Incognito settlement, hallucinated software, phone protocols vulnerable
Google to delete Incognito tracking data
According to a proposed class action settlement, Google agreed to delete “hundreds of billions” of records collected by Chrome while in Incognito mode. This action would apply globally, not just to US data where the lawsuit was filed. The company also agrees to greater disclosure in what data it does collect in Chrome’s Incognito mode. Google maintains the lawsuit lacks any merit and will not pay direct damages. The plaintiffs maintain the value of the data Google will lose at $5 billion. The deal now requires court approval to go forward.?
(BBC)
Hallucinated software packages as a security vulnerability
Typosquatting remains a tried and true attack vector for threat actors, registering malicious software packages to take advantage of an errant keystroke. But researchers from Lasso Security demonstrated a new twist on this, taking advantage of hallucinated software packages suggested by large language model coding assistants. Researchers tested 4 models from OpenAI, Google, and Cohere on the same coding tasks, with each generating at least 20% of packages as hallucinations, some used repetitively. The researchers also saw if they could game existing AI coding hallucinations, uploading an empty package to GitHub. It saw over 30,000 downloads and used in several projects for large organizations.?
FCC investigating phone infrastructure security
The US Federal Communications Commission announced an investigation into vulnerabilities in the Signaling System No. 7 and Diameter protocols that could be used for spying. These protocols allow for sending calls and SMS across networks. The design of these protocols does not natively support encryption. The FCC asked each carrier to provide examples of breaches and detail how they are preventing abuse of the protocols. Much of the FCC’s concern with protocol abuse centers on using the vulnerabilities to obtain geolocation data on users.?
Americans list over $1 billion in impersonation scams
New figures from the Federal Trade Commission shows that impersonation scams resulted in over $1.1 billion in losses last year, three times higher than 2020. Two-thirds of scams seen by the FTC came as business impersonations, the rest impersonated government agencies. Phone calls remained the most popular channel for scams, but feel from a majority 67% of scams in 2020 to 32% in 2023. Email scams saw the biggest rise in popularity, up from 10% to 26% in 2023. The FTC noted many scammers impersonate more than one entity during a con, having a fake retail service passing a victim off to a supposed bank.?
领英推荐
Huge thanks to our sponsor, Vanta
Poland investigates spyware usage
Poland’s justice minister Adam Badnar announced an investigation into the previous government’s usage of NSO Group’s Pegasus spyware. This will see a full parliamentary inquiry and potential criminal charges. The justice ministry will begin notifying Pegasus targets over the coming months, who are eligible for financial compensation. Last year Citizen Lab reported the Polish government used Pegasus against targets affiliated with the Civic Platform party, then in opposition but now part of the governing coalition. It’s believed Poland stopped using Pegasus in 2021.?
Microsoft breaks up the Teams bundle
The Redmond giant announced it now offers its Teams collaboration app separate from its Office productivity suite globally. This comes after it unbundled Teams from Office in the EU in October to avoid potential antitrust actions. Microsoft began bundling Teams with Office in 2017. The new standalone Teams tier starts at $5.25 per user per month. It’s unclear if this move will stave off further antitrust action in the EU or other countries.?
(Reuters)
Foxconn ramps up AI hardware investment in Mexico
The Wall Street Journal’s sources say this moves comes in response to pressure from US tech giants that seek to reduce dependence on China. Foxconn invested roughly $690 million in Mexico since 2019, including acquiring land in Jalisco state to reportedly expand its AI server production. Foxconn reportedly manufactures AI servers for Amazon, Microsoft, Nvidia, and Google at its facilities in Mexico. The 2020 U.S.-Mexico-Canada Agreement aids this process, although Mexico still lacks the trained workforce and large-scale infrastructure found in Taiwan and mainland China.?
(WSJ)
DoD establishes new cyber policy position
Over the weekend, the US Department of Defense added the Assistant Secretary of Defense for Cyber Policy. This senior level position will supervise policy formulation and implementation. The role will also serve as the Principal Cyber Advisor to the Secretary of Defense. DoD named Senior Executive Service member Ashley Manning to perform the duties of the new role, while President Biden’s nominee awaits confirmation in the Senate. The President nominated Michael Sulmeyer, current Principal Cyber Advisor to the Secretary of the Army, for the role.?
(DoD)