\n<\/p>\n
Because the Israel-Hamas war<\/a> continues, with Israeli troops shifting into the Gaza Strip and encircling Gaza Metropolis, one piece of expertise is having an outsized influence on how we see and perceive the struggle. Messaging app Telegram, which has a historical past of lax moderation, has been used by Hamas to share gruesome images and videos<\/a>. The data has then unfold to different social networks and thousands and thousands extra eyeballs. Sources inform WIRED that Telegram has been weaponized to spread horrific propaganda<\/a>.<\/p>\n Microsoft has had a tough few months with regards to the corporate\u2019s personal safety, with Chinese language-backed hackers stealing its cryptographic signing key<\/a>, continued points with Microsoft Exchange Servers<\/a>, and its prospects being impacted by failings. The corporate has now unveiled a plan to cope with the ever-growing vary of threats. It\u2019s the Secure Future Initiative<\/a>, which plans, amongst a number of components, to make use of AI-driven instruments, enhance its software program growth, and shorten its response time to vulnerabilities.<\/p>\n Additionally this week, we\u2019ve seemed on the privateness practices of Bluesky, Mastodon, and Meta\u2019s Threads as all the social media platforms jostle for house in a world the place X, previously generally known as Twitter, continues to implode. And things aren\u2019t exactly great<\/a> with this subsequent era of social media. With November arriving, we now have an in depth breakdown of the safety vulnerabilities and patches issued final month. Microsoft, Google, Apple, and enterprise corporations Cisco, VMWare, and Citrix all fixed major security flaws in October<\/a>.<\/p>\n And there is extra. Every week, we spherical up the safety and privateness information we didn\u2019t cowl in depth ourselves. Click on the headlines to learn the complete tales, and keep secure on the market.<\/p>\n The Flipper Zero<\/a> is a flexible hacking device designed for safety researchers. The pocket-size pen-testing gadget can intercept and replay all types of wi-fi alerts\u2014together with NFC, infrared, RFID, Bluetooth, and Wi-Fi. Meaning it is doable to learn microchips and examine alerts being admitted from gadgets. Barely extra nefariously, we’ve found it can easily clone building-entry cards<\/a> and skim bank card particulars via individuals’s garments.<\/p>\n Over the previous few weeks, the Flipper Zero, which prices round $170, has been gaining some traction for its ability to disrupt iPhones<\/a>, significantly by sending them into denial of service (DoS) loops. As Ars Technica reported<\/a> this week, the Flipper Zero, with some customized firmware, is ready to ship \u201ca continuing stream of messages\u201d asking iPhones to attach by way of Bluetooth gadgets corresponding to an Apple TV or AirPods. The barrage of notifications, which is distributed by a close-by Flipper Zero, can overwhelm an iPhone and make it nearly unusable.<\/p>\n \u201cMy cellphone was getting these pop-ups each couple of minutes, after which my cellphone would reboot,\u201d safety researcher Jeroen van der Ham informed Ars a couple of DoS assault he skilled whereas commuting within the Netherlands. He later replicated the assault in a lab setting, whereas other security researchers have also demonstrated<\/a> the spamming means in latest weeks. In van der Ham\u2019s assessments, the assault solely labored on gadgets working iOS 17\u2014and in the meanwhile, the one method to forestall the assault is by turning off Bluetooth.<\/p>\n In 2019, hackers linked to Russia\u2019s intelligence service broke into the community of software program agency SolarWinds, planting a backdoor and ultimately finding their way into thousands of systems<\/a>. This week, the US Securities and Trade Fee charged Tim Brown, the CISO of SolarWinds, and the corporate with fraud and \u201cinternal control failures<\/a>.\u201d The SEC alleges that Brown and the corporate overstated SolarWinds\u2019 cybersecurity practices whereas \u201cunderstating or failing to reveal identified dangers.\u201d The SEC claims that SolarWinds knew of \u201cparticular deficiencies\u201d within the firm\u2019s safety practices and made public claims that weren\u2019t mirrored in its personal inside assessments.<\/p>\n \u201cFairly than tackle these vulnerabilities, SolarWinds and Brown engaged in a marketing campaign to color a false image of the corporate\u2019s cyber controls setting, thereby depriving buyers of correct materials data,\u201d Gurbir S. Grewal, director of the SEC\u2019s Division of Enforcement said in a statement<\/a>. In response, Sudhakar Ramakrishna, the CEO of SolarWinds, said in a blog post<\/a> that the allegations are a part of a \u201cmisguided and improper enforcement motion.\u201d<\/p>\n For years, researchers have proven that face recognition programs, skilled on thousands and thousands of images of individuals, can misidentify girls and folks of colour at disproportionate charges. The programs have led to wrongful arrests<\/a>. A new investigation from Politico<\/a>, specializing in a 12 months\u2019s price of face recognition requests made by police in New Orleans, has discovered that the expertise was nearly completely used to attempt to establish Black individuals. The system additionally \u201cdidn’t establish suspects a majority of the time,\u201d the report says. Evaluation of 15 requests for using face recognition expertise discovered that solely considered one of them was for a white suspect, and in 9 circumstances the expertise didn’t discover a match. Three of the six matches have been additionally incorrect. \u201cThe information has just about confirmed that [anti-face-recognition] advocates have been largely appropriate,\u201d one metropolis councilor stated.<\/p>\n Id administration firm Okta has revealed extra particulars about an intrusion into its programs, which it first disclosed on October 20<\/a>. The corporate stated the attackers, who had accessed its buyer help system, accessed files belonging to 134 customers<\/a>. (In these situations, prospects are particular person corporations that subscribe to Okta\u2019s companies). \u201cA few of these recordsdata have been HAR recordsdata that contained session tokens which may in flip be used for session hijacking assaults,\u201d the corporate disclosed<\/a> in a weblog put up. These session tokens have been used to \u201chijack\u201d the Okta classes of 5 separate corporations. 1Password, BeyondTrust, and Cloudflare have all beforehand disclosed they detected suspicious exercise, however it isn’t clear who the 2 remaining corporations are.<\/p>\n<\/div>\n