employees if the site's Google account still exists.

With admin access to those accounts, you can get into many of the services they used Google's OAuth to log into, like Slack, ChatGPT, Zoom, and HR systems. Ayrey writes that he bought a defunct startup domain and got access to each of those through Google account sign-ins. He ended up with tax documents, job interview details, and direct messages, among other sensitive materials.
A Google spokesperson said in a statement: "We appreciate Dylan Ayrey's help identifying the risks stemming from customers forgetting to delete third-party SaaS services as part of turning down their operation. As a best practice, we recommend customers properly close out domains following these instructions to make this type of issue impossible. Additionally, we encourage third-party apps to follow best-practices by using the unique account identifiers (sub) to mitigate this risk."
Privacy

UnitedHealth Hid Its Change Healthcare Data Breach Notice For Months (techcrunch.com) 24

Change Healthcare has hidden its data breach notification webpage from search engines using "noindex" code, TechCrunch found, making it difficult for affected individuals to find information about the massive healthcare data breach that compromised over 100 million people's medical records last year.

The UnitedHealth subsidiary said Tuesday it had "substantially" completed notifying victims of the February 2024 ransomware attack. The cyberattack caused months of healthcare disruptions and marked the largest known U.S. medical data theft.
Privacy

PowerSchool Data Breach Victims Say Hackers Stole 'All' Historical Student and Teacher Data (techcrunch.com) 21

An anonymous reader shares a report: U.S. school districts affected by the recent cyberattack on edtech giant PowerSchool have told TechCrunch that hackers accessed "all" of their historical student and teacher data stored in their student information systems. PowerSchool, whose school records software is used to support more than 50 million students across the United States, was hit by an intrusion in December that compromised the company's customer support portal with stolen credentials, allowing access to reams of personal data belonging to students and teachers in K-12 schools.

The attack has not yet been publicly attributed to a specific hacker or group. PowerSchool hasn't said how many of its school customers are affected. However, two sources at affected school districts -- who asked not to be named -- told TechCrunch that the hackers accessed troves of personal data belonging to both current and former students and teachers.
Further reading: Lawsuit Accuses PowerSchool of Selling Student Data To 3rd Parties.
United States

US Removes Malware Allegedly Planted on Computers By Chinese-Backed Hackers (reuters.com) 17

The U.S. Justice Department said on Tuesday that it has deleted malware planted on more than 4,200 computers by a group of criminal hackers who were backed by the People's Republic of China. From a report: The malware, known as "PlugX," affected thousands of computers around the globe and was used to infect and steal information, the department said. Investigators said the malware was installed by a band of hackers who are known by the names "Mustang Panda" and "Twill Typhoon."
The Internet

Double-keyed Browser Caching Is Hitting Web Performance 87

A Google engineer has warned that a major shift in web browser caching is upending long-standing performance optimization practices. Browsers have overhauled their caching systems that forces websites to maintain separate copies of shared resources instead of reusing them across domains.

The new "double-keyed caching" system, implemented to enhance privacy, is ending the era of shared public content delivery networks, writes Google engineer Addy Osmani. According to Chrome's data, the change has led to a 3.6% increase in cache misses and 4% rise in network bandwidth usage.

Slashdot Top Deals