Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.
While end-to-end encryption can keep an account’s data private and hidden even from a service provider, the name of who paid for the account and other metadata is harder to hide.
LeakBase had more than 142,000 members and a database containing “hundreds of millions” of stolen account credentials, according to the DOJ. US law enforcement worked with Europol to seize LeakBase’s data and take over two of its domains.
Home security company ADT has acquired Origin Wireless, which can use Wi-Fi signals to detect where people and objects are. An appropriately named commenter recognizes there might be some cause for concern.
PerpetuallySkeptical:
I’m sure that paying a company to see exactly where I am in my house at all times won’t be used against me in the future.
Get the day’s best comment and more in my free newsletter, The Verge Daily.
Lockdown Mode is “not necessary” for most people and “tightly constrains how ChatGPT can interact with external systems to reduce the risk of prompt injection–based data exfiltration,” according to OpenAI.
Yes, Wyze has had its own issues, but this video is pretty funny.
Researchers raised alarms when over 400 malicious skills were uploaded to ClawHub and GitHub in just one week. That prompted an outcry, so OpenClaw partnered with VirusTotal to scan third-party skills. The company acknowledges it’s not a “silver bullet,” but it should provide at least some reassurance to concerned users.
404 Media reports that security researcher Jamieson O’Reilly found a vulnerability that allows humans to control OpenClaw’s AI agents on Moltbook — the network that recently went viral for hosting “discussions” between supposed AI bots.
Wiz dug into the misconfiguration as well, uncovering 1.5 million exposed API keys and 35,000 email addresses. Moltbook has since secured the database.
Two days after Nick Benson asked for donated dashcams in order to document the behavior of federal immigration agents flooding his city, Renee Nicole Good was shot and killed by federal agent Jonathan Ross.
”It was immediately clear that ICE was lying about it,” Benson told 404 Media. Donations have jumped since then, and Benson distributes the cameras to local community organizers and whoever wants them.
The company says an “unauthorized individual gained access to certain Betterment systems through social engineering” to send the message on Friday. Betterment believes the individual accessed information like “certain names, email addresses, physical addresses, phone numbers, and birthdates,” though so far, its investigation has shown that no passwords were compromised.
[Betterment]
Seems a lot of people got password reset requests from Instagram over the last few days, including several Verge staffers and members of their family. The email might look legit. It might even have that little blue checkmark in Gmail. But, it probably came from a scammer. Honestly, it’s best practice to never click links in emails anyway.
In June, Aflac disclosed a data breach involving a “sophisticated cybercrime group” that stole names, social security numbers, contact information, health data, and more from its systems. The insurance provider has now revealed just how many people are affected, adding that it is currently “not aware of any fraudulent use of personal information.”
[SecurityWeek]
On Thursday, Trust Wallet announced a “security incident” affecting version 2.68 of its Chrome extension. Binance founder Changpeng Zhao confirmed that Trust Wallet “will cover” the losses and that the team is investigating the hack.
