Category: Cybersecurity

• YouTube is cracking down on users who signed up for YouTube Premium using VPNs to get cheaper rates
• The company is canceling subscriptions of users who have mismatched signup countries and actual locations
• Users have reported sudden cancellations of their YouTube Premium subscriptions without warning
• YouTube has not explicitly confirmed canceling subscriptions for VPN use at sign-up
• YouTube Premium offers additional services like video downloads and access to YouTube Music Premium

https://lifehacker.com/entertainment/youtube-premium-canceled…

• Cyber experts warn of new Google Chrome’s vulnerabilities, highlighting a sophisticated malware impersonating Chrome and Microsoft to steal money from device owners
• Proofpoint has identified an ongoing nefarious campaign involving fake updates in browsers like Chrome and mimicking programs like Microsoft Word to trick users into downloading harmful code
• The malware gains access to cryptocurrencies and sensitive information by coercing users to copy and paste malicious code into Microsoft PowerShell
• The attack also utilizes email lures resembling work-related messages with fake error messages prompting users to open PowerShell and input malicious code
• The campaign targeted thousands of organizations globally, with over 100,000 messages sent, but requires significant user interaction to be successful, emphasizing the importance of being cautious and not downloading suspicious content

https://nypost.com/2024/06/19/lifestyle/cyber-experts-warn-of-new-chrome-microsoft-money-stealing-malware/…

• Android 15 may automatically delete and prompt users to re-enroll face or fingerprint unlock if not working well
• Variances in biometric sensor technology and tuning can affect accuracy
• Users often advised to re-enroll biometrics to fix authentication issues
• Android 15 to display notification for re-enrolling face or fingerprint unlock
• Android expected to release third beta of Android 15 soon, with potential improvements in biometric authentication

https://www.androidauthority.com/android-15-redo-biometrics-3452354/…

• A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell “fixes” that install malware
• Threat actors behind ClearFake, ClickFix, and TA571 are utilizing the campaign to prompt users to execute malicious PowerShell scripts through fake error messages
• The attack chains involve compromised websites hosting malicious scripts, injection on compromised websites, and email-based infection chains using HTML attachments
• The malicious payloads observed include DarkGate, Matanbuchus, NetSupport, Amadey Loader, XMRig, a clipboard hijacker, and Lumma Stealer
• The attackers exploit user’s lack of awareness regarding the risks of executing PowerShell commands and Windows’ inability to detect and block malicious actions initiated by the code

https://www.bleepingcomputer.com/news/security/fake-google-chrome-errors-trick-you-into-running-malicious-powershell-scripts/…

• Asus router vulnerabilities list: High-severity vulnerabilities affect a wide range of Asus router models, allowing remote control without authentication
• Critical vulnerability CVE-2024-3080 enables remote login without authentication, rated 9.8 in severity
• Second vulnerability CVE-2024-3079 allows remote execution of commands with administrative access
• Third vulnerability CVE-2024-3912 permits remote command execution without user authentication, severity rating of 9.8
• Asus advises firmware updates, strong unique passwords, and disabling certain services to enhance security

https://arstechnica.com/security/2024/06/high-severity-vulnerabilities-affect-a-wide-range-of-asus-router-models/…

• Thousands of servers infected with ransomware via critical PHP vulnerability
• Ransomware strain TellYouThePass encrypts files with .locked extension, demands $6,500 ransom
• Vulnerability CVE-2024-4577 affects PHP in CGI mode, exploit uses mshta.exe Windows binary
• Exploitation by TellYouThePass gang targets servers in China, Taiwan, Hong Kong, Japan
• XAMPP servers vulnerable by default, users urged to install security patch

https://arstechnica.com/security/2024/06/thousands-of-servers-infected-with-ransomware-via-critical-php-vulnerability/…

• Disco Elysium expansion controversy: Studio bosses humiliated lead writer for speaking to journalists
• PC Gamer’s report details circumstances of expansion cancellation, layoffs, and retaliation against writer
• Key creative talent left studio, projects canceled or put on hold
• X7 standalone expansion canceled in February, lead writer subjected to humiliation campaign
• Former academic physicist left career to work on sequel, only to face uncertainty and project shelving

https://www.rockpapershotgun.com/disco-elysium-studio-bosses-humiliated-the-cancelled-expansions-lead-writer-for-speaking-to-journalists-claims-report…

• Google is testing Android 15’s automatic theft detection feature, Theft Detection Lock, in Brazil due to high rates of smartphone theft in the country
• The feature uses AI to detect suspicious movements and other indicators of theft, such as network changes or prolonged disconnection
• The antitheft feature is part of Google’s broader privacy and security enhancements for Android 15, including a password-locked vault called “private space”
• Users in Brazil will also have the ability to contact businesses via WhatsApp directly from search listings and schedule appointments with local services
• The antitheft feature will be available on older Android versions as well, and the new business communication features are exclusive to users in Brazil

https://www.theverge.com/2024/6/11/24176366/android-anti-theft-detection-lock-feature-testing…

• Microsoft will switch off Recall by default after security flaws were exposed, making it an opt-in feature in Copilot+ compatible versions of Windows.
• Recall, initially set on by default, silently stored user activity screenshots every five seconds, raising privacy concerns and vulnerability to hackers.
• Changes include requiring user authentication through Microsoft Hello and encrypting data storage to improve security.
• Despite improvements, unresolved privacy issues remain, such as potential legal implications for users turning on Recall.
• Microsoft’s Recall rollback follows a series of cybersecurity incidents, emphasizing the need for prioritizing security in business decisions.

https://www.wired.com/story/microsoft-recall-off-default-security-concerns/…

• Microsoft’s Recall feature, praised by CEO Satya Nadella as a “photographic memory” for PCs, is highly vulnerable to hacking.
• Security researchers have discovered that the Recall feature, which takes screenshots of a user’s desktop every five seconds, can be easily exploited by hackers.
• Even the security safeguard meant to protect Recall can be bypassed, allowing hackers to access a user’s entire history stored by the feature without administrator privileges.
• Researchers have identified techniques to exploit Windows’ access control lists, allowing hackers to gain unauthorized access to Recall data.
• The ease with which hackers can exploit Recall raises concerns about its security and the rushed implementation of the feature by Microsoft, despite claims of prioritizing security.

https://www.wired.com/story/microsoft-windows-recall-privilege-escalation/…

• Prevent Google from listening to your every word by adjusting settings in your Google account
• Advertisers and data brokers may already know a lot about you without needing to listen in
• Google’s hidden feature can collect audio recordings from various activities, posing potential privacy risks
• Steps to block Google from eavesdropping include adjusting settings in the Google app and deleting past audio recordings
• Check and adjust microphone permissions for other apps on your phone to ensure privacy

https://www.usatoday.com/story/tech/columnist/komando/2024/06/06/how-to-stop-google-listening/73911521007/…

• Linux version of TargetCompany ransomware focuses on VMware ESXi
• FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out
• Club Penguin fans breached Disney Confluence server, stole 2.5GB of data
• Kali Linux 2024.2 released with 18 new tools, Y2038 changes
• Trend Micro report details new Linux variant of TargetCompany ransomware targeting VMware ESXi, attributing attacks to affiliate “vampire”

https://www.bleepingcomputer.com/news/security/linux-version-of-targetcompany-ransomware-focuses-on-vmware-esxi/…

• Google Maps is implementing a privacy update to store location data locally on user devices
• Users must save their travel history to their mobile device by December 1st before old data is deleted
• Timeline feature, previously known as Location History, will now be linked to user devices instead of Google accounts
• Google’s privacy efforts include deleting sensitive locations from location history and preventing unauthorized access
• Users must enable new Timeline settings on their mobile device to continue accessing and managing their location data

https://www.theverge.com/2024/6/5/24172204/google-maps-delete-location-history-timeline…

• A pickpocket steals Veronica de Souza’s iPhone while she waits for the train in New York
• She remotely wipes the stolen phone, rendering it unusable without passcode and iCloud password
• The thief tries various tactics to convince her to unlock the phone, including threats
• De Souza responds playfully and ignores the thief’s last-ditch effort
• The article also discusses fake “Lightning” headphones and the history of mechanical calculators

https://boingboing.net/2024/06/04/pickpocket-begs-victim-to-unlock-stolen-phone.html…

• Malicious apps steal bank info among 90+ downloads in Google Play store
• Security experts at Zscaler found over 90 malicious apps with 5.5 million installations
• Anatsa malware targets banking information through practical tools like PDF readers
• Two identified malicious apps had over 70,000 installations – PDF Reader & File Manager and QR Reader & File Manager
• Most exploited app categories include tools, personalization, photography, productivity, and health & fitness

https://www.woodtv.com/news/nexstar-media-wire/apps-that-steal-bank-info-among-90-malicious-downloads-in-google-play-store-study/…

• Users have less than 72 hours to update or quit Google Chrome following multiple zero-day vulnerabilities and emergency updates in May
• U.S. government warns federal employees to update Chrome by June 3 and June 6 to address known exploitation vulnerabilities
• Google is phasing out Manifest V2 extensions and implementing Manifest V3, affecting ad blockers and developers
• A bitcoin trader lost $1 million due to Chrome security cookie theft, highlighting the importance of browser security
• Google is developing a new security feature, Device Bound Session Credentials, to combat cookie theft malware

https://www.forbes.com/sites/zakdoffman/2024/06/03/google-chrome-warning-72-hours-to-update-or-delete-your-browser/…

• Meta is testing unskippable Instagram ads, forcing users to watch timed ads before scrolling onward
• Tech companies like Meta are focusing on driving more value for advertisers as user growth plateaus
• Other platforms like Netflix, Max, Prime Video, and YouTube are also increasing ads to boost profits
• Instagram’s new ad feature may signal the end of a golden age of media, with users being bombarded with ads
• Social media platforms are shifting towards prioritizing advertisers over user experience, as seen in TikTok’s AI proposal for turning all videos into ads

https://gizmodo.com/meta-tests-holding-instagram-hostage-unscrollable-ads-1851517163…

• Google accidentally published internal Search documentation to GitHub, revealing details about how the search engine ranks webpages.
• The leaked documents contain API documentation for Google’s ContentWarehouse, indicating the complexity of Google’s webpage ranking system.
• SEO experts, Rand Fishkin and Mike King, accuse Google of misleading them in the past, highlighting discrepancies between the leaked information and Google’s public statements.
• The leaked documents suggest that factors like click-through rate and whitelists impact search rankings, contrary to Google’s previous claims.
• The SEO community is analyzing the leaked documents to understand how Google Search works, raising concerns about potential manipulation of search results.

https://arstechnica.com/gadgets/2024/06/google-accidentally-published-internal-search-documentation-to-github/…

• Google Chrome is phasing out Manifest V2 extensions, weakening ad blockers
• uBlock Origin creates uBO Lite in response to Manifest V3 changes
• Developers face challenges with new framework, need to implement complex mechanisms
• Google introduces improvements based on developer feedback, encourages migration to Manifest V3
• Over 85% of Chrome extensions, including popular ad-blockers, have migrated to Manifest V3

https://www.bleepingcomputer.com/news/google/google-chrome-change-that-weakens-ad-blockers-begins-june-3rd/…

• The NSA suggests periodic smartphone restarts to enhance security and reduce vulnerabilities
• Forbes uncovered an NSA document with smartphone security tips, including regular restarts
• Restarting your phone can help combat zero-click exploits and malware
• Many manufacturers have built-in functionality for scheduled phone restarts
• Users can manually schedule restarts or automate the process for improved device performance

https://gizmodo.com/nsa-smart-phone-restart-cybersecurity-1851513099…

• CISA warns of actively exploited Linux privilege elevation flaw
• Snowflake account hacks linked to Santander, Ticketmaster breaches
• Microsoft: Windows 11 preview update causes taskbar crashes
• Everbridge warns of corporate systems breach exposing business data
• Live Nation confirms massive Ticketmaster data breach

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-linux-privilege-elevation-flaw/…

• Linux vulnerability CVE-2024-1086 actively exploited, allowing privilege escalation
• Use-after-free error in Linux kernel versions 5.14 through 6.6 affecting NF_tables
• Exploits provide powerful double-free primitive for arbitrary code execution
• CISA mandates federal agencies to patch by June 20, urging immediate update
• Vulnerability patched in January, but some production systems remain vulnerable

https://arstechnica.com/security/2024/05/federal-agency-warns-critical-linux-vulnerability-being-actively-exploited/…

• NSA advises iPhone and Android users to turn off and on their devices once per week to protect against zero-click exploits and spear-phishing.
• Turning off and on the device is a simple proactive measure, but may not prevent advanced malware threats that reload on reboot.
• Additional security measures recommended by the NSA include disabling Bluetooth when not in use, updating devices promptly, and using strong lock-screen PINs.
• Users are cautioned against opening email attachments and links, as well as engaging in sensitive conversations on personal devices.
• Cybersecurity experts emphasize the importance of generating strong, unique passwords and being cautious of phishing attempts to protect against identity theft and security breaches.

https://www.forbes.com/sites/daveywinder/2024/05/31/nsa-warns-iphone–android-users-to-turn-it-off-and-on-again/…

• Google admits massive document leak related to search algorithm is authentic, revealing discrepancies between public statements and actual practices
• Internal documents suggest Google considers factors like click rates, Chrome data, website size, and domain authority in search rankings
• References to “whitelists” for topics like elections and COVID-19 suggest efforts to identify quality sources
• Allegations of bias at Google, with claims of left-wing bias and election interference
• Google cautions against inaccurate assumptions based on leaked documents, stating they lack important context and may not reflect current practices

https://nypost.com/2024/05/30/business/google-admits-massive-leak-related-to-search-is-authentic/…

• EngineOwning ordered to pay Activision $15 million in lawsuit settlement and surrender domain
• Activision Blizzard successful in court against prolific cheat provider EngineOwning
• Court rules EngineOwning circumvented anti-cheat systems, leading to damages and legal fees
• Thousands of gamers, including content creators, revealed to have used EngineOwning’s cheat software
• EngineOwning provided cheat solutions for various games, including hardware ID spoofer to bypass anti-cheat measures

https://insider-gaming.com/engineowning-activision-court-case/…

• Google search ranking leaks: A trove of leaked documents describes an old version of Google’s Content Warehouse API, revealing insights into Google Search’s inner workings.
• Accidental publication: The leaked documentation was inadvertently committed to a publicly accessible Google-owned repository on GitHub by the company’s automated tooling.
• SEO implications: The leaked documents provide details on over 14,000 attributes associated with the API, shedding light on factors Google considers important for ranking web pages.
• Contradictions with public statements: The leaked information contradicts some public statements made by Google representatives, such as the denial of click-centric user signals and subdomains’ separate consideration in rankings.
• Additional insights: The documents reveal Google’s consideration of various factors like clicks, content freshness, authorship, and alignment between page title and content in determining webpage rankings.

https://www.theregister.com/2024/05/29/internal_google_search_documents/…

• The alleged Google data leak is related to a public Google Cloud platform called Document AI Warehouse, used for data analysis and storage.
• The leaked data is claimed to be the “internal version” of publicly visible documentation, not confirmed to originate from Google Search.
• Rand Fishkin received the data from an individual who claimed it was from Google Search, but ex-Googlers did not confirm its origin.
• Confirmation Bias is warned against, as analyzing the data to confirm existing beliefs may lead to misinformation.
• Ambiguity surrounds the leaked data’s purpose, with suggestions that it may not be related to Google Search rankings.

https://www.searchenginejournal.com/google-data-leak-clarification/517711/…

• Over 90 malicious Android apps were discovered on Google Play, with 5.5 million installs, including the Anatsa banking trojan.
• Anatsa targets financial institutions in Europe, the US, the UK, and Asia to steal e-banking credentials for fraudulent transactions.
• The trojan has been distributed through decoy apps like ‘PDF Reader & File Manager’ and ‘QR Reader & File Manager,’ amassing 70,000 installations.
• The multi-stage payload loading mechanism of Anatsa helps it evade detection, with four distinct steps and anti-analysis checks.
• Other malicious apps on Google Play impersonated various categories, with the most dangerous families being Joker, Facestealer, Anatsa, and Coper, capable of on-device fraud and data theft.

https://www.bleepingcomputer.com/news/security/over-90-malicious-android-apps-with-55m-installs-found-on-google-play/…

• Bungie wins landmark suit against Destiny 2 cheat-maker AimJunkies, setting US legal precedent
• Jury found AimJunkies and its affiliates liable for copyright infringement, awarding damages totaling $63,210
• Bungie’s case may influence future game-cheating lawsuits by establishing a successful copyright claim
• AimJunkies plans to appeal the jury verdict and is involved in a separate arbitration ruling
• Conflicting claims and accusations were made during the trial, including allegations of hacking and evidence tampering

https://arstechnica.com/gaming/2024/05/bungie-wins-landmark-suit-against-destiny-2-cheat-maker-aimjunkies/…

• Google has not commented on a massive leak of its search algorithm documentation
• The leaked documents reveal detailed information about Google’s search API and data collection practices
• The documents suggest discrepancies between Google’s public statements and internal practices
• The leak raises questions about the use of Chrome data and the role of E-E-A-T in search rankings
• The leaked information provides a rare insight into Google’s secretive search algorithm and challenges the accuracy of Google’s public statements

https://www.theverge.com/2024/5/28/24166177/google-search-ranking-algorithm-leak-documents-link-seo…

• iPhone’s cyber security trick involves using the password autofill feature to securely store and fill in login credentials.
• This feature eliminates the need to remember complex passwords, enhancing convenience and security.
• The autofill feature requires authentication with Face ID or Touch ID to access saved passwords, ensuring personal data protection.
• Steps to activate and set up password options for autofill on an iPhone are straightforward and user-friendly.
• It is crucial to use strong, unique passwords for each site, enable two-factor authentication, and consider using a password manager for added security.

https://www.foxnews.com/tech/one-simple-trick-help-keep-out-cyber-creeps-iphone…

• Newly discovered ransomware named ShrinkLocker utilizes BitLocker to encrypt victim data.
• BitLocker is a full-volume encryptor that debuted in 2007 with Windows Vista, using advanced encryption algorithms since Windows 10.
• Security researchers from Kaspersky found ShrinkLocker targeting systems in Mexico, Indonesia, and Jordan.
• ShrinkLocker runs a VisualBasic script to encrypt data, disables BitLocker key protections, and generates a unique 64-character encryption key.
• Recovery of data encrypted by ShrinkLocker without the attacker’s key is challenging, with no specific protections against successful attacks mentioned.

https://arstechnica.com/security/2024/05/newly-discovered-ransomware-uses-bitlocker-to-encrypt-victim-data/…

• Chrome Zero-Day Attack: Google detects 4th zero-day in May actively under attack, CVE-2024-5274 related to type confusion bug in V8 engine
• Type confusion vulnerabilities allow for out-of-bounds memory access and execution of arbitrary code
• Google has patched four zero-days in May, including CVE-2024-4671, CVE-2024-4761, and CVE-2024-4947
• Exploit for CVE-2024-5274 exists in the wild, users urged to upgrade to Chrome version 125.0.6422.112/.113 for Windows and macOS
• Chromium-based browser users advised to apply fixes promptly to mitigate potential threats

https://thehackernews.com/2024/05/google-detects-4th-chrome-zero-day-in.html…

• Samsung data leak scandal reveals repair shops reporting customer data and killing devices
• iFixit ends collaboration with Samsung due to obstacles in Self-Repair program
• Leak exposes Samsung’s restrictive contract with independent repair shops
• Contract mandates customer data sharing and device disassembly for repairs with Samsung parts
• Samsung faces potential lawsuits and backlash over right-to-repair issues

https://www.sammobile.com/news/serious-leak-shows-samsung-made-repair-shops-report-customer-data-kill-devices/…

• US hotel check-in computers found with consumer-grade spyware app leaking sensitive guest information
• pcTattletale app captures screenshots of hotel booking systems, exposing guest details online
• Security researcher discovers compromised hotel systems, highlighting risks of consumer-grade spyware
• Wyndham hotels affected, with screenshots showing guest names, reservation details, and partial payment card numbers
• Concerns raised over potential misuse of spyware for tracking individuals without consent; hotel employees unaware of spyware presence

https://techcrunch.com/2024/05/22/spyware-found-on-hotel-check-in-computers/…

• The UK data watchdog is investigating Microsoft’s Copilot+ Recall feature, which can take screenshots of laptops every few seconds, leading to privacy concerns.
• Microsoft claims Recall stores encrypted snapshots locally on the computer and emphasizes user control over captured content.
• Privacy campaigners warn that the continuous screenshot feature could have a chilling effect on users and pose privacy risks.
• Experts raise concerns about the potential misuse of personal information captured by Recall, including sensitive data like passwords and financial information.
• Microsoft faces questions about user consent, access controls, and safeguarding privacy rights in the design and implementation of the Recall feature.

https://www.bbc.com/news/articles/cpwwqp6nx14o…

• Apple needs to explain the bug that resurfaced deleted photos, which was addressed in the iOS and iPadOS 17.5.1 update
• The fix only briefly mentions the issue of deleted photos reappearing, raising privacy concerns and questioning the trust in Apple’s photo data storage
• Despite multiple requests, Apple has not provided a public comment on the matter, leaving users unsure of the extent of the bug and its implications
• The lack of transparency contradicts Apple’s image as a company focused on privacy and data protection, calling into question its commitment to responsible disclosure
• While bugs are common, Apple’s silence on the issue undermines trust in its services and highlights the importance of addressing and preventing such incidents in the future

https://www.theverge.com/2024/5/20/24161152/apple-ios-17-photo-bug…

• Two students discover a laundry security bug that allows free laundry access
• University of California, Santa Cruz students exploit API in internet-connected washing machines
• Vulnerability found in machines owned by CSC ServiceWorks, used in multiple countries
• Company did not respond to students’ reports of the bug, but quietly fixed the issue
• The incident highlights ongoing security concerns in the internet of things, emphasizing the need for improved cybersecurity practices

https://www.theverge.com/2024/5/19/24160383/students-security-bug-laundry-machines-csc-serviceworks…

• iOS 17.5 is reportedly resurfacing pictures deleted years ago for some iPhone users
• Users report deleted images appearing as most recent after updating to iOS 17.5
• Concerns raised about privacy and data retention due to resurfacing images
• Speculation on changes in Photos app requiring re-indexing causing the issue
• Apple has not commented on the problem, updates awaited

https://9to5mac.com/2024/05/17/ios-17-5-deleted-photos-app-bug/…

• Google is injecting AI-generated answers at the top of searches in the United States
• Users are unable to opt out of AI-generated answers in Google Search
• Workarounds include using a Chrome extension to block AI overviews or setting the default search engine to the “Web” tab in Chrome
• Google’s focus on AI is seen as crucial for the company’s future success
• The integration of AI in Google Search has raised concerns about the accuracy and reliability of search results

https://gizmodo.com/how-to-purge-the-ai-from-your-google-searches-1851483027…

• Actors, including Paul Skye Lehrman and Linnea Sage, have filed a class action lawsuit against AI startup LOVO for allegedly misappropriating their voices.
• The lawsuit accuses LOVO of using actors’ voices, including those of A-list talent like Scarlett Johansson and Ariana Grande, without consent to train their AI system.
• The actors claim that LOVO marketed their voices under different names as part of its subscription service, leading to a decline in their work opportunities and reputational damage.
• SAG-AFTRA supports the lawsuit, highlighting the need for companies to respect actors’ rights and advocating for a federal right of publicity law to protect against voice theft.
• The class action aims to represent voiceover artists whose voices were used by LOVO, potentially expanding to include A-list talent, and highlights the importance of understanding and protecting intellectual property rights in the age of AI technology.

https://www.hollywoodreporter.com/business/business-news/actors-hit-ai-startup-with-class-action-lawsuit-over-voice-theft-1235900689/…

• Common 4-digit PIN numbers are a major security risk
• Many people use easily guessable PINs like “1234” and “1111”
• Data analysis shows that simple patterns are often used in PIN codes
• Cybersecurity experts warn against using weak and easily guessable passcodes
• Using password managers is recommended for enhanced security and generating random codes

https://nypost.com/2024/05/15/tech/the-10-most-common-4-digit-pin-numbers-are-you-at-risk-of-a-cyberattack/…

• Android is enhancing security with Theft Detection Lock and factory reset protection to deter theft and protect user data.
• The new security measures include requiring biometric authentication for critical Google account and device settings.
• Theft Detection Lock will detect when a device is being taken away and lock it using sensors and on-device models.
• Offline Detection Lock will activate if a stolen phone’s internet is turned off to prevent unauthorized access to data.
• Enhanced authentication protections and Remote Lock feature will be rolled out to select devices later this year to improve user security and privacy.

https://9to5google.com/2024/05/15/android-boosting-security-with-theft-detection-lock-factory-reset-protection/…

• Android 15 enhances data security with AI-powered Theft Detection Lock feature
• Remote Lock allows users to lock their phone remotely with a security challenge
• Offline Device Lock automatically locks the phone when offline to prevent unauthorized access
• Factory reset protection in Android 15 requires credentials post-wipe, reducing theft incentives
• Additional security authentication required for changing account settings in untrusted locations

https://www.engadget.com/android-15-will-make-it-harder-for-phone-thieves-to-steal-your-data-170037992.html…

• iOS update has a bug resurfacing deleted nudes on iPhones after the latest iOS 17.5 update
• Deleted photos, including NSFW content, are reappearing in the Recents album, some dating back years
• Users are reporting old photos returning even if they do not sync their phone or use iCloud
• The issue may extend beyond photos, with reports of old voicemails reappearing as well
• Uncertainty whether Apple is retaining old deleted data or if it’s a quirk of the iOS 17.5 update, posing privacy concerns

https://www.theverge.com/2024/5/15/24157284/apple-iphone-ios-17-5-update-deleted-photos-voicemails…

• Amazon seller, Begoing, altered Cassey Ho’s face in a dupe listing of her athletic skort on Amazon, using AI to avoid detection.
• Ho’s team discovered the altered video on April 12, leading to the removal of the counterfeit listing.
• Ho faces numerous dupe listings daily, with sellers using tactics like reverse-deepfaking and photoshopping to evade detection.
• Amazon has measures to prevent counterfeit listings but Ho finds the process exhausting and challenging.
• Ho advocates for policy changes on Amazon to protect independent designers and make it harder for sellers to list knock-off items.

https://www.foxbusiness.com/technology/amazon-seller-ripped-popflex-founder-cassey-hos-video-changed-her-face-dupe-listing-very-black-mirror…

• The May 2024 security update from Google addresses Bluetooth and camera fixes for Pixel devices
• 35 CVEs were patched, with only one Critical severity issue
• Google is focused on stabilizing and securing Android 14 before the release of Android 15
• The update includes bug fixes and improvements for Pixel users, with specific enhancements for Bluetooth LE audio and Pixel 8 series camera
• Details of the security patches have been provided, with updates for Android vulnerabilities and vendor-specific bugs

https://www.androidpolice.com/google-pixel-may-2024-security-update-b/…

• Google, Meta, and Spotify accused of breaking Apple’s device fingerprinting rules
• Device fingerprinting involves collecting device information for targeted ads
• Apple requires app developers to justify use of specific APIs for privacy reasons
• Major app makers, including Google and Meta, allegedly not complying with Apple’s rules
• Apple’s enforcement of privacy rules questioned by developers

https://www.theregister.com/2024/05/07/apple_fingerprinting_rules/…

• Gray Zone Warfare has experienced rapid success with over half a million players within a few days of launch, addressing optimization issues for older hardware.
• MADFINGER Games is prioritizing optimization and stabilization of the game, aiming to make it accessible to a wider audience.
• Despite initial challenges, Gray Zone Warfare has exceeded sales expectations, with plans for future updates and content expansion.
• The game is facing challenges from cheat providers, prompting the implementation of countermeasures to combat cheating.
• Future plans for Gray Zone Warfare include the introduction of new features like day and night cycles, weather dynamics, camps, and more points of interest, with a focus on enhancing player experience and customization options.

https://insider-gaming.com/gray-zone-warfare-interview-next-steps-success/…

• Urgent alert issued about the “Brokewell” smartphone attack targeting Android users’ bank accounts
• Malware appears as fake Google Chrome update page, allowing criminals to capture banking credentials and track location
• Brokewell poses significant threat to banking industry, with new commands added daily
• Malware equipped with accessibility logging, capturing all device events and sending data to control server
• FTC releases guidelines to avoid malware attacks, including downloading software from official sources and scanning devices for malicious activity.

https://dailyhodl.com/2024/05/05/new-brokewell-smartphone-attack-drains-bank-accounts-and-leaks-location-posing-significant-threat-to-banking-industry-report/…