Meanwhile, U.S. Immigration and Customs Enforcement is planning to enter into a comprehensive cybersecurity contract that will include expanded employee monitoring and surveillance. The move comes as the US government is increasing its investigation into the leaks and condemning internal dissent.
Chinese-language artificial intelligence app Haotian can be used to create “almost perfect” face swaps during live video chat, and is a favorite tool of Southeast Asian scammers. A WIRED investigation, along with independent research, indicated that the company actively marketed its tool to scammers through Telegram. Haotian’s main Telegram channel disappeared after WIRED contacted Telegram for comment.
Fraudsters in China are using AI-generated images of allegedly defective products and services, from dead crabs to shredded sheets, to convince e-commerce sites to give refunds.
There is so much more. Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on titles to read full stories. And stay safe there.
The hacker group known as com has been making waves on the internet for years, breaking into hundreds of companies for nihilistic fun and profit. Now they have affected a particularly large and sensitive repository of highly personal data: user records for Pornhub, the world’s largest porn site.
ShinyHunters, a subgroup within Pornhub, appears to have stolen over 200 million records for Pornhub Premium users, a total of 94 gigabytes of data detailing the history of users on the site linked to their account information, including their email addresses. According to a public statement from Pornhub, the data appears to be taken from Mixpanel, a data analytics firm that used the porn site until 2021, suggesting that the data breached may be four years old or older. BreachingComputer, the media outlet that reported news of the breach, reports that Pornhub received extortion emails from the hackers last week. There’s no doubt that the site’s many users are hoping that Pornhub will pay up – and that ShinyHunters will keep their personal browsing private.
Venezuela’s state oil company, Petroleos de Venezuela (PDVSA), says a cyberattack disrupted its administrative systems shortly after US forces seized a tanker carrying about 2 million barrels of Venezuelan crude. In a public statement, PDVSA said the operation was ongoing, but accused the US of orchestrating the incursion as part of a broader campaign against the country’s energy sector. Reuters reports suggest the attack may have been more damaging than PDVSA acknowledged, temporarily halting oil cargo deliveries and taking internal systems completely offline.
The episode followed Washington’s unusual escalation of the ongoing standoff with Caracas, which has been marked by dueling claims over sovereignty and security, and by targeted maritime strikes and seizures of ships that US officials have linked to criminal networks operating under the protection of Venezuelan President Nicolas Maduro – an allegation for which the Trump administration has offered no public evidence.
Network “edge” devices such as routers, VPNs, and firewalls have become a prime target for intrusive hackers looking to break into their targets. So the news of an unpatched, serious security vulnerability in a range of Cisco products represents a feeding frenzy – and network intruders have quietly enjoyed it for weeks. Cisco’s Talos research team this week disclosed a zero-day vulnerability in Cisco’s Secure Email Gateway and Secure Email and Web Manager products that use its AsyncOS software, noting that it had been exploited since late November by hackers who appear to be a Chinese state-sponsored group. What’s worse, Cisco still doesn’t have a patch ready to fix the vulnerability.
However, a Cisco advisory notes that the vulnerability lies in the device’s “Spam Quarantine” feature, which is not exposed to the Internet by default and can be taken offline as a mitigation measure until a patch is available. “We strongly urge customers to assess any exposure and follow the guidance provided in the advisory to mitigate risk,” a statement from Cisco said. “Cisco is actively investigating the issue and developing a permanent solution.”
Many cybersecurity professionals may think it is more profitable to side with the dark side. But two people who work at cybersecurity companies Signia Consulting and Digitalmint decided to actually try it. After launching their own ransomware campaign, which went as far as extorting a million dollars from a Florida medical device company, they have now pleaded guilty to hacking charges. Ryan Clifford Goldberg worked for Israeli firm Sygnia as an incident responder, while Kevin Tyler Martin worked as a ransomware negotiator for American cybersecurity company DigitalMint, while also allegedly working as an associate of the notorious ALPHV ransomware gang. A third alleged co-conspirator is mentioned in court filings, but was not charged in the case.
<a href