The Start of Google Chrome’s uBlock Origin Purge: What You Need to Know

This week, the US Department of Justice made a groundbreaking move by charging a hacker with attempts to induce harm and death via distributed denial-of-service (DDoS) attacks targeting hospitals. Ahmed Omer and his sibling Alaa are alleged to have engaged in a series of cyberattacks, impacting hundreds of entities under the banner of hacktivist group Anonymous Sudan. Prosecutors noted that the impacted DDoS entities included services like Microsoft’s Azure cloud and OpenAI’s ChatGPT, along with Israel’s missile alert system. However, it was the purported assaults on hospitals that elicited the most severe allegations from the Justice Department, specifically highlighting Ahmed for allegedly aiming to cause fatalities through these disruptive cyberattacks which incapacitate systems, rendering them inoperable.

If you were told there exists a tool capable of crafting a “cyber profile” of individuals using solely open source intelligence, allowing for real-time phone tracking or placing someone at a crime scene at any given time in the past, would it pique your curiosity? A Canadian company, Global Intelligence, asserts that it has developed such a tool named Cybercheck, which has been marketed to law enforcement agencies across the United States. Reports generated by Cybercheck have played a role in the convictions of at least two murder cases. However, a WIRED investigation revealed that Cybercheck’s reports have contained information that is either untrue or unverifiable. Additionally, experts in open source intelligence have voiced concerns that certain data Cybercheck claims to provide—like a device’s pings to a specific wireless network—would be unattainable from publicly accessible information.

The issue of nonconsensual deepfake imagery continues to escalate, particularly on platforms like Telegram, where millions have utilized “nudify” bots to strip clothing from images—mainly targeting women and girls. A WIRED investigation uncovered 50 bots and 25 channels associated with the generation of these harmful AI-produced explicit images. Following WIRED’s inquiry, Telegram acted to remove all 75 channels and bots; however, many of them are likely to reemerge.

In a notable advancement for online security, the transition away from passwords received a significant push this week. The FIDO Alliance, a coalition of tech professionals, unveiled new initiatives aimed at accelerating the use of passkeys, which are cryptographically generated codes set to replace less secure passwords. These initiatives encompass a new Credential Exchange Protocol designed to facilitate the transfer of passkeys across various platforms and devices, as well as Passkey Central, a support tool for IT departments in companies to streamline the adoption of passkeys.

A team of researchers announced recently that they have developed an algorithm capable of generating a harmful prompt that can instruct an AI chatbot to recognize personal information provided by a user and transmit it secretly to an attacker.

In an intriguing twist, we revisited a concept from the past to evaluate how accurately the US Army’s “soldier of tomorrow,” introduced 65 years ago this week, anticipated advancements in US military technology.

But that’s not all. Each week, we compile the security and privacy news that we didn’t delve into extensively. Click the headlines for the complete stories. Stay safe out there!

If you use uBlock Origin’s Chrome extension to block online advertisements, prepare for some minor frustration in the coming weeks. Google has started rolling out new standards for Chrome extensions, known as Manifest V3, which will deactivate the legacy version of the uBlock Origin extension that most users likely have installed. While you might feel that “Google, being a major player in online advertising, is obviously going to make me see more ads!” there is a silver lining. A new iteration of the ad-blocking extension, uBlock Origin Lite, has now been released, which complies with the Manifest V3 standards. However, it won’t filter as effectively as the former version. Still, a Google representative mentioned to The Verge that there are other options available: “The top content filtering extensions all have Manifest V3 versions available — with options for users of AdBlock, Adblock Plus, uBlock Origin, and AdGuard.” Regardless, you’ll need to update your extension soon.

Authorities in the United States have brought charges against a 25-year-old man from Alabama, Eric Council Jr., who is alleged to have hacked the Security and Exchange Commission’s X account. Prosecutors assert that he procured personal details and created a fake ID for an individual who oversaw the @SECGov account, with the assistance of unidentified accomplices. It is claimed that Council used this fake identification to execute a SIM-swapping attack, successfully misleading AT&T store employees into issuing him a new SIM card, which he then utilized to gain control over the victim’s phone account. The accomplices accessed the SEC’s X account and posted a fabricated announcement regarding Bitcoin’s regulatory conditions, leading to a spike in Bitcoin’s price by $1,000. Council faces charges for conspiracy to commit aggravated identity theft and access device fraud.

A representative for the grocery chain Kroger confirmed this week that the company has never broadly implemented facial-recognition technology in its stores and has no intention of doing so in the near future. Kroger has been under scrutiny for its electronic shelf labels, with concerns surfacing that these could facilitate surge pricing on high-demand products and may be used alongside facial recognition. In 2019, the company conducted a pilot program at one location using a technology called EDGE but did not proceed with its rollout. Lawmakers such as Rashida Tlaib, Elizabeth Warren, and Robert Casey have expressed their concerns over Kroger’s practice with ESLs.

Microsoft informed its customers that it neglected to capture security logs from specific cloud services for over two weeks in September, affecting products like Microsoft Entra, Sentinel, Defender for Cloud, and Purview. This incident was initially reported by Business Insider. In its notification, the company explained that a bug in an internal monitoring system resulted in a failure of some agents to upload log data to their internal logging platform. The timeframe of the missing logs spans from September 2 to September 19. A Microsoft executive confirmed to TechCrunch that the issue stemmed from an “operational bug within our internal monitoring agent.”

Activity logs are vital for various operations, particularly for security monitoring and investigations, as they can reveal breaches and malicious behaviors. Following the breach of US government networks by Russian hackers via SolarWinds software in 2020, many agencies were unable to detect this activity within their Microsoft Azure cloud services because they had not subscribed to Microsoft’s premium features, which included essential network activity logs. Lawmakers expressed outrage over the associated up-charge, while the Biden administration advocated for over two years for Microsoft to offer the logging services at no additional cost. Ultimately, the company announced this change in July 2023.

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Article

Elden Ring: Books of Knowledge Volume 3 Releases on Halloween - Grab Your Discounted Preorder on Amazon!

Next Article

Unlock Huge Savings on Xbox Game Pass Ultimate Before the Launch of Call of Duty: Black Ops 6!

Related Posts