CISA refutes claims it has been ordered to stop monitoring Russian cyber threats

It’s been a confusing few days in the world of American cybersecurity. At the end of last week, it was reported that US Cyber Command had been ordered by Defense Secretary Pete Hegseth to pause its offensive operations against Russia. The news was swiftly followed by reports that staff at the US Cybersecurity and Infrastructure Security Agency (CISA) had been given similar instructions to turn a blind eye to hacks directed against United States that might be linked to Russia. As we described yesterday, both CISA and US Cyber Command had reportedly been ordered by the Trump administration to stop following or reporting on Russian threats, despite them previously being their main focus.

Justice Department Charges 12 Chinese Contract Hackers and Law Enforcement Officers in Global Computer Intrusion Campaigns

The Justice Department, FBI, Naval Criminal Investigative Service, and Departments of State and the Treasury announced today their coordinated efforts to disrupt and deter the malicious cyber activities of 12 Chinese nationals, including two officers of the People’s Republic of China’s (PRC) Ministry of Public Security (MPS), employees of an ostensibly private PRC company, Anxun Information Technology Co. Ltd. (安洵信息技术有限公司) also known as “i-Soon,” and members of Advanced Persistent Threat 27 (APT27). These malicious cyber actors, acting as freelancers or as employees of i-Soon, conducted computer intrusions at the direction of the PRC’s MPS and Ministry of State Security (MSS) and on their own initiative. The MPS and MSS paid handsomely for stolen data. Victims include U.S.-based critics and dissidents of the PRC, a large religious organization in the United States, the foreign ministries of multiple governments in Asia, and U.S. federal and state government agencies, including the U.S. Department of the Treasury (Treasury) in late 2024.

Eerily realistic AI voice demo sparks amazement and discomfort online

In late 2013, the Spike Jonze film Her imagined a future where people would form emotional connections with AI voice assistants. Nearly 12 years later, that fictional premise has veered closer to reality with the release of a new conversational voice model from AI startup Sesame that has left many users both fascinated and unnerved. “I tried the demo, and it was genuinely startling how human it felt,” wrote one Hacker News user who tested the system. “I’m almost a bit worried I will start feeling emotionally attached to a voice assistant with this level of human-like sound.”In late February, Sesame released a demo for the company’s new Conversational Speech Model (CSM) that appears to cross over what many consider the “uncanny valley” of AI-generated speech, with some testers reporting emotional connections to the male or female voice assistant (“Miles” and “Maya”).

How Google tracks Android device users before they’ve even opened an app

Research from a leading academic shows Android users have advertising cookies and other gizmos working to build profiles on them even before they open their first app. Doug Leith, professor and chair of computer systems at Trinity College Dublin, who carried out the research, claims in his write up that no consent is sought for the various identifiers and there is no way of opting out from having them run.He found various mechanisms operating on the Android system which were then relaying the data back to Google via pre-installed apps such as Google Play Services and the Google Play store, all without users ever opening a Google app. One of these is the “DSID” cookie, which Google explains in its documentation is used to identify a “signed in user on non-Google websites so that the user’s preference for personalized advertising is respected accordingly.” The “DSID” cookie lasts for two weeks.

Ransomware thugs threaten Tata Technologies with leak if demands not met

A subsidiary of Indian multinational Tata has allegedly fallen victim to the notorious ransomware gang Hunters International. The extortionists claim to have pilfered 730,160 files totaling 1.4 TB from the tech giant’s Tata Technologies. The gang is threatening to release the information next Monday unless a ransom is paid, though it hasn’t publicly specified an amount nor shared any teaser documents to support its claims. Tata Technologies is a product engineering subsidiary of the industry behemoth Tata Motors, which owns Jaguar Land Rover and Daewoo. The company had no comment at time of going to press regarding whether it had been contacted by the crooks nor therefore any comment on the demanded ransom.

Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying

At EFF we spend a lot of time thinking about Street Level Surveillance technologies—the technologies used by police and other authorities to spy on you while you are going about your everyday life—such as automated license plate readers, facial recognition, surveillance camera networks, and cell-site simulators (CSS). Rayhunter is a new open source tool we’ve created that runs off an affordable mobile hotspot that we hope empowers everyone, regardless of technical skill, to help search out CSS around the world.  CSS (also known as Stingrays or IMSI catchers) are devices that masquerade as legitimate cell-phone towers, tricking phones within a certain radius into connecting to the device rather than a tower. 

Qilin ransomware gang boasts of cyberattacks on cancer clinic, Ob-Gyn facility

Qilin – the “no regrets” ransomware crew wreaking havoc on the global healthcare industry – just claimed responsibility for fresh attacks on a cancer treatment clinic in Japan and a women’s healthcare facility in the US. Qilin is the same group responsible for multiple attacks on healthcare orgs across the globe including one that locked up pathology labs across NHS facilities in the UK for weeks, and its spokesperson once famously told The Reg in an interview that it had no regrets, even after seeing the extensive disruption it caused to people’s healthcare.