CyberSecurity news

FlagThis - #users

@tomshardware.com - 77d

Microsoft Recall Exposes Sensitive Data Screenshots - Microsoft’s Recall feature captures sensitive data like credit card numbers even with the 'sensitive information' filter enabled, raising privacy concerns.
Microsoft’s new AI feature ‘Recall’ for Copilot+ PCs stores screenshots of sensitive data, including credit cards and social security numbers, even when a ‘sensitive information’ filter is enabled. This has raised serious privacy and security concerns among users. This feature takes continuous screenshots of everything a user does. The data is stored locally but sent off to Microsoft’s LLM for analysis. This has prompted an investigation by the UK Information Commissioner’s Office. This incident highlights the potential risks of AI-powered surveillance features and the importance of user privacy.

Recommended read:
References :
  • Techmeme: Microsoft's new version of Recall appears to still capture sensitive data like credit card numbers, even with the "sensitive information" filter enabled (Avram Piltch/Tom's Hardware)
  • hachyderm.io: screenshots and numbers ( ), even with the "sensitive information" filter enabled Despite promising to filter personal data out, still captures it.
  • Techmeme: Microsoft's new version of Recall appears to still capture sensitive data like credit card numbers, even with the "sensitive information" filter enabled (Avram Piltch/Tom's Hardware)
  • www.tomshardware.com: screenshots credit cards and Social Security numbers, even with the "sensitive information" filter enabled
  • Metacurity: Microsoft Recall screenshots credit cards and Social Security numbers, even with the "sensitive information" filter enabled
  • PrivacyDigest: screenshots credit cards and numbers, even with the "sensitive information" filter enabled | Tom's Hardware Despite promising to filter personal data out, Recall still captures it
  • TechSpot: Microsoft Recall is capturing screenshots of sensitive information like credit card and social security numbers
  • Techzine Global: Microsoft Recall is still a privacy nightmare
  • Pivot to AI: «When Piltch asked Microsoft about the issues [of sending over sensitive information like credit card numbers] , it referred him to a blog post saying AI makes mistakes» Ah yes, it's perfectly normal (and on-brand) for MS to push the recall bs despite all of this. 🤦‍♂️
  • bsky.app: Attackers can abuse the Windows UI Automation framework to steal data from apps
  • David Gerard: Windows AI Copilot+ Recall stores screenshots of sensitive data, regardless of ‘sensitive information’ filter
  • Amy Castor: Windows AI Copilot+ Recall stores screenshots of sensitive data, regardless of ‘sensitive information’ filter
  • securityonline.info: Abusing Microsoft’s UI Automation Framework: The New Evasion Technique Bypassing EDR
  • www.csoonline.com: Attackers can abuse the Windows UI Automation framework to steal data from apps
  • www.computerworld.com: Hands on with Microsoft’s Windows Recall: Not impressive yet
Mike Robinson@Tech Crawlr - 49d

Massive Location Data Breach Affects Millions - A data breach at Gravy Analytics exposed sensitive location data of millions of users from apps like Candy Crush, Tinder, and MyFitnessPal.
A significant data breach at location data firm Gravy Analytics has exposed the sensitive location data of millions of users. The compromised data includes coordinates from mobile devices across the US, Europe, and Russia, with some records also linking the location data to specific apps. Popular apps like Candy Crush, Tinder, MyFitnessPal, and various others are impacted. The data was initially posted on a Russian-language forum by a hacker using the alias "Nightly".

The breadth of the breach is staggering with apps across several categories being affected including dating apps such as Grindr, games like Temple Run and Subway Surfers, transit apps such as Moovit, period trackers, religious apps including muslim prayer and christian bible apps, various pregnancy trackers, and even virtual private network (VPN) applications. It appears that these apps were co-opted by rogue members of the advertising industry to collect this data through the advertising bid stream, often without the knowledge of the app developers. This has raised concerns about how user data is being collected and sold within the advertising ecosystem.

Recommended read:
References :
  • malware.news: Massive breach at location data seller: “Millions” of users affected
  • www.404media.co: Hackers claim massive breach of location data giant, threaten to leak data
  • Malwarebytes: Massive breach at location data seller: “Millions” of users affected
  • www.techdirt.com: Gravy Analytics specializes in location intelligence, meaning it collects sensitive phone location and behavior data.
  • gbhackers.com: Gravy Analytics Hit by Cyberattack, Hackers Allegedly Stole data
  • Techmeme: A hack of location data firm Gravy reveals Candy Crush, Tinder, and thousands of other apps are being used to steal user location data; apps may not even know (Joseph Cox/Wired)
  • Miguel Afonso Caetano: Hackers claim to have compromised Gravy Analytics, the parent company of Venntel which has sold masses of smartphone location data to the U.S. government.
  • www.wired.com: Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location
  • bsky.app: New from 404 Media: data hacked from location giant Gravy reveals thousands of ordinary apps hijacked to steal your location data. Candy Crush, MyFitnessPal, Tinder. Period trackers, prayer apps. Because of how data collected, apps may not even know
  • www.404media.co: See the Thousands of Apps Hijacked to Spy on Your Location
  • Techmeme: A hack of location data firm Gravy reveals Candy Crush, Tinder, and thousands of other apps are being used to steal user location data; apps may not even know (Joseph Cox/Wired)
  • Miguel Afonso Caetano: 'Included in the hacked Gravy data are tens of millions of mobile phone coordinates of devices inside the US, Russia, and Europe. Some of those files also reference an app next to each piece of location data. 404 Media extracted the app names and built a list of mentioned apps. The list includes dating sites Tinder and Grindr; massive games such as Candy Crush, Temple Run, Subway Surfers, and Harry Potter: Puzzles & Spells; transit app Moovit; My Period Calendar & Tracker, a period-tracking app with more than 10 million downloads; popular fitness app MyFitnessPal; social network Tumblr; Yahoo’s email client; Microsoft’s 365 office app; and flight tracker Flightradar24. The list also mentions multiple religious-focused apps such as Muslim prayer and Christian Bible apps, various pregnancy trackers, and many VPN apps, which some users may download, ironically, in an attempt to protect their privacy.
  • flipboard.com: Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location
info@thehackernews.com (The Hacker News)@The Hacker News - 7d

Cybercriminals Abuse Jarsigner to Deploy XLoader Malware - A new malware campaign uses DLL side-loading to distribute the XLoader malware through Eclipse's jarsigner.exe, evading detection by loading malicious DLL files.
Cybercriminals are exploiting the legitimate Eclipse Jarsigner tool to deploy the XLoader malware, using a DLL side-loading technique. Researchers at AhnLab Security Intelligence Center (ASEC) discovered the campaign, which involves packaging a legitimate jarsigner.exe executable, a tool used for signing Java Archive (JAR) files, with malicious DLL files inside a compressed ZIP archive. When the legitimate executable is run, the malicious DLLs are loaded, triggering the XLoader malware infection. This method allows the malware to evade security defenses by exploiting the trust associated with a legitimate application.

The attack sequence starts with a renamed version of jarsigner.exe (Documents2012.exe) executing, which then loads a tampered "jli.dll" library. This malicious DLL decrypts and injects "concrt140e.dll," the XLoader payload, into a legitimate process (aspnet_wp.exe). XLoader is designed to steal sensitive information, including user credentials, browser data, and system information. The malware can also download and execute additional malicious payloads. Users are advised to exercise caution when handling compressed files with executable files and accompanying DLLs from unverified sources.

Recommended read:
References :
  • Cyber Security News: Cybercriminals Abuse Jarsigner to Spread XLoader Malware
  • gbhackers.com: Hackers Exploit Jarsigner Tool to Deploy XLoader Malware
  • The Hacker News: Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives
  • cyberpress.org: Cybercriminals Abuse Jarsigner to Spread XLoader Malware
  • Talkback Resources: Cybercriminals Use Eclipse Jarsigner to Deploy XLoader Malware via ZIP Archives [rev] [mal]
  • gbhackers.com: Hackers Exploit Jarsigner Tool to Deploy XLoader Malware
  • www.scworld.com: Intrusions begin with the spread of a compressed ZIP archive containing a renamed jarsigner.exe file, which when executed prompts the loading of a tampered DLL library and eventual injection of XLoader malware, according to an analysis from the AhnLab Security Intelligence Center.
  • Talkback Resources: XLoader malware campaign uses DLL side-loading with legitimate Eclipse Foundation application, distributing payload in compressed ZIP archive to steal sensitive information and download additional malware, evolving with obfuscation and encryption layers to evade detection, potentially linked to other loaders like NodeLoader and RiseLoader.
@www.forbes.com - 9d

RedNote App Security Issues - Citizen Lab and the EFF Threat Lab report critical privacy vulnerabilities in the RedNote app, including unencrypted HTTP transmission of user content, static keys for encrypting files, and unencrypted transmission of device metadata, with no response from RedNote or its vendors despite disclosures.
References: citizenlab.ca , Deeplinks , Deeplinks ...
A new report by Citizen Lab and the EFF Threat Lab has uncovered critical security vulnerabilities within the popular Chinese social media application, RedNote. The analysis, conducted on version 8.59.5 of the app, revealed that RedNote transmits user content, including viewed images and videos, over unencrypted HTTP connections. This exposes sensitive user data to potential network eavesdroppers, who can readily access the content being browsed.

Additionally, the report highlights that the Android version of RedNote contains a vulnerability that could allow attackers to access the contents of files on a user's device. The app also transmits device metadata without adequate encryption, sometimes even when using TLS, potentially enabling attackers to learn about a user's device screen size and mobile network carrier. Despite responsible disclosures to RedNote and its vendors NEXTDATA and MobTech in late 2024 and early 2025, no response has been received regarding these critical security flaws.

Recommended read:
References :
  • citizenlab.ca: The report highlights three serious security issues in the RedNote app.
  • Deeplinks: The EFF Threat Lab confirmed the Citizen Lab findings about Red Note.
  • www.forbes.com: Is RedNote Safe? Here's What Millions of TikTok Users Need to Know
  • Deeplinks: Crimson Memo: Analyzing the Privacy Impact of Xiaohongshu AKA Red Note
@singularityhub.com - 19d

OpenAI Model Vulnerability to Jailbreaks - OpenAI models are susceptible to "jailbreaks" and "fine-tuning" that override their safety restrictions, raising concerns about potential misuse.
OpenAI models, including the recently released GPT-4o, are facing scrutiny due to their vulnerability to "jailbreaks." Researchers have demonstrated that targeted attacks can bypass the safety measures implemented in these models, raising concerns about their potential misuse. These jailbreaks involve manipulating the models through techniques like "fine-tuning," where models are retrained to produce responses with malicious intent, effectively creating an "evil twin" capable of harmful tasks. This highlights the ongoing need for further development and robust safety measures within AI systems.

The discovery of these vulnerabilities poses significant risks for applications relying on the safe behavior of OpenAI's models. The concern is that, as AI capabilities advance, the potential for harm may outpace the ability to prevent it. This risk is particularly urgent as open-weight models, once released, cannot be recalled, underscoring the need to collectively define an acceptable risk threshold and take action before that threshold is crossed. A bad actor could disable safeguards and create the “evil twin” of a model: equally capable, but with no ethical or legal bounds.

Recommended read:
References :
  • www.artificialintelligence-news.com: Recent research has highlighted potential vulnerabilities in OpenAI models, demonstrating that their safety measures can be bypassed by targeted attacks. These findings underline the ongoing need for further development in AI safety systems.
  • www.datasciencecentral.com: OpenAI models, although advanced, are not completely secure from manipulation and potential misuse. Researchers have discovered vulnerabilities that can be exploited to retrain models for malicious purposes, highlighting the importance of ongoing research in AI safety.
  • Blog (Main): OpenAI models have been found vulnerable to manipulation through "jailbreaks," prompting concerns about their safety and potential misuse in malicious activities. This poses a significant risk for applications relying on the models’ safe behavior.
  • SingularityHub: This article discusses Anthropic's new system for defending against AI jailbreaks and its successful resistance to hacking attempts.
@www.ghacks.net - 18d

DeepSeek's Privacy Concerns - The iOS version of the DeepSeek AI chatbot transmits user data unencrypted to ByteDance servers, raising privacy concerns and prompting calls for a ban on government devices.
Recent security analyses have revealed that the iOS version of DeepSeek, a widely-used AI chatbot developed by a Chinese company, transmits user data unencrypted to servers controlled by ByteDance. This practice exposes users to potential data interception and raises significant privacy concerns. The unencrypted data includes sensitive information such as organization identifiers, software development kit versions, operating system versions, and user-selected languages. Apple's App Transport Security (ATS), designed to enforce secure data transmission, has been globally disabled in the DeepSeek app, further compromising user data security.

Security experts from NowSecure recommend that organizations remove the DeepSeek iOS app from managed and personal devices to mitigate privacy and security risks, noting that the Android version of the app exhibits even less secure behavior. Several U.S. lawmakers are advocating for a ban on the DeepSeek app on government devices, citing concerns over potential data sharing with the Chinese government. This mirrors previous actions against other Chinese-developed apps due to national security considerations. New York State has already banned government employees from using the DeepSeek AI app amid these concerns.

Recommended read:
References :
  • cset.georgetown.edu: China’s ability to launch DeepSeek’s popular chatbot draws US government panel’s scrutiny
  • PCMag Middle East ai: House Bill Proposes Ban on Using DeepSeek on Government-Issued Devices
  • Information Security Buzz: Recent security analyses have found that the iOS version of DeepSeek transmits user data unencrypted.
  • www.ghacks.net: Security analyses revealed unencrypted data transmission by DeepSeek's iOS app.
  • iHLS: Article about New York State banning the DeepSeek AI app.
@www.bleepingcomputer.com - 17d

Brave Browser Introduces Custom Scriptlets for Privacy - Brave Browser introduces 'custom scriptlets' for advanced users to inject JavaScript into websites, enhancing privacy and control by blocking trackers and customizing content.
Brave Browser is introducing a new feature called 'custom scriptlets' in its latest desktop release. This feature allows advanced users to inject their own JavaScript into websites, granting them deep customization and control over their browsing experience. Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing experience.

This new functionality empowers users to modify website functionality, offering enhanced privacy and the ability to block trackers more effectively. The 'custom scriptlets' feature is similar to popular browser extensions like TamperMonkey and GreaseMonkey, enabling users to create custom scripts for specific websites. This feature is coming in Brave Browser version 1.75 for the desktop.

Recommended read:
References :
  • cyberinsider.com: Brave Introduces Custom Scriptlets for Advanced Privacy Options
  • www.bleepingcomputer.com: Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing experience.
  • AAKL: Brave now lets you inject custom JavaScript to tweak websites
  • BleepingComputer: Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own JavaScript into websites, allowing deep customization and control over their browsing experience.
  • Anonymous ???????? :af:: Brave Browser is getting a new feature called 'custom scriptlets' that lets advanced users inject their own into websites, allowing deep customization and control over their browsing experience.

Blogs

Research Tools