Sex, drugs, and … Eventbrite? A Wired investigation published this week uncovered a network of spammers and scammers who were promoting the illegal sale of controlled substances such as Xanax and oxycodone, personal information on escort services, social media accounts, and event management platforms. Increase. Making matters worse, Eventbrite's recommendation algorithm boosted posts for addiction recovery events as well as opioids. The good news is that the company appears to have removed more than 7,400 illegal posts that Wired exposed.
If you drive a Tesla Model 3, make sure you enable your PIN-to-drive feature or your car could easily be stolen in seconds. While the company has added new ultra-wideband radio tech to its keyless system, which can prevent “relay attacks,” researchers at Beijing-based security firm GoGoByte found that the Model 3s (as well as other vehicle bays names and models) still exist. Vulnerable relay attacks use cheap radios to transmit a signal from someone's key fob or phone app that can then be used to unlock and start the victim's vehicle. Tesla says the adoption of ultra-wideband radio wasn't intended to prevent relay attacks (although it technically could be), but it's possible the automaker could add to this protection in the future.
Police arresting people for running illegal online marketplaces is a story almost as old as the dark web itself. But this week's release offered a new twist. The FBI recently arrested Lin Rui-siang, 23, for running Incognito Market, which authorities claim facilitated $100 million in drug sales on the dark web. U.S. prosecutors allege that Lin then extorted Incognito users by threatening to expose them unless they paid up. Interestingly, Lin's professional experience also includes teaching police how to catch cybercriminals by tracking cryptocurrency on blockchains. If the US Department of Justice is correct about his alleged involvement in the incognito market, that would make him one of the most unusual cybercriminals we've ever encountered.
Of course, leaks don't get people on the wrong side of the law. A vulnerable database recently exposed the biometric data of police officers in India, including facial scans, fingerprints and more. This incident first demonstrates the dangers of collecting sensitive biometrics.
Finally, the story of WikiLeaks founder Julian Assange moved forward again this week, with a British court ruling that he can appeal his extradition to the US, where he faces charges of WikiLeaks' publication of classified US military information. is facing 18 charges under the Espionage Act. The judges said Assange could appeal US prosecutors' assurances about how he would be tried and on First Amendment grounds. The appeals process will inevitably push back any final decision on his possible extradition by months.
But that's not all. Each week, we round up security and privacy news that we haven't covered ourselves. Click on the headlines to read the full news. And be safe from there.
Following tech companies' tendency to throw privacy and caution to the wind in the AI race, Microsoft this week unveiled plans to launch a tool called Recall on its upcoming Copilot+ PCs that will track users every few seconds. Takes screenshots of computers. Microsoft says the goal of the tool is to give people the ability to “find content you've watched on your device.” The company also claims that it has a number of safeguards in place and says that photos are only stored locally on an encrypted drive, but the response has been entirely negative, some watch. Dawgs reportedly called it a potential “privacy nightmare.” The company notes that an intruder would need a password and physical access to the device to view any screenshots, which should rule out the possibility that anyone with legal concerns could take over the system. . Ironically, Recall's description is reminiscent of computer monitoring software that the FBI has used in the past. Microsoft even admits that the system takes no steps to correct passwords or financial information.
Federal authorities are allegedly working quietly to establish links between anti-war protesters on American campuses and any foreign groups or individuals living abroad, according to journalist Ken Klippenstein, formerly of The Intercept, whose It is said that the National Counter-Terrorism Center is at the center of this effort. Evidence of foreign ties will provide more ammunition to politicians, university officials and police, who have widely claimed that “outside agitators” are responsible for the protests — a charge that protesters in the U.S. have denied. But is routinely applied, often implying that the protestors are self-deluded. Incidentally, authorities can also overcome constitutional barriers to surveillance by establishing a foreign target for spying. A person who is not protected by the Fourth Amendment. Republicans in Congress—Representatives Mark Green and August Plougher—have, meanwhile, asked the FBI and the Department of Homeland Security to provide congressional committees with records about government surveillance of protesters, including “on They include any infiltration attempts using the line undercover employees or undercover. Human resources.”
The FBI has arrested a 42-year-old Wisconsin man for using Stable Diffusion, a text-to-image generative AI software that produces child sexual exploitation material. The man was allegedly caught with “thousands of realistic images” of children, some of which showed them nude or partially dressed as men. Court records show that the evidence includes more than 13,000 gen-AI images, as well as the gestures it used to create the images. “The use of AI to create sexually explicit images of children is illegal, and the Department of Justice will not hesitate to hold accountable those who possess, create, or create AI-generated child sexual exploitation material. have or distribute,” Nicole Argentieri, head of the Justice Department's Criminal Division. , says in a statement. The arrest is part of Project Safe Childhood, a collaboration between the government and corporations to target alleged online criminals.
Security researchers revealed to TechCrunch this week that they discovered consumer-grade spyware, often known as “stalkerware,” on computers at “at least three” Wyndham hotels in the U.S. shows the personal details of passengers. The stalkerware, called pcTattletale, can be installed on Android and Windows devices, giving whoever controls the hidden app the ability to access data on the targeted machine and monitor user activity. . According to the researchers, pcTattletale's presence was discovered thanks to a security flaw in the spyware that exposed screenshots of infected machines to the open Internet. Although the researchers found pcTattletale on Wyndham computers, the hotel company says it has franchises all over the place, suggesting the spyware infection may have been limited to a few locations.