2024
Voice-enabled AI agents can automate everything, even your phone scams
All for the low, low price of a mere dollar Scammers, rejoice. OpenAI's real-time voice API can be used to build AI agents capable of conducting successful phone call scams for less than a dollar.…
China’s top messaging app WeChat banned from Hong Kong government computers
Google and WhatsApp also binned, which is far easier to explain than canning a local hero Hong Kong’s government has updated infosec guidelines to restrict the use of Chinese messaging app WeChat, alongside Meta and Google products like WhatsApp and Google Drive, on computers it operates.…
Anthropic’s latest Claude model can interact with computers – what could go wrong?
For starters, it could launch a prompt injection attack on itself... The latest version of AI startup Anthropic's Claude 3.5 Sonnet model can use computers – and the developer makes it sound like that's a good thing.…
Millions of Android and iOS users at risk from hardcoded creds in popular apps
Azure Blob Storage, AWS, and Twilio keys all up for grabs An analysis of widely used mobile apps offered on Google Play and the Apple App Store has found hardcoded and unencrypted cloud service credentials, exposing millions of users to major security problems.…
US lawmakers push DoJ to prosecute tax prep firms for leaking taxpayer data to big tech
TaxSlayer, H&R Block, TaxAct, and Ramsey Solutions accused of sharing info with Meta and Google A quartet of lawmakers have penned a letter to the Department of Justice asking it to prosecute tax preparation companies for sharing customer data, including tax return information, with Meta and Google.…
TSMC blows whistle on potential sanctions-busting shenanigans from Huawei
Chip giant tells Uncle Sam someone could be making orders on the sly TSMC has reportedly tipped off US officials to a potential attempt by Huawei to circumvent export controls and obtain AI chips manufactured by the Taiwanese company.…
VMware fixes critical RCE, make-me-root bugs in vCenter – for the second time
If the first patches don't work, try, try again VMware has pushed a second patch for a critical, heap-overflow bug in the vCenter Server that could allow a remote attacker to fully compromise vulnerable systems after the first software update, issued last month, didn't work.…
Tech firms to pay millions in SEC penalties for misleading SolarWinds disclosures
Unisys, Avaya, Check Point, and Mimecast settled with the agency without admitting or denying wrongdoing Four high-profile tech companies reached an agreement with the Securities and Exchange Commission to pay millions of dollars in penalties for misleading investors about their exposure to the 2020 SolarWinds hack.…
Akira ransomware is encrypting victims again following pure extortion fling
Crooks revert to old ways for greater efficiency Experts believe the Akira ransomware operation is up to its old tricks again, encrypting victims' files after a break from the typical double extortion tactics.…
Pixel perfect Ghostpulse malware loader hides inside PNG image files
Miscreants combine it with an equally tricky piece of social engineering The Ghostpulse malware strain now retrieves its main payload via a PNG image file's pixels. This development, security experts say, is "one of the most significant changes" made by the crooks behind it since launching in 2023.…