It may be a new year, though hack, ScamsAnd Dangerous people Online lurkers haven’t gone anywhere.
A day before the ball drops, The United States Treasury Department said it was hacked. Officials believe the attackers are an as-yet-unidentified Advanced Persistent Threat group linked to the Chinese government that exploited flaws in remote tech support software made by BeyondTrust in what the Treasury Department described as a “major” breach. The company told Treasury on December 8 that the attackers stole an authentication key, which eventually allowed them to access the department’s computers. While Treasury says the attackers were only able to steal “a few unclassified documents,” new details are already starting to emerge, which we’ll get to more about below.
Next The assassination of UnitedHealthcare CEO Brian Thompson last monthGun silencers were mostly something you encountered in Hollywood movies—or in Facebook and Instagram ads, if you looked closely. Wired found that someone has escaped Thousands of ads for “fuel filters” that are actually meant to be used as gun silencerswhich are heavily regulated by US law. Meta, which owns Facebook and Instagram, has since removed many of the ads, but new ones keep coming. So if you see one, keep scrolling — owning an unregistered silencer can result in felony charges.
When an Amber Alert push notification hits your phone, getting all the information you need to help find a kidnapped child can literally be a matter of life and death. That’s a lesson the California Highway Patrol learned this week Sent an Amber Alert that was associated with a post on X, which people can’t access unless they’re signed in.. While the CHP says it has linked to posts on the social network since 2018 without issue until this week, a spokesperson told Wired they are now “looking into it”.
If you’ve included better privacy and security practices in your list of 2025 goals, An easy place to start is your old chat history. You’d be surprised how much sensitive information is out there, maybe forgotten but definitely not gone.
This is not all. Each week, we round up security and privacy news that we don’t cover in depth ourselves. Click on the headlines to read the full news. And stay safe out there.
Apple this week agreed to pay $95 million to settle a class action over alleged eavesdropping of its Siri voice assistant. trial, Lopez et al v. Apple Inc.Apple has been accused of recording people’s conversations without their knowledge and sharing that data with third parties to serve ads. The issue arose out of Siri’s voice-activation function—”Hey, Siri”—that two plaintiffs say secretly captured conversations that resulted in ads for Nike shoes and Olive Garden. A plaintiff claimed to have been served an advertisement for a medical treatment after speaking with his doctor. Those who qualify as part of a class covered by the settlement, which must be approved by a federal judge in California, could receive up to $20 per device for up to five devices. As Reuters points out, the settlement amounts to about nine hours of profits for Apple, which made about $94 billion last fiscal year. The Company will not accept any errors as part of the agreement.
Newly unsealed court documents reveal that the FBI allegedly discovered “the largest seizure of homemade explosives in FBI history” during an illegal firearms search. According to court records, the explosives arsenal was found at Brad Spafford’s Virginia home, where investigators reportedly found more than 150 pipe bombs and other explosive devices. Prosecutors say the FBI found a backpack containing pipe bombs and emblazoned with a grenade-shaped patch with the hashtag #NoLivesMatter — a possible reference to far-right extremism. “accelerator” group, The New York Times reports. While prosecutors claim that Spafford – who allegedly used a photo of US President Joe Biden for target practice – aimed to “bring back political murders”, his attorney argued that he was a harmful “family member”. man” who should be released.
Following revelations earlier this week that Chinese state-backed hackers breached the U.S. Treasury in early December, the Washington Post reported Wednesday that the hackers specifically targeted the Office of Foreign Assets Control. The attackers were seeking information about the office’s possible plans to approve Chinese entities. Additionally, Bloomberg Reported On Thursday, the attackers targeted the computers of senior Treasury officials, where they were able to access unclassified material. So far, investigators have identified about 100 computers allegedly compromised by the hackers. Sources told Bloomberg, however, that the attack was a crime of opportunity rather than a covert, long-term planned operation, like China’s recent intrusions into US telecom companies.
As China’s Treasury hack comes into focus, the impact of its infiltration of American telecommunications firms is still widening. Two days after Christmas, Anne Neuberger, the White House deputy national security adviser for cyber and emerging technologies, held a briefing with reporters in which she increased the number of telecoms breached by Chinese hackers known as Salt Typhoon from eight to nine. and suggested that at least some of the blame for these breaches lies with the companies’ own inadequate security. “The reality is, what we’re seeing in terms of the level of cyber security implemented in the telecom sector, those networks are not as defensible as they need to be to defend against a well-resourced, capable offensive cyber actor like China. is,” Neuberger said. He added that the hackers targeted the communication histories of fewer than 100 people—mostly in Washington, D.C., including reportedly President-elect Donald Trump and Vice President-elect J.D. Vance. Neuberger said the spying incident prompted calls for new Federal Communications Commission cybersecurity rules that she says would have limited the scope of the breaches if they had been enacted.
Cars collect and transmit as much sensitive location data as any modern digital device, and the privacy pitfalls of all that tracking are becoming increasingly apparent. Case in point: A whistleblower alerted Germany’s Chaos Computer Club and the country’s Der Spiegel news outlet that a Volkswagen subsidiary, Carriad, had accessed one of the location data of 800,000 electric vehicles. The collection has been disclosed online. The leak involved not only cars sold by Volkswagen, but also other brands including Seats, Audi and Skoda. For Audi and Skoda, that location data was only accurate to within six miles, but Volkswagen and Seats cars could be located to within about four inches. The exposed data has since been secured, but the incident nonetheless shows how far automakers still have to go to rein in their data collection.
