October 2024

Worker surveillance must comply with credit reporting rules

US Consumer Financial Protection Bureau demands transparency, accountability from sellers of employee metrics The US Consumer Financial Protection Bureau on Thursday published guidance advising businesses that third-party reports about workers must comply with the consent and transparency requirements set forth in the Fair Credit Reporting Act.…

Just how private is Apple’s Private Cloud Compute? You can test it to find out

Also updates bug bounty program with $1M payout In June, Apple used its Worldwide Developer Conference to announce the creation of the Private Cloud Compute platform to run its AI Intelligence applications, and now it's asking people to stress test the system for security holes.…

Putin’s pro-Trump trolls accuse Harris of poaching rhinos

Plus: Iran's IRGC probes election-related websites in swing states Russian, Iranian, and Chinese trolls are all ramping up their US election disinformation efforts ahead of November 5, but – aside from undermining faith in the democratic process and confidence in the election result – with very different objectives, according…

AWS Cloud Development Kit flaw exposed accounts to full takeover

Remember Bucket Monopoly? Yeah, it gets worse Amazon Web Services has fixed a flaw in its open source Cloud Development Kit that, under the right conditions, could allow an attacker to hijack a user's account completely.…

Emergency patch: Cisco fixes bug under exploit in brute-force attacks

Who doesn't love abusing buggy appliances, really? Cisco has patched an already exploited security hole in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software that miscreants have been brute-forcing in attempted denial of service attacks.…

Bitwarden’s FOSS halo slips as new SDK requirement locks down freedoms

Arguments continue but change suggests it's not Free Software anymore The Bitwarden online credentials storage service is changing its build requirements – which some commentators feel mean it's no longer FOSS.…

Ransomware’s ripple effect felt across ERs as patient care suffers

389 US healthcare orgs infected this year alone Ransomware infected 389 US healthcare organizations this fiscal year, putting patients' lives at risk and costing facilities up to $900,000 a day in downtime alone, according to Microsoft.…

Voice-enabled AI agents can automate everything, even your phone scams

All for the low, low price of a mere dollar Scammers, rejoice. OpenAI's real-time voice API can be used to build AI agents capable of conducting successful phone call scams for less than a dollar.…

China’s top messaging app WeChat banned from Hong Kong government computers

Google and WhatsApp also binned, which is far easier to explain than canning a local hero Hong Kong’s government has updated infosec guidelines to restrict the use of Chinese messaging app WeChat, alongside Meta and Google products like WhatsApp and Google Drive, on computers it operates.…

Anthropic’s latest Claude model can interact with computers – what could go wrong?

For starters, it could launch a prompt injection attack on itself... The latest version of AI startup Anthropic's Claude 3.5 Sonnet model can use computers – and the developer makes it sound like that's a good thing.…

Copyright © 2024 Lugapel