Authorities seize 9 crypto exchanges used for money laundering
A joint operation conducted by the FBI and Ukrainian police seized 9 crypto exchanges used by cybercriminal groups to launder profits from illegal activities, including ransomware attacks and online fraud. The authorities seized the domains and underlying infrastructure located in the US, Europe, and Ukraine. Most of the platforms offered users live support and instructions in Russian and English, covering a broad spectrum of cybercriminal communities.
(Security Affairs and Bleeping Computer)
T-Mobile discloses 2nd data breach of 2023
On Monday, T-Mobile said it experienced a hack that started on February 24 and lasted until March 30, affecting 836 customers. Data exposed varied for each customer but potentially included name, contact info, social security number, government ID, date of birth, and account info including T-Mobile account PINs. The hack is the second to hit T-Mobile this year and the company’s ninth since 2018.
‘Godfather of AI’ quits Google and warns of misinformation dangers
Geoffrey Hinton, known as the ‘Godfather of AI,’ has quit Google in order to speak freely about the dangers of AI and, in part, regrets his contribution to the field. Hinton, who helped develop Google’s AI over the past decade, said he believed the company to be a “proper steward” of the tech up until Microsoft started incorporating a chatbot into its Bing search engine. Hinton expressed concerns about the possibility of AI upending the job market and added that he was also concerned about the, “existential risk of what happens when these things get more intelligent than us.”
1Password explains scary Secret Key and password change alerts
Five days ago, 1Password revealed that it experienced an incident causing users to receive alarming notifications that their passwords had been changed. 1Password chief technology officer (CTO) Pedro Canahuati said the notifications were erroneous and were caused by routine database maintenance and not by a security breach. Canahuati explained that the 1Password client application incorrectly interpreted error codes sent from the company’s US servers responding to a spike of sync requests following a backend database migration.
And now a word from our sponsor, TrendMicro
Navigating a new era of cyber risk demands evolved strategies, new frameworks, and integrated tools to equip security teams to anticipate and defend against even the most advanced attacks. Trend Micro, the global leader in cybersecurity is bringing the cyber risk conversation to more than 120 cities around the world in their latest “Risk to Resilience World Tour” — The largest cybersecurity roadshow of its kind. Find the closest city to you and register today to take a leap towards a more resilient future. Head to TrendMicro.com/cisoseries.
Crypto exchange hacked after two security audits
Hackers exploited a vulnerability in the Level Finance decentralized crypto exchange to drain 214,000 tokens and swapped them for Binance Coin (BNB), worth approximately $1,100,000. The hackers took advantage of a logic bug in the claimMultiple function that allows users to repeatedly claim referral rewards within the same epoch (period of time).The company said the attack did not affect its liquidity pool or the DAO treasury,however its tokens (LVL) lost roughly 50% their value immediately after news of the attack went public. Although Level Finance had undergone two independent audits this year, the hacker still found a way to exploit the exchange using bugs that had not been identified.
PrivateGPT tackles sensitive info in ChatGPT prompts
A data privacy vendor called Private AI, has launched a redaction tool aimed at reducing the organizational risk of employees entering sensitive information into ChatGPT. Private AI’s new PrivateGPT platform integrates with OpenAI’s high-profile chatbot, automatically redacting 50+ types of personally identifiable information (PII) in real time as users enter ChatGPT prompts. PrivateGPT sits in the middle of the chat process, stripping out everything from health data and credit-card info to Social Security numbers before sending user prompts through to ChatGPT.
NYPD pushes AirTags to fight surge in car thefts
New York City Mayor Eric Adams and the New York Police Department (NYPD), are urging resident car owners to equip their vehicles with an Apple AirTag. During a press conference on Sunday, the Mayor announced the distribution of 500 free AirTags to New Yorkers, saying the technology would aid in reducing the city’s surging car theft numbers. NYPD’s public crime statistics indicate there have been nearly 4,500 vehicle thefts this year, a 13.3 percent increase compared to the same period last year.
Coincidentally, on Tuesday Apple and Google have come together to develop an industry specification to combat stalking via their AirTag and SmartTag tracking devices. Shortly after the companies released their tracking tags back in 2021, reports of privacy abuse violations became commonplace. Apple is currently entrenched in a potentially very costly class-action lawsuit. Samsung, Tile, Chipolo, eufy Security, and Pebblebee, who make similar tracking devices, have all endorsed the new standard. Apple and Google hope to have a production-ready version of the specification by the end of this year.
(Ars Technica and The Register)
Google to remove secure website indicators in Chrome 117
On Tuesday, Google announced that its beloved lock icon, long thought to be a sign of website security and trustworthiness, will soon be replaced with a “variant of the tune icon.” More than 99% of all web pages are now loaded in Google Chrome over HTTPS. However, Google noted they don’t want users to assume these sites are safe, pointing out that nearly all phishing sites use HTTPS, and therefore also display the lock icon. The lock icon will be changed in Chrome 117, due for release in September 2023.