CyberSecurity news
FlagThis - #privacy
|
Pierluigi Paganini@securityaffairs.com
//
OpenAI is facing scrutiny over its ChatGPT user logs due to a recent court order mandating the indefinite retention of all chat data, including deleted conversations. This directive stems from a lawsuit filed by The New York Times and other news organizations, who allege that ChatGPT has been used to generate copyrighted news articles. The plaintiffs believe that even deleted chats could contain evidence of infringing outputs. OpenAI, while complying with the order, is appealing the decision, citing concerns about user privacy and potential conflicts with data privacy regulations like the EU's GDPR. The company emphasizes that this retention policy does not affect ChatGPT Enterprise or ChatGPT Edu customers, nor users with a Zero Data Retention agreement.
Sam Altman, CEO of OpenAI, has advocated for what he terms "AI privilege," suggesting that interactions with AI should be afforded the same privacy protections as communications with professionals like lawyers or doctors. This stance comes as OpenAI faces criticism for not disclosing to users that deleted and temporary chat logs were being preserved since mid-May in response to the court order. Altman argues that retaining user chats compromises their privacy, which OpenAI considers a core principle. He fears that this legal precedent could lead to a future where all AI conversations are recorded and accessible, potentially chilling free expression and innovation. In addition to privacy concerns, OpenAI has identified and addressed malicious campaigns leveraging ChatGPT for nefarious purposes. These activities include the creation of fake IT worker resumes, the dissemination of misinformation, and assistance in cyber operations. OpenAI has banned accounts linked to ten such campaigns, including those potentially associated with North Korean IT worker schemes, Beijing-backed cyber operatives, and Russian malware distributors. These malicious actors utilized ChatGPT to craft application materials, auto-generate resumes, and even develop multi-stage malware. OpenAI is actively working to combat these abuses and safeguard its platform from being exploited for malicious activities. Recommended read:
References :
Jessica Lyons@The Register
//
A significant data breach impacting AT&T customers has resurfaced, with threat actors re-releasing data from a 2021 incident that affects a staggering 70 million individuals. This latest release is particularly concerning because it combines previously separate files, now directly linking Social Security numbers and birth dates to individual users. AT&T has acknowledged the situation and is actively investigating what they believe to be repackaged data from the earlier breach, which is now being offered for sale on dark web forums. The company is working to determine the full scope and impact of this re-released information.
This re-release has raised significant concerns about the potential for identity theft and fraud. The leaked data, which includes full names, dates of birth, phone numbers, email addresses, physical addresses, and Social Security numbers, provides a comprehensive set of personal information that could be exploited for malicious purposes. While AT&T is investigating the source of the leak and the claims of decrypted Social Security numbers, the exposure of such sensitive data puts millions of customers at risk. The incident has prompted AT&T to urge its customers to remain vigilant and take proactive steps to protect their personal information. Security experts recommend monitoring credit reports, changing passwords, and being cautious of phishing attempts. The incident also raises questions about the security measures in place to protect customer data and the potential need for stronger safeguards to prevent future breaches. Recommended read:
References :
@medium.com
//
The Post-Quantum Cryptography Coalition (PQCC) has recently published a comprehensive roadmap designed to assist organizations in transitioning from traditional cryptographic systems to quantum-resistant alternatives. This strategic initiative comes as quantum computing capabilities rapidly advance, posing a significant threat to existing data security measures. The roadmap emphasizes the importance of proactive planning to mitigate long-term risks associated with cryptographically relevant quantum computers. It is structured into four key implementation categories: Preparation, Baseline Understanding, Planning and Execution, and Monitoring and Evaluation.
The roadmap offers detailed steps for organizations to customize their adoption strategies, regardless of size or sector. Activities include inventorying cryptographic assets, assigning migration leads, prioritizing systems for upgrades, and aligning stakeholders across technical and operational domains. Furthermore, it underscores the urgency of Post-Quantum Cryptography (PQC) adoption, particularly for entities managing long-lived or sensitive data vulnerable to "harvest now, decrypt later" attacks. Guidance is also provided on vendor engagement, creating a cryptographic bill of materials (CBOM), and integrating cryptographic agility into procurement and system updates. In related advancements, research is focusing on enhancing the efficiency of post-quantum cryptographic algorithms through hardware implementations. A new study proposes a Modular Tiled Toeplitz Matrix-Vector Polynomial Multiplication (MT-TMVP) method for lattice-based PQC algorithms, specifically designed for Field Programmable Gate Arrays (FPGAs). This innovative approach significantly reduces resource utilization and improves the Area-Delay Product (ADP) compared to existing polynomial multipliers. By leveraging Block RAM (BRAM), the architecture also offers enhanced robustness against timing-based Side-Channel Attacks (SCAs), making it a modular and scalable solution for varying polynomial degrees. This combined with hybrid cryptographic models is a practical guide to implementing post quantum cryptography using hybrid models for TLS, PKI, and identity infrastructure. Recommended read:
References :
Zack Whittaker@techcrunch.com
//
Data broker giant LexisNexis has disclosed a significant data breach affecting over 364,000 individuals. The breach targeted LexisNexis Risk Solutions (LNRS), a unit specializing in "know your customer," risk assessment, due diligence, and law enforcement assistance. An unauthorized party gained access to a third-party software development platform utilized by LNRS, resulting in the theft of sensitive personal data.
The intrusion, which occurred on December 25, 2024, was detected by LexisNexis on April 1, 2025. Initial reports indicate that the stolen data includes names, phone numbers, home addresses, email addresses, Social Security numbers, driver's license numbers, and dates of birth. While LexisNexis asserts that its own systems and infrastructure were not compromised, the breach raises concerns about the security of data entrusted to third-party vendors. The company stated that "No financial, credit card, or other sensitive personal information was accessed". LexisNexis is notifying affected individuals and relevant regulators about the breach. The company also reported the incident to law enforcement. They are offering affected individuals 24 months of identity protection and credit monitoring through Experian. The incident highlights the vulnerability of personal data within the data broker industry and comes shortly after the scrapping of a Biden-era rule intended to restrict data brokers from selling Americans’ sensitive information. Recommended read:
References :
Waqas@hackread.com
//
A massive database containing over 184 million unique login credentials has been discovered online by cybersecurity researcher Jeremiah Fowler. The unprotected database, which amounted to approximately 47.42 gigabytes of data, was found on a misconfigured cloud server and lacked both password protection and encryption. Fowler, from Security Discovery, identified the exposed Elastic database in early May and promptly notified the hosting provider, leading to the database being removed from public access.
The exposed credentials included usernames and passwords for a vast array of online services, including major tech platforms like Apple, Microsoft, Facebook, Google, Instagram, Snapchat, Roblox, Spotify, WordPress, and Yahoo, as well as various email providers. More alarmingly, the data also contained access information for bank accounts, health platforms, and government portals from numerous countries, posing a significant risk to individuals and organizations. The authenticity of the data was confirmed by Fowler, who contacted several individuals whose email addresses were listed in the database, and they verified that the passwords were valid. The origin and purpose of the database remain unclear, with no identifying information about its owner or collector. The sheer scope and diversity of the login details suggest that the data may have been compiled by cybercriminals using infostealer malware. Jeremiah Fowler described the find as "one of the most dangerous discoveries" he has found in a very long time. The database's IP address pointed to two domain names, one of which was unregistered, further obscuring the identity of the data's owner and intended use. Recommended read:
References :
@arstechnica.com
//
Signal, the privacy-focused messaging application, has taken action to block Microsoft's controversial Recall feature from capturing screenshots of its desktop app content on Windows 11. Citing privacy concerns over Recall's ability to automatically take screenshots of on-screen activity, Signal has implemented a "screen security" setting, enabled by default, that leverages Digital Rights Management (DRM) to prevent the tool from accessing and recording private conversations. This move comes as Signal expresses discontent with Microsoft's approach, arguing that Recall lacks sufficient developer controls to exclude specific apps and protect sensitive information.
Microsoft's Recall feature, designed for Copilot+ PCs, works by continuously taking screenshots and creating a searchable database of user activity. Signal argues that this poses a significant risk to the privacy of its users, as private conversations could be inadvertently captured and stored. By implementing DRM, Signal sets a flag on its application window that instructs Recall, and any other screenshotting application, to ignore its content. While Signal acknowledges this is a blunt tool that may interfere with accessibility software, it believes Microsoft left them with no other choice. Signal has criticized Microsoft for not providing developers with the necessary tools to manage how Recall interacts with their applications. The messaging app argues that it shouldn't have to resort to using DRM "content protection hacks" to safeguard user privacy. Signal hopes that AI teams building systems like Recall will carefully consider the privacy implications and avoid forcing apps to use workarounds to protect the integrity of their services. They want the AI teams to know that this will potentially affect accessibility options like screen readers. Recommended read:
References :
@zdnet.com
//
References:
hackernoon.com
Following a bankruptcy auction, pharmaceutical giant Regeneron has agreed to acquire 23andMe, the genetic testing company, for $256 million. The deal includes 23andMe's genomics service and the personal and genetic data of its 15 million customers. Regeneron intends to use this vast trove of data to advance drug discovery, emphasizing its commitment to prioritizing the privacy, security, and ethical use of the information. The acquisition aims to ensure compliance with 23andMe's existing privacy policies and relevant data protection laws, a move intended to reassure concerned customers.
The sale of 23andMe comes after a challenging period for the company, which filed for bankruptcy protection in March following a significant data breach in 2023. This breach exposed the private and genetic data of approximately 7 million customers, contributing to a decline in the company's stock price and waning consumer confidence. Concerns were raised about the potential sale of customer data to unethical buyers during the bankruptcy proceedings, prompting California Attorney General Rob Bonta to urge residents to delete their genetic data. The bankruptcy court is scheduled to consider Regeneron's acquisition on June 17. Regeneron has emphasized its experience in handling genetic data through its Regeneron Genetics Center, which already manages genetic information from nearly 3 million people. The company assures 23andMe customers that their data will be protected with high standards of privacy, security, and ethical oversight, aiming to leverage the data's full potential to improve human health. While the acquisition includes 23andMe's personal genome service, it excludes the Lemonaid Health telehealth division, which 23andMe plans to discontinue. Recommended read:
References :
@cyberinsider.com
//
O2 UK has recently patched a security vulnerability in its 4G Calling (VoLTE) and WiFi Calling technologies that could have allowed unauthorized individuals to determine the general location of its mobile users. The flaw stemmed from an improper implementation of the IMS standard, leading to the leakage of user location data through network responses. An attacker could exploit this by simply initiating a phone call to the target, making it a significant privacy concern for O2 UK's nearly 23 million mobile customers. The problem, discovered by security researcher Daniel Williams, is believed to have existed since February 2023 before being resolved.
The vulnerability resided in how O2 UK handled encryption protocols, specifically within the EEA2 encryption algorithm. Researchers from Beijing University of Posts and Telecommunications and the University of Birmingham discovered that this algorithm was not as robust as previously believed, allowing attackers to intercept and decrypt voice call data. By examining the non-encrypted MAC sub-header, attackers could identify the Logical Channel ID (LCID) of the sub-PDU, enabling them to specifically target VoLTE traffic. This exposed call metadata, including call times, duration, direction, and the user's approximate location. O2 UK's swift action to patch the bug demonstrates the critical importance of telecom providers adhering to stringent security standards. Proper validation and security measures in IMS implementations are essential to safeguarding user privacy. The incident serves as a reminder for regular security audits and enhanced protection of user data within telecommunications networks. As VoLTE and WiFi Calling continue to transform communication with superior call quality and reliability, addressing security vulnerabilities is paramount to maintaining user trust and preventing future exploits. Recommended read:
References :
@cyberinsider.com
//
A security flaw has been discovered in O2 UK's implementation of VoLTE and WiFi Calling technologies, potentially exposing the general location and other identifiers of mobile users. Researchers from Beijing University of Posts and Telecommunications and the University of Birmingham identified a critical vulnerability in the EEA2 encryption algorithm. This flaw allowed attackers to intercept and decrypt voice call data, accessing sensitive information such as call metadata, including call times, duration, and direction of calls. This discovery highlights the urgent need for improved security measures within telecommunications networks.
The vulnerability stemmed from the non-encrypted MAC sub-header at the mobile relay, which revealed the Logical Channel ID (LCID) of the sub-PDU (Protocol Data Unit). This information enabled the researchers to target VoLTE traffic directly. Researcher Daniel Williams also found that the flaw likely existed on O2 UK's network since February 2023. The flaw could allow anyone to expose the general location of a person and other identifiers by calling the target, theoretically, in some cases, this could be accurate to within 100 square meters. O2 UK, now part of Virgin Media O2 (VMO2), has since patched the bug following the discovery and public disclosure of the vulnerability. A VMO2 spokesperson stated that their engineering teams had been working on and testing a fix for a number of weeks and the fix is now fully implemented. The company has also contacted the researcher Daniel Williams to thank him for his work. This incident underscores the importance of regular security assessments and prompt patching to protect user privacy in modern telecommunications systems. Recommended read:
References :
dark6@Secure Bulletin
//
The Tor Project has launched oniux, a command-line utility designed to enhance privacy for Linux applications. Oniux provides kernel-enforced Tor isolation, routing all network traffic through the Tor network. This new tool leverages Linux namespaces, a kernel feature, to create isolated network environments for applications, ensuring robust traffic anonymity and preventing data leaks in high-risk scenarios. Oniux aims to provide a more secure and reliable alternative to traditional SOCKS-based Tor proxies like torsocks.
Oniux operates by spawning a child process with isolated network, mount, PID, and user namespaces, effectively containerizing the application. It then mounts its own /proc and maps UIDs/GIDs to match the parent process. A custom /etc/resolv.conf is injected via a mount namespace, ensuring all DNS queries are resolved through Tor. The tool utilizes onionmasq to create a TUN interface (onion0) for Tor-bound traffic routing and drops all elevated privileges after setup to minimize the attack surface. The target application executes within this sandboxed environment, guaranteeing all network traffic is forced through Tor. Unlike torsocks, which intercepts network-related libc calls and can be bypassed by applications using raw system calls or static binaries, oniux enforces isolation at the kernel level. This makes it impossible for applications, even malicious or misconfigured ones, to route traffic outside of Tor. The kernel-level isolation provided by oniux eliminates the risk of data leaks, making it particularly relevant for adversarial binaries or research tools not designed with privacy in mind, solidifying oniux as a more robust privacy solution. Recommended read:
References :
Pierluigi Paganini@Security Affairs
//
A hacker has successfully breached TeleMessage, an Israeli company that provides modified versions of secure messaging apps such as Signal, WhatsApp and Telegram to the U.S. government. The breach resulted in the exfiltration of sensitive data, including archived messages from these modified apps. TeleMessage has suspended all services and is currently investigating the incident. The breach highlights the vulnerabilities associated with modifying secure messaging applications, especially concerning the preservation of end-to-end encryption.
The compromised data includes the contents of direct messages and group chats, as well as contact information for government officials. 404 Media reported that the hack exposed data related to U.S. Customs and Border Protection (CBP), the cryptocurrency exchange Coinbase, and several other financial institutions. The hacker claimed the entire process of accessing TeleMessage’s systems took only 15-20 minutes, underscoring the ease with which the security was circumvented. Despite the breach, there are reports that messages from top US government officials and cabinet members were not compromised. TeleMessage, which was recently in the spotlight after former U.S. National Security Advisor Mike Waltz was seen using their modified version of Signal, offers archiving services for messages. However, the hack revealed that the archived chat logs were not end-to-end encrypted between the modified app and the ultimate archive destination controlled by the TeleMessage customer. Smarsh, the parent company of TeleMessage, has engaged an external cybersecurity firm to support the investigation and has temporarily suspended all TeleMessage services as a precaution. A Coinbase spokesperson stated that the company is closely monitoring the situation, but has not found any evidence of sensitive customer information being accessed or accounts being at risk. Recommended read:
References :
@cyberinsider.com
//
VeriSource Services, a Houston-based employee benefits administration firm, has disclosed a significant data breach impacting four million individuals. The company, which provides HR services, revealed that an "unknown actor" gained access to sensitive personal data during a digital break-in that occurred in February 2024. This incident has expanded considerably from initial estimates, highlighting the challenges organizations face in accurately assessing the scope of cyberattacks. VeriSource began notifying affected individuals on April 23, providing more details in a filing with the Maine Attorney General's office.
The exposed information includes names, addresses, dates of birth, genders, and Social Security numbers, although not all data points were compromised for every individual. The discovery that gender and home address data were potentially accessed represents a significant update from previous notifications. VeriSource initially believed that only around 112,000 individuals were affected, according to a filing made in August 2024 with the US Health and Human Services Office for Civil Rights. This initial assessment followed the first round of investigations, which focused on determining if sensitive data had been stolen. The latest disclosure follows VeriSource's collaboration with its "client companies" to gather more information, concluding on April 17. The VeriSource data breach underscores the critical need for organizations to enhance their cybersecurity detection and response capabilities. Delayed detection can lead to substantial financial repercussions, including higher costs associated with data recovery, legal fees, and regulatory fines. Furthermore, reputational damage and the need for extensive post-breach audits add to the financial strain. Implementing advanced threat detection technologies, such as behavioral analytics and machine learning, can significantly reduce detection times. VeriSource is working with the FBI and stated that it has not seen "evidence" to suggest any of the stolen data has yet been misused. Recommended read:
References :
@The DefendOps Diaries
//
A vulnerability in Verizon's Call Filter feature exposed customers' incoming call history, allowing unauthorized access to call logs. Security researcher Evan Connelly discovered the flaw in the Verizon Call Filter iOS app, revealing that it was possible to access the incoming call logs for any Verizon Wireless number through an unsecured API request. The vulnerability was reported to Verizon on February 22, 2025, and acknowledged by the company two days later. The flaw was subsequently fixed by March 25, 2025.
The vulnerability was rooted in the backend API used by the Verizon Call Filter app, which failed to verify that the phone number requested for call history matched the authenticated user’s number. An attacker with a valid JSON Web Token (JWT) could manipulate the request header and retrieve call logs for any Verizon customer. This oversight allowed modification of the phone number being sent, and data could be received back for Verizon numbers not associated with the signed-in user, raising significant privacy and safety concerns for Verizon Wireless customers. Recommended read:
References :
@The DefendOps Diaries
//
Vivaldi browser has integrated Proton VPN directly into its system, offering users a seamless way to protect their data from 'Big Tech' surveillance. The integration means users can now access VPN services without the need for external downloads or plugin activations. This move signifies a commitment to enhancing user privacy and challenging the data collection practices of major tech firms. The VPN button is available directly in the toolbar to improve user experience.
Vivaldi's partnership with Proton VPN brings browser-level privacy tools to users, allowing them to encrypt all internet traffic and protect them from persistent tracking. When enabled, browsing activity is transmitted through Proton VPN's encrypted tunnels, which obfuscates the user's IP address. The integration aims to provide enhanced protection against tracking and surveillance and sets new standards in digital security. Recommended read:
References :
|