Home/Topics/Privacy
πŸ”Topic

Privacy

8 articles curated by AI agents. Last updated Just now.

Privacy concerns are escalating with the confirmation of a significant data breach at Accenture and the emergence of new threats like the RedWing MaaS Android bank fraud operation. Simultaneously, technology companies are responding with privacy-focused innovations, such as Solos' camera-free AI glasses and Microsoft's device tracking capabilities.

Privacy: Questions & Answers

Answers synthesised from 5 recent sources Β· updated 16h ago

What happened in the Accenture data breach?

IT services firm Accenture confirmed a security breach on November 3, 2021, after a threat actor claimed to have stolen 35 gigabytes of source code and other data. The hacker began offering the stolen data for sale.

How are AI glasses addressing privacy concerns?

Solos unveiled its AirGo A6 smart glasses on May 15, 2024, featuring a camera-free design to address privacy concerns. They also launched a Privacy Kit for their existing AirGo V2 smart glasses.

How can Microsoft track Windows devices?

Microsoft's Windows Global Device Identifier (WGDI) was used to track a hacker attempting to hide their activities with a VPN. The WGDI is a unique identifier assigned to Windows devices that logs user actions.

What is the RedWing MaaS operation?

RedWing MaaS is a new Android malware operation offered as a rental service on Telegram, functioning as a ready-made bank fraud tool. It allows users to compromise phones, steal banking credentials, and intercept SMS messages.

What vulnerability was found in Google Dialogflow CX?

A critical vulnerability in Google's Dialogflow CX platform, disclosed on May 15, 2024, could have allowed attackers to hijack chatbots and compromise other agents within the same Google Cloud project. Security firm Varonis disclosed the flaw.

BleepingComputer2h ago4 min read
3 Ways AI Powers Service Desk Attacks and How to Prevent Them

Specops Software has detailed how artificial intelligence is significantly enhancing the effectiveness of service desk impersonation attacks. These AI-powered attacks are becoming more convincing, personalized, and scalable, posing a greater threat to organizations. The technology allows attackers to craft more sophisticated social engineering tactics, making it harder for employees to distinguish between legitimate requests and malicious attempts. AI's role in these attacks primarily involves generating highly realistic phishing emails and messages that mimic internal communications. These can be tailored to individual employees based on publicly available information or data breaches, increasing the likelihood of success. Furthermore, AI can be used to create deepfake audio or video, enabling attackers to impersonate IT support staff or other authority figures with greater authenticity during phone calls or video conferences. This level of personalization and realism makes traditional security measures less effective. To combat these evolving threats, Specops Software recommends several preventative measures. Strengthening employee onboarding processes is crucial, ensuring that new hires are thoroughly vetted and educated on security protocols from the outset. Robust identity verification procedures are also paramount. This includes implementing multi-factor authentication (MFA) for all access points, especially for sensitive systems and data. Organizations should also consider using advanced identity management solutions that can detect anomalous login attempts or unusual access patterns. Beyond technical controls, continuous security awareness training for all employees is vital. Training should focus on recognizing the signs of AI-driven impersonation, such as unusual requests, grammatical errors in official communications, or unexpected changes in communication style. Regular phishing simulations can help employees practice identifying and reporting suspicious activities in a safe environment. By combining advanced technological defenses with comprehensive employee education, organizations can build a more resilient defense against AI-powered service desk attacks.

The Hacker News3h ago3 min read
New Ghost Phishing Wave Is Breaking Traditional Email Security

A recent Evil Tokens campaign, identified as "ghost phishing," is exploiting a new vulnerability in email security protocols, targeting businesses across the United States and Europe. This sophisticated attack method circumvents traditional security measures by keeping the malicious content hidden until it is decrypted and activated directly within the victim's web browser. The technique poses a significant risk to organizations, as standard URL scanning and analysis may fail to detect the threat before it fully materializes. The "ghost phishing" attacks leverage a multi-stage process where initial emails appear benign, containing only a small, encrypted payload. Once the victim interacts with the email, for instance, by clicking a seemingly harmless link or opening an attachment, the payload is downloaded. Subsequently, JavaScript code embedded within the content triggers the decryption process. This decryption reveals the phishing page, which then prompts the user for sensitive information, such as login credentials for platforms like Microsoft 365. The delay between the initial interaction and the appearance of the malicious page is key to its evasiveness. Security researchers have noted that this method bypasses many existing security controls that rely on analyzing static URLs or known malicious domains. By delaying the rendering of the phishing page until runtime within the browser, the attack effectively hides its true nature from automated security scanners. This allows attackers to gain access to Microsoft 365 accounts, potentially leading to the exfiltration of sensitive corporate data and significant disruption to business operations. The speed of response is critical once such an attack is detected, as the damage can escalate rapidly. The Evil Tokens campaign highlights an evolving threat landscape where attackers are continuously developing novel techniques to evade detection. Traditional security solutions, which often focus on perimeter defenses and known threat signatures, are proving insufficient against these more dynamic and evasive methods. Organizations are advised to enhance their security postures with advanced threat detection capabilities that can analyze behavior within the browser and detect suspicious decryption or redirection activities, even when the initial payload is innocuous.

The Hacker News4h ago2 min read
SCMBANKER Malware Uses ClickFix Lures to Target Mexican Banking Users

SCMBANKER malware is actively targeting customers of Mexican banks, fintech companies, payment processors, and cryptocurrency exchanges, according to Elastic Security Labs. The threat actor group, tracked as REF6045, employs a sophisticated social engineering tactic using "ClickFix" lures to infect victims. These lures manifest as fake CAPTCHA verification pages, designed to trick users into believing they are completing a legitimate security check. Upon interacting with these deceptive pages, victims are prompted to execute a malicious command. This command, when run, installs a PowerShell toolkit on the compromised system. This toolkit is the initial stage of the SCMBANKER malware infection, enabling further malicious activities. Elastic Security Labs has observed this campaign as a significant and ongoing threat to the Mexican financial sector, highlighting the evolving methods used by cybercriminals to exploit user trust and gain unauthorized access. The primary objective of the SCMBANKER malware appears to be financial gain, through the theft of banking credentials and other sensitive financial information. The use of fake CAPTCHA pages is particularly insidious, as it leverages a common and often unquestioned element of online security to bypass user vigilance. The PowerShell toolkit deployed by the malware likely facilitates credential harvesting, keylogging, and potentially the exfiltration of data from infected devices. The campaign's focus on multiple types of financial entities suggests a broad attack strategy aimed at maximizing potential victim pools. Elastic Security Labs' detailed tracking of this activity cluster, under the identifier REF6045, underscores the persistent and adaptive nature of cyber threats. The group's reliance on ClickFix lures and PowerShell-based tools indicates a methodical approach to malware deployment and execution. The ongoing nature of this campaign necessitates increased vigilance from financial institutions and their customers in Mexico to identify and mitigate these phishing and malware-based attacks. Further analysis by security researchers is expected to reveal more about the full capabilities and objectives of the SCMBANKER malware.

Krebs on Security4h ago3 min read
Felons, Fraudsters Flog Offensive Cybersecurity Startup

A cybersecurity startup named IRIS C2, which has been actively seeking zero-day security vulnerabilities in popular software with offers of up to $7 million, is allegedly run by individuals with criminal convictions and far-right conspiracy beliefs. The X/Twitter account IRIS C2 (@C2IRIS), created in January 2025, has amassed over 4,000 followers by frequently posting about security vulnerabilities, artificial intelligence, and software exploits. IRIS C2 claims to be a company based in McLean, Virginia, specializing in offensive cybersecurity capabilities. The IRIS C2 website actively solicits talent by advertising potential payouts of millions of dollars for exploits. A pinned post on the company's X account states its business model involves attracting top vulnerability researchers and exploit developers, particularly junior engineers with high intelligence, regardless of formal education or industry experience. The company's website, irisc2[.]com, lists numerous open positions, and a recent LinkedIn post indicated a high volume of applications. The company's stated mission involves acquiring "zero-day exploits, individual primitives, partial chains, and full capabilities across all major platforms," with payouts ranging from $10,000 to $7 million based on the exploit's target, reliability, and operational value. According to the government contracting portal g2exchange.com, the domain irisc2[.]com is operated by a Virginia-based entity named Calvexa Group LLC. The contact link on the Calvexa Group website, calvexagroup[.]com, redirects to irisc2[.]com. While G2Exchange indicates that Calvexa Group LLC is registered as a federal contractor, it does not appear to have any active direct government contracts. The individuals behind IRIS C2 and Calvexa Group LLC have a history of operating ventures under assumed names, including fake intelligence companies and a defunct AI-based lobbying platform. This background raises significant concerns regarding the legitimacy and intentions of the cybersecurity firm.

Digital Trends4h ago2 min read
Your free mobile VPN is a privacy disaster. Go figure

Researchers tested 281 free Android VPN applications and discovered significant privacy vulnerabilities, including unencrypted data transmissions and traffic leaks. These findings contradict the core purpose of VPNs, which is to secure and anonymize user internet activity. The study, conducted by an unnamed research team, identified widespread tracking mechanisms embedded within these supposedly privacy-protecting tools. Many of the tested VPNs failed to properly encrypt user data, leaving sensitive information exposed to potential interception. Furthermore, traffic leaks were observed, meaning that a user's real IP address and browsing activity could still be revealed despite the VPN being active. This defeats the primary function of using a VPN for enhanced privacy and security. The research also highlighted the pervasive nature of tracking within these free applications. Companies behind these VPNs are collecting user data, likely for advertising or other commercial purposes, which is a direct violation of user trust. The study did not name specific VPN applications or the research institution involved, but it serves as a stark warning to users relying on free VPN services for their online security. Users seeking genuine privacy protection are advised to exercise extreme caution when selecting free VPN services. The study implies that many free options prioritize data collection over user security, making them a potential risk rather than a safeguard. Independent reviews and reputable paid VPN services are generally recommended for those who prioritize robust privacy and security measures.

BleepingComputer4h ago2 min read
DuckDuckGo browser now blocks YouTube video ads

DuckDuckGo announced this week that its privacy-focused browser now features the capability to block most video advertisements on YouTube. This new functionality extends to both pre-roll ads that play before a video begins and mid-roll ads that appear during video playback. The company stated that this feature aims to enhance the user experience by providing a more uninterrupted viewing of content on the popular video platform. The implementation of this ad-blocking feature is integrated directly into the DuckDuckGo browser, meaning users do not need to install separate extensions or tools to benefit from it. This move aligns with DuckDuckGo's broader mission to protect user privacy and reduce online tracking, as advertisements are often a primary vehicle for data collection. By blocking these ads, the browser also limits the amount of data that can be gathered about a user's viewing habits on YouTube. While the company has not provided specific technical details on the exact methods used to achieve this ad-blocking, it is understood to leverage its existing privacy protections. DuckDuckGo has historically focused on preventing trackers and blocking third-party cookies, and this new feature appears to be an extension of those efforts into video content. The effectiveness of the blocking may vary depending on YouTube's evolving ad delivery mechanisms. This development offers YouTube users an alternative to traditional ad-blocking software, which can sometimes be flagged or blocked by platforms like YouTube. DuckDuckGo's integrated approach suggests a commitment to providing a cleaner, more private browsing experience across various websites, with a particular focus on popular content platforms. The company has not yet indicated if similar ad-blocking features will be extended to other video platforms.

The Hacker News5h ago2 min read
The Verification Step Is the New ATO Battleground in 2026

The landscape of account takeover (ATO) attacks is undergoing a significant transformation in 2026, moving away from traditional credential stuffing methods. For years, attackers relied on purchasing stolen credentials in bulk and using automated tools to find matches, a strategy that was cost-effective and scalable for them, while remaining a relatively understood threat for defenders. This established pattern is now being disrupted as the primary entry point for unauthorized access becomes more secure. The widespread adoption of passkeys is a key driver behind this shift. Passkeys offer a more robust and user-friendly alternative to passwords, significantly hardening the "front door" against brute-force attacks and credential stuffing. As passkeys become mainstream, attackers can no longer rely on the same methods to gain initial access to user accounts. This forces a strategic pivot in their operations, necessitating new approaches to bypass or compromise the verification mechanisms that now protect accounts. Consequently, the verification step itself is emerging as the new battleground for ATO. Instead of focusing on obtaining credentials, attackers are likely to concentrate on exploiting vulnerabilities or weaknesses within the passkey implementation or the associated authentication flows. This could involve social engineering tactics targeting users during the verification process, attempts to compromise the devices where passkeys are stored, or exploiting any remaining gaps in multi-factor authentication systems that might be used in conjunction with passkeys. The focus has moved from simply acquiring a key to finding ways to trick the lock or bypass the guard at the gate.

BleepingComputer5h ago2 min read
Telco giant KDDI says data breach affects over 12 million people

Japanese telecommunications company KDDI announced on June 17, 2024, that a significant data breach has affected over 12 million individuals. The breach occurred due to unauthorized access to an email platform utilized by five internet service providers (ISPs) in Japan. Attackers gained access to sensitive user information, including email addresses and passwords. KDDI stated that the compromised platform is not directly operated by KDDI itself but is used by several affiliated ISPs. The company is working with the affected ISPs to investigate the full scope of the incident and to implement necessary security measures. The breach was initially detected on June 5, 2024, and a thorough investigation has been ongoing since then. While the exact number of affected users is still being finalized, KDDI has provided an initial estimate of over 12 million individuals. The company has begun notifying affected customers and is providing guidance on how to protect themselves from potential misuse of their exposed information. This includes advice on changing passwords for both their email accounts and any other online services where the same credentials may have been used. This incident highlights ongoing cybersecurity risks within the telecommunications and internet service provider sectors. KDDI has committed to enhancing its security protocols and collaborating with its partners to prevent future occurrences. The company is also cooperating with relevant authorities to address the breach.