Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
It may be a new year, but Hacks, scamAnd dangerous people Hiding online hasn’t gone anywhere.
Just one day before the ball drops, The US Treasury Department said it had been hacked. Officials believe the attackers are an as-yet-unknown advanced persistent threat group linked to the Chinese government that exploited flaws in remote tech support software developed by Beyond Trust in what the Treasury Department described as a “major” breach. The company told Treasury on Dec. 8 that attackers stole an authentication key, which ultimately allowed them to access the department’s computers. While the Treasury said the attackers were only able to steal “some unclassified documents,” new details are already starting to emerge, which we’ll get to more about below.
before UnitedHealthcare CEO Brian Thompson was killed last monthGun silencers are one thing that most people come across if you look closely, in Hollywood films or in Facebook and Instagram ads. Wired found that someone ran Thousands of ads for “fuel filters” that are actually meant to be used as gun silencerswhich is heavily regulated by US law. Meta, which owns Facebook and Instagram, has since removed many of the ads, but new ones keep popping up. So if you see one, keep scrolling – owning an unregistered silencer can lead to criminal charges.
When an Amber Alert push notification pops up on your phone, getting all the information you need to help find a kidnapped child can literally be a matter of life and death. That’s a lesson the California Highway Patrol learned this week when it Sent an Amber Alert that linked to a post on X, which people couldn’t access unless they signed in.. While the CHP said it had linked to posts on the social network from 2018 until this week without issue, a spokesperson told WIRED that they are now “looking into it.”
If you’ve added better privacy and security practices to your list of 2025 goals, An easy place to start is your old chat history. You might be surprised how much sensitive information is out there, perhaps forgotten but clearly not gone.
Not all of that. Each week, we round up security and privacy news that we haven’t covered in depth Click on the title to read the full story. And stay safe out there.
Apple this week agreed to pay $95 million to settle a class action over alleged hacking of its Siri voice assistant. case, Lopez et al v. Apple Inc.Apple has been accused of recording people’s conversations without their knowledge and sharing that data with third parties to serve ads. The issue stems from Siri’s voice-activation function—”Hey, Siri”—that the two plaintiffs say secretly captured conversations that led to ads for Nike shoes and Olive Garden. A plaintiff claims to have been served an advertisement for a treatment after a conversation with his doctor. Individuals who qualify as part of the class covered by the settlement, which must be approved by a federal judge in California, can receive up to $20 per device for up to five devices. The settlement amounts to about nine hours of profit for Apple, which made about $94 billion last fiscal year, Reuters noted. As part of the contract, the company will not admit any mistakes.
Newly unsealed court documents reveal that the FBI “discovered the largest homemade explosive seizure in FBI history” during a search for a single illegal firearm. According to court records, the explosives arsenal was found at Brad Spafford’s Virginia home, where investigators allegedly found more than 150 pipe bombs and other explosive devices. Prosecutors said the FBI found a backpack containing a pipe bomb and emblazoned with a grenade-shaped patch with the hashtag #NoLivesMatter—a possible reference to far-right extremism. “Accelerator” team, The New York Times reported. Although prosecutors claimed that Spafford – who allegedly used a photo of US President Joe Biden for target practice – was “aimed at bringing back political murder”, his attorney claimed he was an innocent “family man” who should be freed.
Following the revelation earlier this week that Chinese state-backed hackers breached the US Treasury in early December, the Washington Post reported on Wednesday that the hackers specifically targeted the Office of Foreign Assets Control. The attackers were likely seeking information about the office’s possible plans to sanction Chinese firms. Additionally, Bloomberg Report The attackers on Thursday targeted the computers of senior Treasury officials, where they were able to access unclassified material. So far, investigators have reportedly identified about 100 computers compromised by hackers. Sources told Bloomberg, however, that the attack appears to be a crime of opportunity rather than a covert, long-planned operation similar to China’s recent intrusions into US telecom companies.
As China’s Treasury hack comes into focus, the implications of its intrusion into American telecommunications firms are still expanding. Two days after Christmas, Ann Neuberger, the White House deputy national security adviser for cyber and emerging technologies, held a briefing with reporters in which she raised the number of telecoms breached by Chinese hackers known as Salt Typhoon from eight to nine and suggested that at least Some of the blame lies with companies’ own inadequate security. “The reality is, given the level of cyber security we’re seeing across the telecom sector, those networks are not as defensible as they need to be to defend against a well-resourced, capable offensive cyber actor like China.” Dr. Newberger. He added that the hackers targeted the contact histories of fewer than 100 people — mostly in Washington, DC, including allegedly President-elect Donald Trump and Vice President-elect J.D. Vance. Neuberger said the spying incident prompted calls for new Federal Communications Commission cybersecurity regulations that he said could limit the scope of breaches, if there were any.
Cars collect and transmit sensitive location data like any modern digital device, and the privacy pitfalls of all that tracking are becoming all too apparent. Case in point: A whistleblower alerted Germany’s Chaos Computer Club and the country’s Der Spiegel news outlet that Carriad, a subsidiary of Volkswagen, had exposed a trove of 800,000 electric vehicle location data online. The leak included cars sold not only by Volkswagen, but also by other brands including Seat, Audi and Skoda. For Audi and Skoda, that location data was only accurate to within six miles, but Volkswagen and Seat cars could be located to within about four inches. The exposed data has since been secured, but the incident nonetheless demonstrates how far automakers have yet to go in reining in their data collection.
