Paris Olympics app a ‘prime target for cybercriminals’
Analysts predict that there could be as many as four billion cyber attacks at this year’s Games. The official Paris Olympics 2024 app is particularly vulnerable. “This app handles vast amounts of personal and transactional data, making it a prime target for cybercriminals,” said Sakthi Mohan, cloud security lead at California-based Synopsys Software Integrity Group. The Paris Olympics app has already been downloaded over 10 million times on Google Play. It allows users to access a map of the Games, the schedule, live updates, replays, and more. The app also gathers your personal information, including name, address, email, photos, and videos.
Microsoft calls for Windows changes and resilience after CrowdStrike outage
Microsoft is still helping CrowdStrike clean up the mess that kicked off a week ago when 8.5 million PCs went offline due to a buggy CrowdStrike update. Now, the software giant is calling for changes to Windows, and has dropped some subtle hints that it’s prioritizing making Windows more resilient and willing to push security vendors like CrowdStrike to stop accessing the Windows kernel. While CrowdStrike has blamed a bug in its testing software for its botched update, its software runs at the kernel level — the core part of an operating system that has unrestricted access to system memory and hardware — so if something goes wrong with CrowdStrike’s app then it can take down Windows machines with a Blue Screen of Death.
Senators: Your Driving Data May Have Been Sold For as Little as 26 Cents
The road to driver-privacy hell is paved—and paid for—in nickels, dimes and pennies, courtesy of driver data that car makers sell to data brokers without their customers’ consent, according to new findings from two Democratic lawmakers. Sens. Ron Wyden (D.-Ore.) and Edward J. Markey (D-Mass.) today asked the Federal Trade Commission to investigate how automakers collect and disseminate this information. Previously, the two lawmakers and their staffers investigated how manufacturers took data about how their customers drive and sold it to third parties who then marketed it to insurance agencies that used it to jack up rates for some customers. This time, they put prices on this information aftermarket as found in two automakers’ transactions with a data broker named Verisk.
Threat Actor Claims to Sell Data of Berkshire Hathaway Home Services
A threat actor has claimed to have breached the database of Berkshire Hathaway Home Services, a subsidiary of Berkshire Hathaway, owned by Warren Buffett. The actor warns that if Berkshire Hathaway does not respond to their demands within a specified timeframe, alternative actions will be taken. Berkshire Hathaway reported a revenue of $368 billion for the twelve months ending March 31, 2024.
Websites accuse AI startup Anthropic of bypassing their anti-scraping rules and protocol
Freelancer has accused Anthropic, the AI startup behind the Claude large language models, of ignoring its “do not crawl” robots.txt protocol to scrape its websites’ data. Meanwhile, iFixit CEO Kyle Wiens said Anthropic has ignored the website’s policy prohibiting the use of its content for AI model training. Matt Barrie, the chief executive of Freelancer, told The Information that Anthropic’s ClaudeBot is “the most aggressive scraper by far.” His website allegedly got 3.5 million visits from the company’s crawler within a span of four hours, which is “probably about five times the volume of the number two” AI crawler. Similarly, Wiens posted on X/Twitter that Anthropic’s bot hit iFixit’s servers a million times in 24 hours. “You’re not only taking our content without paying, you’re tying up our devops resources,” he wrote.
