Étiquette : vulnerability (Page 1 of 38)

23andMe Just Filed for Bankruptcy. You Should Delete Your Data Now

27 mars 2025 /

A 23andMe saliva collection kit box.

“Users of the 23andMe test send the company samples of their saliva to learn about their ancestry and possible health risks. Wojcicki said that 85% of the company’s customers also consent to their genetic data being used to research diseases. Unlike with other forms of medical data, few guardrails protect genetic data stored by companies like 23andMe. According to Wirecutter’s guide to home DNA kits, “the vast majority of these companies are not subject to the HIPAA laws governing the privacy of your health and medical records.””

Source : 23andMe Just Filed for Bankruptcy. You Should Delete Your Data Now. | Reviews by Wirecutter

WhatsApp says journalists and civil society members were targets of Israeli spyware

4 février 2025 /

https://i.guim.co.uk/img/media/b2cb95484d41a4fce89684cfe98bcac63fba1476/0_0_2252_1501/master/2252.jpg?width=1900&dpr=2&s=none&crop=none

“Nearly 100 journalists and other members of civil society using WhatsApp, the popular messaging app owned by Meta, were targeted by spyware owned by Paragon Solutions, an Israeli maker of hacking software, the company alleged on Friday.The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised”.It is not clear who was behind the attack. Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks.Experts said the targeting was a “zero-click” attack, which means targets would not have had to click on any malicious links to be infected.”

Source : WhatsApp says journalists and civil society members were targets of Israeli spyware | WhatsApp | The Guardian

Lawsuit accuses Amazon of secretly tracking consumers through cellphones

31 janvier 2025 /

Illustration shows Amazon logo

“According to a proposed class action in San Francisco federal court, Amazon obtained « backdoor access » to consumers’ phones by providing tens of thousands of app developers with code known as Amazon Ads SDK to be embedded in their apps. This allegedly enabled Amazon to collect an enormous amount of timestamped geolocation data about where consumers live, work, shop and visit, revealing sensitive information such as religious affiliations, sexual orientations and health concerns. « Amazon has effectively fingerprinted consumers and has correlated a vast amount of personal information about them entirely without consumers’ knowledge and consent, » the complaint said.”

Source : Lawsuit accuses Amazon of secretly tracking consumers through cellphones | Reuters

Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History

31 janvier 2025 /

“As DeepSeek made waves in the AI space, the Wiz Research team set out to assess its external security posture and identify any potential vulnerabilities. Within minutes, we found a publicly accessible ClickHouse database linked to DeepSeek, completely open and unauthenticated, exposing sensitive data. It was hosted at oauth2callback.deepseek.com:9000 and dev.deepseek.com:9000. This database contained a significant volume of chat history, backend data and sensitive information, including log streams, API Secrets, and operational details. ”

Source : Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History | Wiz Blog

Subaru Security Flaws Exposed Its System for Tracking Millions of Cars

24 janvier 2025 /

Location Point Neighborhood Chart and Plot

“Most disturbing for Curry, though, was that they found they could also track the Subaru’s location—not merely where it was at the moment but also where it had been for the entire year that his mother had owned it. The map of the car’s whereabouts was so accurate and detailed, Curry says, that he was able to see her doctor visits, the homes of the friends she visited, even which exact parking space his mother parked in every time she went to church.”

Source : Subaru Security Flaws Exposed Its System for Tracking Millions of Cars | WIRED

Cybercriminalité: «Léa Rossier» a berné plus de 13 000 fonctionnaires vaudois

14 janvier 2025 /

https://no-flux.beaude.net/wp-content/uploads/2025/01/5VWrke-6arc8aF52oOkxyu.jpg

“Une certaine «Léa Rossier» a envoyé un courriel aux quelque 47’000 collaborateurs de l’État de Vaud durant la première semaine de novembre. Mais Léa n’existe pas. Il s’agit d’un «faux mail malveillant» diffusé dans le cadre de la sixième campagne de sensibilisation aux dangers de l’hameçonnage par messagerie. La première à une échelle aussi large à l’État. Résultat: c’est un échec. Comme le relate la Gazette de l’État de Vaud dans un article de décembre, plus d’un quart des destinataires (29%), soit 13’661 employés de l’État, se sont fait avoir par ce mail envoyé par «lea.rossier@adminaccounts.ch» et ont cliqué sur la pièce jointe «Plan_amelioration_processus_Urgent». En outre, 5182 (11%) d’entre eux ont même saisi un identifiant et un mot de passe.”

Source : Cybercriminalité: «Léa Rossier» a berné plus de 13 000 fonctionnaires vaudois | 24 heures

Lawsuit: A chatbot hinted a kid should kill his parents over screen time limits

13 décembre 2024 /

Two examples of interactions users have had with chatbots from the company Character.AI.

“ »It is simply a terrible harm these defendants and others like them are causing and concealing as a matter of product design, distribution and programming, » the lawsuit states.The suit argues that the concerning interactions experienced by the plaintiffs’ children were not « hallucinations, » a term researchers use to refer to an AI chatbot’s tendency to make things up. « This was ongoing manipulation and abuse, active isolation and encouragement designed to and that did incite anger and violence. »According to the suit, the 17-year-old engaged in self-harm after being encouraged to do so by the bot, which the suit says « convinced him that his family did not love him. »”

Source : Lawsuit: A chatbot hinted a kid should kill his parents over screen time limits : NPR

Cybercriminalité : 1 000 suspects arrêtés dans 19 pays africains via Interpol et Afripol

4 décembre 2024 /

“Les autorités de 19 pays africains ont arrêté 1 006 suspects et démantelé 134 089 infrastructures et réseaux malveillants grâce à une opération conjointe d’INTERPOL et d’AFRIPOL contre la cybercriminalité. L’Opération Serengeti, qui s’est étalée du 2 septembre au 31 octobre, a ciblé des délinquants recourant à des ransomwares, compromissions de courriers électroniques professionnels (BEC), extorsions numériques et escroqueries en ligne par marketing multi-niveaux ou à la carte de crédit, « à l’échelle industrielle », souligne Valdecy Urquiza, Secrétaire Général d’INTERPOL. Huit personnes, dont cinq ressortissants chinois, ont été arrêtées au Sénégal pour une escroquerie de type pyramide de Ponzi en ligne d’une valeur de 6 millions dollars ayant fait 1 811 victimes. Les autorités nigérianes ont de leur côté arrêté un homme accusé d’avoir organisé des escroqueries à l’investissement en ligne par le biais de plateformes de messagerie avec de fausses promesses de rendements en crypto-monnaies.”

Source : Cybercriminalité : 1 000 suspects arrêtés dans 19 pays africains via Interpol et Afripol – Next

Sécurité : Microsoft parle désormais de « cybertempête » et confirme la course à l’IA

18 octobre 2024 /

“La défense améliorée par l’IA peut se faire sur deux axes. La première, évidente, est l’enrichissement des méthodes existantes pour les enrichir, de la détection des anomalies au triage et à la réponse. La seconde est l’arrivée de « méthodes entièrement nouvelles ». Microsoft donne l’exemple de systèmes persistants capables de surveiller en permanence les vulnérabilités et de réagir rapidement en cas de violation.”

Source : Sécurité : Microsoft parle désormais de « cybertempête » et confirme la course à l’IA – Next

WA man jailed for sextortion of 286 victims | Australian Federal Police

9 septembre 2024 /

“A Perth man who coerced 286 victims – including 180 children – from 20 different countries into performing sexually explicit acts on camera or video, has been sentenced to 17 years’ imprisonment.The man, 29, who posed as a teenage social media celebrity to prey on the children and young adults online, was sentenced by the Perth District Court today (27 August, 2024), after pleading guilty in December 2023 to 119 charges that covered more than 550 incidents across 11 months.When determining the sentence, the Judge also took into account another three charges capturing 108 incidences of behaviour.”

Source : WA man jailed for sextortion of 286 victims | Australian Federal Police

« Older posts

Archives

Catégories

© 2025 no-Flux

Theme by Anders NorenUp ↑