Hacking, Security & Privacy News - Page 8

A group of hackers has announced via Twitter that they have infiltrated Russia's command center for its spy satellites.

The hacking group goes by the name "NB65", and is reportedly affiliated with the infamous hacking group Anonymous. According to reports, NB65 has successfully shut down the control center of the Russian Space Agency "Roscosmos", and as a result, Russia no longer has control of its own spy satellites. In response to these claims, Russian space agency head Dmitry Rogozin announced that Russia was still in control of its control center and that the claims were false.

Read more: Russia threatens to crash the ISS into US, top NASA official answers

I'm sure you're well aware of what is happening between Russia and Ukraine right now, but then we have hacking collective Anonymous, reportedly kicking off an operation against the Russian government and Vladimir Putin.

I'll stay out of the politics of this as I'm just reporting the news, but Anonymous is reportedly pushing into a "full-scale" cyberattack against the Russian Federation. The operation by Anonymous is targeting the Russian government, adding that "there is an inevitability that the private sector will most likely be affected too".

Anonymous continues: "Put yourselves in the shoes of the Ukrainians being bombed right now. Together we can change the world, we can stand up against anything. It is time for the Russian people to stand together and say "NO" to Vladimir Putin's war".

A study on the vulnerability has been published in the ACM MobiCom Conference and will be presented by the researchers at the upcoming International Conference on Mobile Computing and Networking in March.

Voice interactions are becoming more prevalent in VR and AR as they branch out into applications beyond gaming, compared to traditional handheld-controller interactions. Researchers from Rutgers University showed that hackers could access the built-in motion sensors on face-mounted virtual reality (VR) and augmented reality (AR) headsets in an eavesdropping attack.

Their attack, Face-Mic, captures speech-associated subtle facial dynamics from these zero-permission motion sensors and infer sensitive information from live human speech, such as speaker gender, identity, and speech content. Using a deep-learning-based approach and four mainstream VR headsets, the team validated the generalizability, effectiveness, and high accuracy of Face-Mic in extracting speech information.

A study on users' smartphone and app usage has been published in the journal Psychological Science.

Researchers from Lancaster University and the University of Bath in the United Kingdom analyzed 4,680 days worth of app usage data from 780 people's smartphones, creating models of their daily app usage patterns. They then tested whether the models could identify individuals based on only one day of anonymous smartphone usage activity.

"Our models, which were trained on only six days of app usage data per person, could identify the correct person from a day of anonymous data one third of the time," said Dr. Ellis from the University of Bath.

The losses come following Apple's privacy changes that went into effect in April 2021.

The changes Apple made to iOS made it so that users must opt-in to allow ad-tracking by social media applications instead of an opt-out from it being enabled by default. Rather than an opt-out option being relegated to deep in the settings menu, a pop-up now appears before opening an app that uses advertising and data collection.

"Like others in our industry, we faced headwinds as a result of Apple iOS changes. Apple created two challenges for advertisers: one is that the accuracy of our ads targeting decreased, which increased the cost of driving outcomes; the other is that measuring those outcomes became more difficult," Meta Platform chief operating officer Sheryl Sandberg said in its earnings call.

A married US couple has been arrested on espionage-related charges, with Jonathan and Diana Toebbe, both of Annapolis, Maryland arrested in Jefferson County, West Virginia by the FBI and Naval Criminal Investigative Service (NCIS) after they tried to sell data on nuclear-powered warships to a foreign government.

Attorney General Merrick B. Garland explains: "The complaint charges a plot to transmit information relating to the design of our nuclear submarines to a foreign nation. The work of the FBI, Department of Justice prosecutors, the Naval Criminal Investigative Service and the Department of Energy was critical in thwarting the plot charged in the complaint and taking this first step in bringing the perpetrators to justice".

The couple are in big sh*t, with Jonathan Toebbe being an employee of the Department of the Navy, where he was a nuclear engineer and worked on the Naval Nuclear Propulsion Program, which is known as the Naval Reactors. Toebbe had an active national security clearance through the US Department of Defense, which let him have access to the Restricted Data he tried to sell to a foreign government.

Today couldn't get worse for Facebook, with the world's largest social media company down right now, and a Facebook whistleblower exposing some dark sides to the Mark Zuckerberg-led company.

Now, this is where things get worse: over 1.5 billion users have had their information up for sale on a hacker forum, with the personal data of over 1.5 billion Facebook users now up for grabs. You can buy it right now, either in a lump -- 1.5 billion users' information -- or maybe you just want 17 million users' information.

1 million accounts would cost you $5000 or so, which means 1.5 billion Facebook users' data is only going to cost you $7.5 million. Today, of all days, where Facebook has gone down, a whistleblower has exposed the social media giant, and their stock price is crashing... 1,500,000,000 users' data gets leaked and goes up for sale.

There's a new trojan going around that is now targeting gamers, known as "BloodyStealer" that is attacking gaming services like Bethesda, Epic Games, GOG, EA Origin, Steam, Telegram, and VimeWorld

BloodyStealer is able to take gamers' data including passwords, credit card details, screenshots, cookies, and client sessions from the above gaming services. The malware was discovered back in March 2021 in an advertisement on an underground forum, according to Kaspersky.

The malware has built-in protections to defend itself against analysis and has already been deployed in Europe, Latin America, and the Asia-Pacific region. Kaspersky notes that the sellers of BloodyStealer are selling the "malware-as-a-service (MaaS) distribution model" which costs $10 per month, or $40 as a lifetime license.

The elite have always had the attitude of "rules for thee, but not for me" but Facebook is in trouble, yet again, this time with its now-not-so-secret XCheck program.

Facebook's internal XCheck program lets whitelisted users break the same rules that would otherwise see a regular user, or someone on the opposite side of the political spectrum, get banned. XCheck, otherwise known as just Cross Check, has improved quality control when it comes to moderation from high-profile users like celebrities, and politicians.

XCheck is meant to see posts made by whitelisted users get flagged, and have them routed through better-trained moderators to make sure that Facebook's rules are upheld and enforced. Instead, XCheck users -- some 5.8 million of them -- were being protected in 2020. Just 10% of the posts that were flagged for XCheck got reviewed, according to a document witnessed by The Wall Street Journal.

ProtonMail has been busted holding onto the IP addresses of a French climate activity, as well as their browser fingerprint -- after Swiss authorities requested the data.

ProtonMail is meant to have end-to-end encryption by default, but it didn't -- the company states "By default, we do not keep any IP logs which can be linked to your anonymous email account". But we now know that's not true, and the company has since updated its privacy policy.

After the company sent over the metadata of the French activity, ProtonMail then removed the portion of its policy that said the company didn't log IP addresses. In its place, is "ProtonMail is email that respects privacy and puts people (not advertisers) first".