If it seems like there are suddenly a lot more data breaches, you might be right. Part of this apparent increase is due to the growing popularity of information-stealing malware. Cybercriminals are increasingly using this type of malicious software to get their hands on as much login credentials and other sensitive data as possible. That stolen data is then sold on hacker forums and used to access victims’ accounts, which can include those at large corporations. It’s a good reminder to always enable multi-factor authentication wherever it’s available.
This week, a security researcher revealed the discovery of more than a dozen unsecured databases containing sensitive voter information in counties across Illinois. The data, which was stored by a government contractor, includes driver’s license numbers, Social Security numbers, death certificates and more. While election security has generally improved in recent years, the episode illustrates how difficult it can be to protect all voter data at all times.
The story of FBI confidential informants is long and sordid, and it continues. A WIRED investigation published this week revealed how one informant infiltrated far-right groups and spilled their secrets to the feds — all while promoting hateful ideologies that helped inspire a new generation of violent extremists online.
Hacking computers with lasers has always been a rich man’s game — until now. Security researchers Sam Beaumont and Larry “Patch” Trowell are releasing an open-source laser hacking tool called RayV Lite, which can be produced for just $500 — a tiny fraction of the $150,000 price tag of laser equipment historically used to hack hardware. The pair will detail RayV Lite at the Black Hat security conference next week in Las Vegas. (WIRED will be exhibiting at Black Hat and Defcon, the industry’s open-source security conference.) other (There’s a big security conference in Las Vegas next week; check back for full coverage starting Tuesday.)
Finally, we break down the fine print of OpenAI’s ChatGPT-4o to lay out the generative AI tool’s privacy benefits and drawbacks.
But that’s not all. Every week, we round up the top security and privacy news stories we haven’t covered in depth. Click on the headlines to read the full stories. And stay safe.
In a historic prisoner exchange between the United States and Russia, the Wall Street Journal Reporter Evan Gershkovich Two prisoners, including two cybercriminals, were released from Russian prison on Thursday, the White House said. The secret deal, negotiated over a year, involved 24 prisoners: 16 were transferred from Russia to the West and eight from the West to Russia. NBC News reports It is likely to be the first time the United States has released international hackers in a prisoner exchange.
The two Russian hackers are Roman Seleznev and Vladislav Klyushin. Seleznev was sentenced in 2017 to 27 years in prison for extortion. According to the United States Department of JusticeHe installed malware in point-of-sale systems software that allowed him to steal millions of credit card numbers from more than 500 American companies. In September 2023, Klyushin was sentenced to nine years in prison for what US prosecutors described as a “hacking conspiracy to trade $93 million.”
Meta, the parent company of Facebook and Instagram, will pay $1.4 billion to settle a lawsuit brought by the Texas attorney general, whose office accused the social media giant of illegally capturing the biometric data of millions of Texans. In 2022, the state sued Meta over its implementation of a feature that used facial recognition to automatically suggest people to tag in photos and videos uploaded to Facebook. Prosecutors say the feature, initially called Tag Suggestions, violated a Texas law that prohibits companies from capturing and profiting from someone’s biometric identifiers without their consent. While Meta did not admit to any wrongdoing as part of the settlement, according to Texas Attorney General Ken Paxton’s office, it is the largest privacy settlement ever obtained by a state.
The tech company revealed Wednesday that a widespread Microsoft Azure service outage affecting a variety of services (including Microsoft 365 products such as Office and Outlook) was caused by a cyberattack. According to Microsoft’s Azure status history page, the incident lasted for about eight hours on Tuesday and affected “a subset” of customers globally.
The company described the attack as a distributed denial of service, a malicious attempt by hackers to disrupt a target company’s operations by overwhelming its infrastructure with a flood of internet traffic. According to PCMagTwo hacktivist groups have claimed responsibility for the incident. Microsoft plans to publish an account of the incident.