Medibank is one of the largest Australian private health insurance providers with approximately 3.9 million customers. The health insurer believes the attackers have not accessed credit card and banking details, and primary identity documents, such as drivers’ licenses, because it doesn’t collect them except in exceptional circumstances. The company discovered the ransomware attack on October 12 it also announced that no ransom payment will be made to the threat actors for the data theft. The attackers had access to data belonging to around 5.1 million Medibank customers, around 2.8 million ahm customers, and around 1.8 million international customers.
For all of Apple’s talk about how private your iPhone is, the company vacuums up a lot of data about you. iPhones do have a privacy setting that is supposed to turn off that tracking. According to a new report by independent researchers, though, Apple collects extremely detailed information on you with its own apps even when you turn off tracking, an apparent direct contradiction of Apple’s own description of how the privacy protection works. The iPhone Analytics setting makes an explicit promise. Turn it off, and Apple says that it will “disable the sharing of Device Analytics altogether.” However, Tommy Mysk and Talal Haj Bakry, two app developers and security researchers at the software company Mysk, took a look at the data collected by a number of Apple iPhone apps—the App Store, Apple Music, Apple TV, Books, and Stocks. They found the analytics control and other privacy settings had no obvious effect on Apple’s data collection—the tracking remained the same whether iPhone Analytics was switched on or off.
Microsoft, its subsidiary GitHub, and its business partner OpenAI have been targeted in a proposed class action lawsuit alleging that the companies’ creation of AI-powered coding assistant GitHub Copilot relies on “software piracy on an unprecedented scale.” The case is only in its earliest stages but could have a huge effect on the broader world of AI, where companies are making fortunes training software on copyright-protected data. Copilot, which was unveiled by Microsoft-owned GitHub in June 2021, is trained on public repositories of code scraped from the web, many of which are published with licenses that require anyone reusing the code to credit its creators. Copilot has been found to regurgitate long sections of licensed code without providing credit — prompting this lawsuit that accuses the companies of violating copyright law on a massive scale.
A new web3 technology is being abused widely by threat actors, according to security researchers from tech giant Cisco. The InterPlanetary File System (IPFS) is a protocol and peer-to-peer network for storing and sharing data. It is designed to enable decentralized storage of resources on the internet. It was built to be resilient against content censorship, meaning that it is not possible to effectively remove content from within the IPFS network once it’s stored there. But Cisco Talos researchers said they are seeing “widespread abuse” and have observed “multiple ongoing campaigns that leverage the IPFS network to host their malware payloads and phishing kit infrastructure while facilitating other attacks.”