Reported this online Public records for the week show that the Department of Homeland Security urged local law enforcement agencies across the country to explain common protests and surrounding logistics, including cycling, live police encounters or skateboarding – “violent tactics.” This guidance may affect police officers and use daily behaviors as an excuse for police actions.
The AI recruitment robot used on the McDonald’s “MCHIRE” website exposed the personal data of tens of millions of job applicants due to a set of web-based security vulnerabilities, including the use of the classic classic password “123456” on the administrator account. The website’s chatbot, known as Olivia, was built by artificial intelligence software company Paradox.ai. Meanwhile, after the devastating flooding in Texas last week, at least 120 people were killed, conspiracy theories about extreme weather events gained enough appeal among anti-government extremists, Republican influencers and others with larger platforms to create real-world real-worlds, such as death threats.
Eventually, on the night when the shameful financier was found to be hanged, metadata of the “full original” surveillance footage was captured near Jeffrey Epstein’s cell, which was not the “original” shot at all. Instead, according to wired analytics and digital video forensics experts, the complete video consists of two clips and is likely to be processed using powerful editing software.
And more. Every week, we fill in security and privacy news that we don’t cover in depth. Click on the headlines to read the full story. And stay safe.
Earlier this year, three UK retailers – Harrods, Co-Op and M&S, were destroyed by cyber attacks. Some shelves were empty for weeks, and M&S executives predicted the total attack would cost about £300 million ($407 million). This week, the National Crime Agency (NCA) law enforcement officer (NCA) equivalent to the FBI, announced the arrest of four people, as part of an investigation into three attacks.
A 20-year-old woman and two 19-year-old men were arrested at home in the West Midlands and London on Thursday morning. The NCA said a 19-year-old man is from Latvia, while the others are from the UK. The NCA said in a statement that they were alleged of potential crimes of computer abuse, ransomware, money laundering and “participating in activities of organized crime groups.” Law enforcement agencies have not named individuals who were arrested or released at the exact location of their location; however, NCA deputy director Paul Foster said the arrest was a “important step” in his investigation.
The attacks on three UK retailers have been linked to a portion of the NCA’s scattered spider with loose cybercriminals. The hacking team first appeared in 2022, consisting primarily of young, English-speaking people, and has recently been seen targeting retailers, airlines and insurance industries in the UK and the US.
It didn’t take long for criminals to start using generated AI to create surreal images of child sexual abuse. Now, a lot of illegal, AI-created content has been found online, and criminals will use the technology to create videos as well as still images. In the first six months of this year, analysts at the Internet Watch Foundation, a UK-based organization that removed child sexual abuse material (CSAM) from the network and identified 1,286 AI-generated videos showing abuse, with more than 1,000 of which showed the most severe types of abuse.
“The risk of AI-generated CSAM is incredible, causing an absolute explosion to overwhelm the transparent network,” said Derek Ray-Hill, interim CEO of the Internet Watch Foundation. A separate figure based in the National Center for Missing and Exploited Children (NCMEC) said it received 485,000 reports of AI CSAM in the first half of this year, all 67,000 people last year. NCMEC said about 35 tech companies reported finding AI-generated CSAM on their platforms.
On rare occasions, Western law enforcement is actually on suspicion of Chinese state-sponsored hackers, Italian police arrested a 33-year-old Xu Zewei from Shanghai at the airport in Milan on July 3. Authorities claim he is a member of a spy group known as Silk Typhoon or Havanim, which has carried out extensive data theft against Western governments and private sector companies for years. U.S. prosecutors specifically accused XU of participating in the hacking of the Silk Typhoon, targeting researchers starting a Covid-19-19 vaccine in 2020 and 2021. He also allegedly participated in a less targeted hacking campaign, where the same group fell into thousands of Microsoft Exchange Erversers in the World the World Backandersance to create the later Microsoft Exchange Ersisers backsose, a family, a family descendant. Xu’s lawyer denied the allegation, saying it was a case of wrong identity, and Xu’s wife also reportedly said Xu was an IT technician at the GTA semi-command company.
In more news about hackers suspected of being arrested at European airports, and a very unusual case of alleged cybercriminal Moonlight – this week, police detained Russian professional basketball player Daniil Kasatkin at the Charles de Gauer airport in Paris, accusing him of being part of the Ransomware group. Authorities have not named them that they claim Kasatkin is part of the ransomware crew, but said it touched nearly 900 organizations, including two U.S. government agencies from 2020 to 2022. Kasatkin’s attorney Frédéric Bélot denied the charges, saying his clients were “useless to computers and could not even install applications.” Kasatkin, who played for professional basketball MBA, MBA, had traveled to France with his fiancé to propose to her.
This is your annual reminder of the world’s sports debris, setting your Strava account settings to private. This week, Sweden’s Dagens Nyheter newspaper revealed that seven bodyguards of Swedish government officials disclosed their Strava accounts, revealing where they were doing 1,400 sports activities and in many cases where people, including Swedish Prime Minister Ulf Kristersson, were located. The Prime Minister leaked locations include the hotel where he stayed, a private address, a family vacation, a trip abroad and his private residence, which was intended to be secret. Repeat after me, Strava enthusiasts all have security permissions: Go to Settings, click on Privacy Controls, and then do the activity. Future scandals are avoided.
