1 – Breaking News & Latest Updates 2026
Skip to main content
The homepageThe VergeThe Verge logo.
The homepageThe VergeThe Verge logo.

Cyber Security Archive

Archives for March 2024

Wes Davis
Wes Davis
An “urgent” Linux backdoor was discovered entirely by accident this week.

Red Hat urgently warned this week that recent beta versions of Fedora operating systems contained malicious code for backdoor access. Debian issued a similar warning.

A blog post from security firm Deepfactor points out that Microsoft developer Andres Freund notified the Linux security Openwall Project after stumbling on the exploit. On Mastodon, Freund said discovering it “really required a lot of coincidences,” starting with him probing curiously high CPU usage by an SSH process.

Update March 7th, 11PM ET: We have more details on the XZ Utils backdoor attempt right here.

A screenshot of Andres Freund’s post detailing what led him to investigate.
Thank goodness for Freund’s memory.
Screenshot: Wes Davis / The Verge
Wes Davis
Wes Davis
The US House banned staffers from using Microsoft Copilot.

The House is removing and blocking Copilot from “all House Windows Devices” after the Office of Cybersecurity determined that it risked “leaking House data to non-House approved cloud services,” reported Axios.

The House cited similar concerns when it restricted the use of ChatGPT in congressional offices last year and declared that no non-ChatGPT chatbots were authorized yet. A Microsoft spokesperson told Axios that meeting “federal government security and compliance requirements” with AI tools like Copilot is on its roadmap for “later this year.”

Scoop: Congress bans staff use of Microsoft's AI Copilot

[Axios]

AT&T confirms data breach and resets millions of customer passcodesAT&T confirms data breach and resets millions of customer passcodes
Emma Roth
Emma Roth
“The house always wins.”

This WSJ report details the chaos that went on behind the scenes when hackers broke into MGM’s network using social engineering techniques, bringing down its systems for days.

As executives scrambled to lock out the hackers, MGM decided to rebuild its entire system rather than pay the over $30 million ransom requested by hackers:

The company’s task had become more daunting. Instead of simply cleaning up infected parts of the computer systems, now they’d have to rebuild the thousands of servers the company used from scratch, installing clean versions of the operating system and other software. The cost would far exceed the ransom request. MGM decided to do it anyway.

The Audacious MGM Hack That Brought Chaos to Las Vegas

[WSJ]

Microsoft’s new safety system can catch hallucinations in its customers’ AI appsMicrosoft’s new safety system can catch hallucinations in its customers’ AI apps
Emma Roth
Emma Roth
Court documents reveal how Facebook’s Onavo VPN tracked Snapchat data for “Project Ghostbusters.”

Facebook’s “In App Panel” program ran from 2016 to 2019 using Onavo’s technology as a man-in-the-middle attack to decrypt secured Snapchat traffic. Court documents unsealed as part of an ongoing class-action antitrust lawsuit show how the program came together.

A June 2016 email included in the documents from Mark Zuckerberg says:

Whenever someone asks a question about Snapchat, the answer is usually that because their traffic is encrypted we have no analytics about them. . . .

Given how quickly they’re growing, it seems important to figure out a new way to get reliable analytics about them. Perhaps we need to do panels or write custom software. You should figure out how to do this.

Facebook snooped on users' Snapchat traffic in secret project, documents reveal | TechCrunch

[TechCrunch]

Emma Roth
Emma Roth
Amazon’s data shows the massive scale of its counterfeit problem.

The ecommerce giant’s latest brand protection report reveals that it identified, seized, and disposed of over 7 million counterfeit products on its marketplace in 2023. It says it also worked with Chinese authorities to carry out more than 50 “successful raid actions,” which led to the identification and questioning of over 100 counterfeit manufacturers, suppliers, and distributors.

Amazon’s latest Brand Protection Report: How we’re cracking down on counterfeit products

[www.aboutamazon.com]

Amrita Khalid
Amrita Khalid
Apple’s latest macOS Sonoma‌ update comes with an explanation for recent security fixes.

The macOS Sonoma‌‌‌ 14.4‌.1 / Ventura 13.6.6 update released today fixes bugs affecting Java apps and Audio Unit plug-ins for professional music apps. It also fixes a problem where USB hubs connected to external displays weren’t recognized.

It also fixes the same security flaw that was addressed in updates to iOS, iPadOS, and visionOS last week. Image bugs identified by Google Project Zero could have led to code execution, so you should probably update ASAP.

Apple Releases macOS Sonoma 14.4.1 With Fix for USB Hub Bug

[MacRumors]

Lauren Feiner
Lauren Feiner
Hackers for the Chinese government targeted email accounts of political dissidents and US officials.

In an indictment unsealed on Monday, the US government said that seven Chinese nationals were charged with conspiracy to committee computer intrusions and conspiracy to commit wire fraud.

Law enforcement said the hackers were part of a China-based group that targeted “thousands of U.S. and foreign individuals and companies” over 14 years.

U.S. Attorney’s Office, Eastern District of New York

[www.justice.gov]

Mozilla just ditched its privacy partner because its CEO is tied to data brokersMozilla just ditched its privacy partner because its CEO is tied to data brokers
Sean Hollister
Sean Hollister
Three years later, AT&T still won’t say how 70 million customers’ data got leaked.

TechCrunch’s Zack Whittaker has been pushing the company for answers, now that the massive cache of customer data is circulating once again. But although a known hacker claimed responsibility in 2021, AT&T still claims its systems weren’t breached at all — and yet it wouldn’t give Whittaker any other explanation for where the data came from.

AT&T won't say how its customers' data spilled online | TechCrunch

[TechCrunch]

Emma Roth
Emma Roth
Proton’s password manager now supports passkeys.

After rolling out its end-to-end encrypted password manager last year, Proton has announced that it will now let you manage passkeys across mobile and desktop devices, allowing you to log into sites without a password.

Image: Proton
Surveillance has a body countSurveillance has a body count
Gaby Del Valle
Cyberattacks are targeting US water systems, warns EPA and White HouseCyberattacks are targeting US water systems, warns EPA and White House
Apex Legends devs confirm esports hacking incident, respond with ‘layered’ updatesApex Legends devs confirm esports hacking incident, respond with ‘layered’ updates

Most Popular

Most Popular
  1. Trump fires the entire National Science Board
  2. Alex Jones has uncovered another massive conspiracy
  3. 360-degree cameras have a new superpower
  4. The US gets the worst phones
  5. THE PEOPLE DO NOT YEARN FOR AUTOMATION
    Video