#security_cyberattacksandhacks

Feed: All Latest | Websites Can Now Spy on You Through Your Hard Drive by Dan Goodin, Ars Technica AI generated summary, Read the full article for complete information. Websites can now covertly track visitors by measuring subtle SSD activity through a newly disclosed technique called FROST (fingerprinting remotely using OPFS‑based SSD timing). By running JavaScript in the browser that repeatedly reads from a large file stored in the origin‑private file system (OPFS), attackers can detect latency variations caused by competing I/O operations and, using a pretrained convolutional neural network, infer which other sites and native applications a user has open—even across different browsers. Unlike earlier side‑channel attacks, FROST works entirely within the browser and requires no user interaction beyond visiting the malicious page, though it needs a very large OPFS file (≈ 1 GB) on the same SSD, which limits its stealth at scale. Mitigations include closing unused tabs promptly, monitoring and restricting OPFS file sizes, and browser vendors could further limit file allocation. So far there is no evidence of FROST being used in the wild, and the researchers demonstrated the attack on an M2 Mac, with comparable results expected on Linux. Read more: https://www.wired.com/story/websites-can-now-spy-on-you-through-your-hard-drive/ #FROST #OPFS #Neuralnetwork #SSD #security_cyberattacksandhacks

Feed: All Latest | Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording by Andy Greenberg, Maddy Varner, Dell Cameron, Andrew Couts AI generated summary, Read the full article for complete information. The weekly security roundup highlights a range of recent threats and incidents: researchers warn that stolen iPhones fuel phishing attacks by exposing contacts’ numbers, while Foxconn reports a ransomware‑linked breach that allegedly exfiltrated 8 TB of data. The U.S. and Canada will test 5G‑connected drones for real‑time battlefield intelligence, and Iran’s Revolutionary Guard continues to block the Strait of Hormuz with a “mosquito fleet” of small boats. Two brothers, recently dismissed from a federal contractor, were caught after their revenge‑themed sabotage of 96 government databases was recorded on an open Microsoft Teams meeting. Instructure reached a deal with the ShinyHunters ransomware gang after the Canvas platform was compromised, and German authorities arrested the alleged former administrator of the Dream dark‑web market. OpenAI disclosed that two employees were affected by a supply‑chain hijack of the TanStack open‑source library, prompting a mandatory macOS app update. Finally, data‑broker Findem admitted it had hidden its opt‑out page from search results for three years before finally removing the obstructive code. Read more: https://www.wired.com/story/security-news-this-week-cybercriminal-twins-caught-after-they-forgot-to-turn-off-microsoft-teams-recording/ #MuneebAkhter #SohaibAkhter #Foxconn #RevolutionaryGuard #security_cyberattacksandhacks #OweMartinAndresen

Feed: All Latest | Foxconn Ransomware Attack Shows Nothing Is Safe Forever by Lily Hay Newman AI generated summary, Read the full article for complete information. Foxconn, the electronics manufacturer best known for building Apple iPhones, recently suffered a ransomware attack by the Nitrogen group, which claims to have stolen 8 TB of data—including schematics and project details for customers such as Dell, Google, Apple, and Nvidia. While Foxconn confirmed that some North American factories experienced a cyber‑attack and are now resuming normal production, it has not verified the attackers’ claims. The breach underscores the growing trend of ransomware groups targeting supply‑chain giants that store both their own and their clients’ intellectual property. Nitrogen, linked to the ALPHV/BlackCat family, listed Foxconn on its breach site; its ransomware is based on “Conti 2” code and suffers a design flaw that prevents decryption even if the attackers wish to restore systems. Foxconn has faced multiple extortion attempts in the past, including high‑profile incidents in 2020, 2022, and 2024, highlighting the persistent risk of large‑scale data theft and disruption across the tech industry. Read more: https://www.wired.com/story/foxconn-ransomware-attack-shows-nothing-is-safe-forever/ #Foxconn #Nitrogen #Apple #LockBit #security_cyberattacksandhacks #AllanLiska

Feed: All Latest | Disneyland Now Uses Face Recognition on Visitors by Lily Hay Newman, Andy Greenberg, Andrew Couts AI generated summary, Read the full article for complete information. This week’s security roundup highlights a mix of privacy‑invasion developments and law‑enforcement actions: Disney announced optional facial‑recognition lanes at its California parks, promising to delete the numeric facial hashes after 30 days, while the FIDO Alliance, Google and Mastercard began drafting AI‑agent‑transaction guardrails and OpenAI rolled out an “advanced” risk‑mode for high‑threat ChatGPT/Codex accounts. The NSA, despite a pending Department‑of‑Defense ban on Anthropic, received early access to Anthropic’s Mythos AI‑bug‑hunting tool and is using it to scour Microsoft software for exploitable flaws. In criminal news, a 19‑year‑old alleged member of the Scattered Spider ransomware gang was arrested in Finland, and a gunman who tried to crash the White House Correspondents’ Dinner was jailed on federal assassination and firearms charges. A publicly exposed Medicare provider directory inadvertently leaked U.S. health‑care workers’ Social Security numbers, and new research revealed a massive spyware leak of 90,000 celebrity screenshots, underscoring the growing risks of commercial surveillance tools. Read more: https://www.wired.com/story/security-news-this-week-disneyland-now-uses-face-recognition-on-visitors/ #Disneyland #FIDOAlliance #ScatteredSpider #security_cyberattacksandhacks #security_privacy #PeterStokes