The continuing series of breaches targeting customers of cloud platform Snowflake appears to be a supply chain attack wrapped in another supply chain attack. A hacker who claims to have been involved in the attacks tells WIRED that the hackers, known as ShinyHunter, stole victims’ Snowflake credentials by first breaching an employee of a third-party contractor. (The contractor, however, says he does not believe he was involved.)
Ultimately, the breach of the accounts of Snowflake customers, which include Ticketmaster, banking firm Santander and potentially more than 160 other companies, was possible because their Snowflake accounts did not have multi-factor authentication enabled.
Antivirus giant Kaspersky’s worst nightmare has finally come true: The US government announced Thursday that it will ban the sale of its software to new customers in the United States over alleged threats to Russian national security. (Kaspersky has disputed the Biden administration’s claims.) Meanwhile, existing customers will be prohibited from downloading Kaspersky software updates after September 29. What could go wrong?
Perplexity AI, an artificial intelligence-powered search startup, says it is already valued at $1 billion. But a WIRED investigation published this week found that their secret sauce has a spicy ingredient: shit.
Beyond the “mind-blowing” details generated by its chatbot, WIRED discovered that the AI tool appears to be ignoring the Robot Exclusion Protocol (a standard web tool used to prevent scraping) on sites owned by WIRED’s parent company. , Condé Nast, and other publications, apparently allowing it to pull articles despite the Internet equivalent of a “Do Not Enter” sign posted on WIRED and other Condé Nast sites. The Perplexity chatbot later plagiarized that same article when prompted.
People traveling through some of the UK’s largest train stations secretly had their faces scanned with Amazon’s facial recognition tools, according to documents obtained by WIRED. The technology, which was used as part of a test, predicted various attributes of travelers, including gender, age and possible emotions. The surveillance, which one privacy advocate called “concerning,” could potentially be used to serve ads.
Finally, we detail the rise of robotic “dogs” used by the military, explain what would happen if China invaded Taiwan, and get into the nitty-gritty of the boring-sounding but serious task of detecting the billion-dollar scam tactic. known as business. email engagement.
Thats not all. Each week, we round up the security and privacy news we didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.
For months, ransomware gangs have rampaged through the healthcare industry, with ruthless attacks targeting Change Healthcare’s nationwide payment network for more than a thousand healthcare providers, Ascension Healthcare’s 140 hospitals, and dozens of other victims across the medical field. Now that hacking epidemic is crystallizing into another catastrophic hospital attack, one that has led to data from 300 million UK patient records being leaked online.
Synnovis, a medical testing joint venture partly owned by the UK’s National Health Service, has been fighting and negotiating for weeks with the Russian-linked Qilin ransomware group, which has deeply disrupted its services in an attempt to extort the company. The result has been over a thousand postponed operations and thousands more postponed outpatient appointments across multiple UK hospitals. Ambulances have been diverted from affected hospitals, potentially causing delays in life-saving care. They have even had to request urgent new donations of type O blood, as interruptions in testing have prevented other types from being used in patients’ blood transfusions.
