Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.
This recent video from YouTuber Chuppl highlights a 2023 pre-print estimating people have wasted as many as 819 million hours solving reCAPTCHA since Google acquired it in 2009, as spotted earlier by Boing Boing. Dr. Andrew Searles, the researcher who submitted the study, told Chuppl that Google collects a trove of data through reCAPTCHA, including keystrokes, clicks, IP addresses, and more.
Please don’t buy used phones with TikTok installed. I know it’s hard to pass the time without the FYP, but it’s a massive security and privacy risk. Just scroll on your browser instead.
It’s not clear whether any of the examples in this New York Times story have actually sold, but eBay is full of listings that apparently have been purchased.
[The New York Times]
TechCrunch says that the US edtech giant declined to answer outstanding questions about the hack it reported this month, and several schools that were impacted have yet to receive an incident report.
Both the scale of the breach and who was behind it are still unknown. PowerSchool did notify customers that “sensitive personal information” on students and teachers was stolen, however.
Bleeping Computer points out why so many of those phishing texts about packages or unpaid tolls urge you to reply with something like a “Y” these days.
It’s because when the iOS Messages app’s “Filter Unknown Senders” option is on, links from those senders are disabled by default. Replying activates the link so you can tap it, which savvy Verge readers know you should never, ever do.
[BleepingComputer]
Android Authority has found code that enables the Messaging Layer Security (MLS) end-to-end encryption protocol for one-on-one chats in Google’s chat app. Google announced support for the standard way back in 2023, which should improve on its existing RCS encryption — especially for group chats — through interoperability between apps and operating systems. That’ll matter more when more companies (take the hint, Apple) get on board.
404 Media has a good story about the reported hack of Gravy Analytics, and let’s just say the situation doesn’t seem great:
The hackers said they have stolen a massive amount of data, including customer lists, information on the broader industry, and even location data harvested from smartphones which show peoples’ precise movements, and they are threatening to publish the data publicly.
Business Insider is highlighting the curious case of Corellium cybersecurity executive Chris Wade, who got a “full and unconditional pardon” from Trump for crimes the world had never heard about.
Wade was reportedly caught conducting stock market pump-and-dump schemes by sending spam emails from hacked computers. But why did the government keep it a secret, and why did Trump pardon him?
Bloomberg quotes White House official Anne Neuberger saying, “...we still see companies not doing the basics” in a briefing about its investigation into the telecom breaches attributed to Chinese espionage that have led to officials recommending using secure messaging.
AP:
Officials believe the goal of the hackers was to identify who owned the phones and, if they were “government targets of interest,” spy on their texts and phone calls, she said.
The FBI said most of the people targeted by the hackers are “primarily involved in government or political activity.
Classified documents about the Eurofighter Typhoon’s radar systems have appeared on the War Thunder military hardware simulator’s gaming forum — mirroring a similar leak last December related to the M2A2 Bradley Fighting Vehicle.
The materials have since been removed, with a forum community manager posting the following warning:
“I will take this opportunity to again remind everyone here, please do not, under any circumstances try to post, use or share any sources unless you are 100% certain they are legally declassified and publicly safe for use.”
[UK Defence Journal]
