Bluetooth flaws could let hackers spy through your microphone
Vulnerabilities affecting a Bluetooth chipset present in more than two dozen audio devices from ten vendors can be exploited for eavesdropping or stealing sensitive information. Researchers confirmed that 29 devices from Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs, and Teufel are affected. The list of impacted products includes speakers, earbuds, headphones, and wireless microphones. The security problems could be leveraged to take over a vulnerable product and on some phones, an attacker within connection range may be able to extract call history and contacts.
Using AI to identify cybercrime masterminds
Online criminal forums, both on the public internet and on the “dark web” of Tor .onion sites, are a rich resource for threat intelligence researchers. The Sophos Counter Threat Unit (CTU) have a team of darkweb researchers collecting intelligence and interacting with darkweb forums, but combing through these posts is a time-consuming and resource-intensive task, and it’s always possible that things are missed. As we strive to make better use of AI and data analysis, Sophos AI researcher Francois Labreche, working with Estelle Ruellan of Flare and the Université de Montréal and Masarah Paquet-Clouston of the Université de Montréal, set out to see if they could approach the problem of identifying key actors on the dark web in a more automated way. Their work, originally presented at the 2024 APWG Symposium on Electronic Crime Research, has recently been published as a paper.
Cloudflare offers to make AI pay to crawl websites
Cloudflare will block AI crawlers from accessing new customers’ websites without permission starting July 1 and is testing a way to make AI pay for the data it gathers. Furthermore, website owners can now decide who crawls their sites, and for what purpose, and AI companies can reveal via Cloudflare whether the data they gather will be used for training, inference, or search, to help owners decide whether to allow the crawl. The company began enabling its customers to choose to block AI crawlers in July 2024. Since then, it said, over one million customers have opted in.
ICC mitigating impact of cyberattack
The International Criminal Court has confirmed containing and continuously mitigating a “sophisticated” cyber intrusion coinciding with a summit of 32 NATO leaders regarding cyber defense measures last week, The Associated Press reports. “All necessary measures have been taken to ensure the business continuity,” said ICC spokesperson Fadi El Abdallah. Additional details regarding the potential intent of the attack, as well as the incident’s impact on the court’s confidential data have not been provided but the ICC has previously been targeted by espionage activities, with a Russian spy’s usage of a fake identity to become an intern amid the court’s probe on Russian war crimes against Ukraine being thwarted three years ago.
New York cyber legislation signed into law
New York Gov. Kathy Hochul has approved new state cybersecurity legislation aimed at advancing a “whole of government approach” to bolstering cybersecurity amid increasingly prevalent threats against state and local governments across the U.S., according to StateScoop. Aside from requiring yearly cybersecurity awareness training for state, city, county, or district government employees beginning next year, the new law also mandates all state government offices to provide cyber incident and ransomware payment notifications to the state’s Homeland Security office within 72 hours and 24 hours, respectively. Updated data protection standards for state information systems will also be created under the law, which also compels routine technology system inventories. “Cyber threat actors will continue to change their tactics in an attempt to find even the slightest vulnerability, but as a State we will continue to adapt, evolve, educate and strengthen our overall defenses to aggressively and proactively meet this challenge,” said New York CIO Dru Rai.
