Source: Cord Cutters News\
In a landmark settlement, Google has agreed to pay $1.375 billion to resolve claims of data privacy violations brought by Texas Attorney General Ken Paxton, according to a press release issued on Thursday. The settlement, one of the largest of its kind secured by a single state against a tech giant, addresses allegations that Google unlawfully tracked and collected users’ private data, including geolocation, incognito searches, and biometric information. The agreement marks a significant moment in the ongoing scrutiny of Big Tech’s data practices and sets a new benchmark for state-led privacy enforcement.
As part of the agreement, Google is expected to continue refining its privacy practices, though specific terms of the settlement beyond the financial penalty were not detailed in the press release.
Source: FedScoop
https://fedscoop.com/senators-want-tsa-to-scale-back-facial-recognition-at-airports/
A bipartisan group of senators introduced legislation this week that would scale back the Transportation Security Administration’s facial recognition program, giving travelers the right to not have their faces scanned when passing through airports.The lawmakers say their push for the Traveler Privacy Protection Act comes as the Department of Homeland Security component seeks to expand the use of facial recognition at hundreds of airports.“Folks don’t want a national surveillance state, but that’s exactly what the TSA’s unchecked expansion of facial recognition technology is leading us to,” Sen. Jeff Merkley, D-Ore., a co-sponsor of the bill and a longtime critic of the government’s facial recognition program, said in a statement.
Specifically, the bill would require the TSA to clearly inform passengers of their right to not participate in the DHS facial recognition program and bar the agency from providing worse treatment to passengers that choose not to participate.[…]
Sens. Ed Markey, D-Mass., and Roger Marshall, R-Kan., are also co-sponsors of the bill. A press release about the legislation also touted support from Sens. Steve Daines, R-Mont., and Chris Van Hollen, D-Md., as well as the ACLU, the American Federation of Government Employees, Public Citizen, EPIC, the Project On Government Oversight, and Fight for the Future.
[…]
Source: The Register
https://www.theregister.com/2025/05/10/router_botnet_crashed/
Earlier this week, the FBI urged folks to bin aging routers vulnerable to hijacking, citing ongoing attacks linked to TheMoon malware. In a related move, the US Department of Justice unsealed indictments against four foreign nationals accused of running a long-running proxy-for-hire network that exploited outdated routers to funnel criminal traffic.
In a FLASH bulletin [PDF] on Wednesday, the FBI warned that aging routers from Linksys, Ericsson, and Cisco, commonly found in homes and small businesses, were being actively targeted by cybercriminals.
These devices, long past their update window, were compromised and made available for sale as part of a criminal proxy network marketed through the 5socks and Anyproxy domains. The botnet provided anonymity to malicious users and enabled a range of cybercrime, including distributed denial of service (DDoS) attacks, according to federal investigators and security researchers.
Here are the dusty old routers you need to watch out for:
- Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550 and WRT320N, WRT310N, WRT610N kit
- The Ericsson Cradlepoint E100 router
- The Cisco Valet M10
[I used to own a Linksys E2500]
Source: Tedium
https://www.bespacific.com/does-one-line-fix-google-2/
Note – this post is dated May 2024 but the recommendation continues to work – Via Tedium: “Forget AI. Google just created a version of its search engine free of all the extra junk it has added over the past decade-plus. All you have to do is add “udm=14” to the search URL…Google announced some big changes to its search engine that are, in a word, infuriating. Simply put,[…]
—
Abstracted from beSpacific
Copyright © 2024 beSpacific, All rights reserved.
Source: NYT via Newser
https://www.newser.com/story/368218/a-big-problem-for-ai-hallucinations-getting-worse.html
A strange thing is happening in the world of artificial intelligence: As the bots grow more powerful, they are generating more mistakes—”hallucinations”—than ever, reports the New York Times. And as the story by tech writers Cade Metz and Karen Weise explains, “It is not entirely clear why.” As an example, they report that the new and improved o3 reasoning system deployed by Open AI hallucinated 33% of the time when given a benchmark test involving questions about public figures. That’s troubling, but what’s more of a head-scratcher is that the error rate is twice that of the previous reasoning system. Similar stats at other companies back up the notion that this is an industry-wide trend.In a real-world example, they recount how an AI bot for Cursor, a tool for programmers, informed customers that a new company policy forbid them from using Cursor on more than one computer. After an angry backlash, the chief executive had to explain that no such policy existed. The overarching problem is that the bots base their answers on the crunching of vast amounts of data—they can’t determine what is objectively true or false. “Despite our best efforts, they will always hallucinate,” Amr Awadallah of Vectara, which builds AI tools for businesses, tells the Times. “That will never go away.”
…
[from the NYT article:]
For several years, this phenomenon has raised concerns about the reliability of these systems. Though they are useful in some situations — like writing term papers, summarizing office documents and generating computer code — their mistakes can cause problems.
Those hallucinations may not be a big problem for many people, but it is a serious issue for anyone using the technology with court documents, medical information or sensitive business data.
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/majority-of-browser-extensions-pose-critical-security-risk-a-new-report-reveals/
Browser extensions have become deeply embedded in employees’ daily workflows, aiding tasks from grammar checking to discount hunting. Yet, their extensive permissions create significant security risks, largely unnoticed by IT and security teams.A new 2025 Enterprise Browser Extension Security Report, uniquely combining data from public extension marketplaces and real-world enterprise usage telemetry to spotlight this underestimated threat vector.
LayerX is hosting a webinar to discuss key findings from the Enterprise Browser Extension Security Report 2025. Gain actionable insights to mitigate browser extension risks.
Recommendations for Security and IT Teams:
- Audit all browser extensions across the enterprise environment.
- Categorize extensions to understand their risk profiles.
- Enumerate and analyze extension permissions meticulously.
- Perform comprehensive risk assessments of each extension.
- Enforce adaptive, risk-based security policies to manage extension threats effectively.
Download the full report to understand the complete security implications and strategies for managing browser extensions securely.
Sponsored and written by LayerX.
Tagged:
Subject: Deepfakes, Scams, and the Age of Paranoia
Source: WIRED
https://www.wired.com/story/paranoia-social-engineering-real-fake/
These days, when Nicole Yelland receives a meeting request from someone she doesn’t already know, she conducts a multistep background check before deciding whether to accept. Yelland, who works in public relations for a Detroit-based nonprofit, says she’ll run the person’s information through Spokeo, a personal data aggregator that she pays a monthly subscription fee to use. If the contact claims to speak Spanish, Yelland says, she will casually test their ability to understand and translate trickier phrases. If something doesn’t quite seem right, she’ll ask the person to join a Microsoft Teams call—with their camera on.If Yelland sounds paranoid, that’s because she is. In January, before she started her current nonprofit role, Yelland says, she got roped into an elaborate scam targeting job seekers. “Now, I do the whole verification rigamarole any time someone reaches out to me,” she tells WIRED.
Digital imposter scams aren’t new; messaging platforms, social media sites, and dating apps have long been rife with fakery. In a time when remote work and distributed teams have become commonplace, professional communications channels are no longer safe, either. The same artificial intelligence tools that tech companies promise will boost worker productivity are also making it easier for criminals and fraudsters to construct fake personas in seconds.
These kinds of schemes have become so widespread that AI startups have emerged promising to detect other AI-enabled deepfakes, including GetReal Labs and Reality Defender. OpenAI CEO Sam Altman also runs an identity-verification startup called Tools for Humanity, which makes eye-scanning devices that capture a person’s biometric data, create a unique identifier for their identity, and store that information on the blockchain. The whole idea behind it is proving “personhood,” or that someone is a real human. (Lots of people working on blockchain technology say that blockchain is the solution for identity verification.)
Source: EFF
https://www.bespacific.com/how-signal-whatsapp-apple-and-google-handle-encrypted-chat-backups/
EFF: “Encrypted chat apps like Signal and WhatsApp are one of the best ways to keep your digital conversations as private as possible. But if you’re not careful with how those conversations are backed up, you can accidentally undermine your privacy. When a conversation is properly encrypted end-to-end, it means that the contents of those messages are only viewable by the sender and the recipient. The organization that runs the messaging platform—such as Meta or Signal—does not have access to the contents of the messages. But it does have access to some metadata, like the who, where, and when of a message. Companies have different retention policies around whether they hold onto that information after the message is sent. What happens after the messages are sent and received is entirely up to the sender and receiver….
[via EFF:]
Related Issues:
—
Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.
Source: 404 Media
https://www.bespacific.com/license-plate-reader-company-flock-is-building-a-massive-people-lookup-tool-leak-shows/
404 Media no paywall – “Flock, the automatic license plate reader (ALPR) company whose cameras are installed in more than 5,000 communities in the U.S., is building a product that will use people lookup tools, data brokers, and data breaches to “jump from LPR [license plate reader] to person,” allowing police to much more easily identify and track the movements of specific people around the country without a warrant or court order, according to internal Flock presentation slides, Slack chats, and meeting audio obtained by 404 Media. The news turns Flock, already a controversial technology, into a much more invasive tool, potentially able to link a vehicle passing by a camera to its owner and then more people connected to them, through marriage or other association. The new product development has also led to Flock employees questioning the ethics of using hacked data as part of their surveillance product, according to the Slack chats.[…]
Abstracted from beSpacific
Copyright © 2025 beSpacific, All rights reserved.NB
Over the last several years more surveillance and technology companies have packaged stolen or hacked data and then sold access to that information to law enforcement. The practice raises questions around the ethics of re-using such data for surveillance purposes; the legality of doing so; and the chain of custody of that information if it was ever used as part of a criminal investigation.
Source: Newser Editors and Wire Services
https://www.newser.com/story/368773/coinbase-says-criminals-are-demanding-20m-ransom.html
Coinbase, the largest cryptocurrency exchange based in the US, said Thursday that criminals had improperly obtained personal data on the exchange’s customers for use in crypto-stealing scams and were demanding a $20 million payment not to publicly release the info. Coinbase CEO Brian Armstrong said in a post on X that criminals had bribed some of the company’s customer service agents who live outside the US to hand over personal data on customers, like names, dates of birth, and partial Social Security numbers, the AP reports. Armstrong said the company was refusing to pay the ransom and would instead offer a $20 million bounty for anyone who provided information that led to the attackers’ arrest….
(More Coinbase stories.)
Source: tech.co
https://tech.co/news/cargo-theft-losses-1-billion-year
Cargo theft is growing at an alarming rate, according to a new investigation from CNBC. Allegedly, there was a 26% increase in incidents of theft from 2023 to 2024, with train cargo thefts alone up by a staggering 40%.The findings highlight a new type of theft, known as “strategic theft,” in which criminals dupe shippers, brokers, and carriers into handing over cargo or payments to them instead of legitimate companies. This has grown in prominence over the last five years, accounting for roughly one-third of all thefts last year.
Ultimately, the report points to a growing sophistication among criminals who target freight, as well as shedding light on the critical importance of deterrents, including electronic logging devices (ELDs).
Findings Highlight Importance of Anti-Theft Measures 0 Ultimately, the CNBC investigation brings home the vital importance of criminal deterrents, such as the use of ELDs or other asset tracking software.
Security companies such as Highway alert their clients when someone changes their company’s phone number, email, or registered address on the Federal Motor Carrier Safety Administration’s website. As this is where shippers register their details, it’s often the first line of defence against a criminal organization that is trying to instigate “strategic theft.”
However, government and trade bodies must accept some accountability, too. At present, it is far too easy for criminals to gain access to their networks and make changes at will, which can have devastating consequences. It’s no surprise that cyberattacks are also on the rise, with most businesses deserting their most basic cybersecurity duties.
[…]