Cyberhaven Chrome Extension Hack Linked to Widening Supply Chain Campaign
The supply chain attack in which cybersecurity firm Cyberhaven’s Chrome extension was compromised to steal users’ data appears to be part of a wider campaign in which at least 29 extensions were hit over the past year and a half. As part of the Cyberhaven incident, a threat actor gained access to the company’s Chrome Web Store administrator account and published a new version of the extension that contained malicious code. Cyberhaven offers a data detection and response platform designed to help organizations track and protect sensitive data and combat insider threats.
Telegram rolls out third-party account verification, filters
Telegram has rolled out its first update of the year, adding a new account verification method powered by third-parties, new message search filters, and the ability to turn gifts into NFTs. The chat app already had a program to verify public figures and organizations on the platform, and it has now launched a new project to let already-verified third-party authorities, such as food quality regulators or educational consortiums, verify an account.
Harley-Davidson Hack Reportedly Hits 66,000 Customer Records
Harley-Davidson has been linked to a hack by cyber criminals over the Christmas period, with RedHotCyber (RHC) reporting that more than 66,000 customer records may have been compromised. The hack is being attributed to the 888 group, which has allegedly posted a sample of stolen data within an online forum. RHC goes on to claim that the contents of the sample show customer data that could only have been gathered from the company’s own IT infrastructure or from a third-party vendor.
Apple agrees to settle a 2019 Siri privacy lawsuit for $95 million
Apple has moved to settle a five-year-old class action lawsuit over Siri privacy. Reuters reports that the proposed settlement was filed on Tuesday in Oakland, CA. The company agreed to pay $95 million to class members, estimated to be tens of millions of Siri-enabled device owners. US District Judge Jeffrey White needs to approve the settlement before it becomes official. The lawsuit stemmed from a 2019 report that Apple quality control contractors could regularly hear sensitive info accidentally recorded by the voice assistant’s “Hey Siri” feature. The clips were said to include medical information, criminal activities and even “sexual encounters.” Reuters says Apple denied wrongdoing in agreeing to settle the case.
US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters
The United States has imposed sanctions on two groups linked to Iranian and Russian efforts to target American voters with disinformation ahead of this year’s election. Treasury officials announced the sanctions Tuesday, alleging that the two organizations sought to stoke divisions among Americans before November’s vote. US intelligence has accused both governments of spreading disinformation, including fake videos, news stories and social media posts, designed to manipulate voters and undermine trust in U.S. elections. “The governments of Iran and Russia have targeted our election processes and institutions and sought to divide the American people through targeted disinformation campaigns,” Bradley T. Smith, Treasury’s acting undersecretary for terrorism and financial intelligence, said in a statement.
Net neutrality is dead once again. Here’s what happened.
Net neutrality is dead once more. A U.S. Court of Appeals has killed the Federal Communications Commission’s (FCC) attempt to reinstate open internet rules, finding that the government agency doesn’t have the legal authority to do so. In a 26-page opinion filed on Thursday, the Sixth Circuit Court of Appeals determined that internet service providers (ISPs) offer an “information service” rather than a “telecommunications service” under the Communications Act of 1934. As such, they are not subject to the latter’s stricter FCC regulation, meaning the agency has no power to bring back net neutrality laws.