I ain't afraid of no ghosts, but in this case... To spy on rival Snapchat and get data on how the app was being used, Meta – when it was operating as Facebook – allegedly initiated a program called Project Ghostbusters, which intercepted data traffic from mobile apps. And it used …

Some of us would be happy being rated 7.5 out of 10, just sayin' Updated Two DNSSEC vulnerabilities were disclosed last month with similar descriptions and the same severity score, but they are not the same issue.... [...]

Warning: Poorly configured Google Cloud databases spill billing info, plaintext credentials At least 900 websites built with Google's Firebase, a cloud database, have been misconfigured, leaving credentials, personal info, and other sensitive data inadvertently exposed to the public internet, according to security researchers.... [...]

Rare occasion when you do want Big Tech to make a hash of it Google has enhanced its Safe Browsing service to enable real-time protection in Chrome for desktop, iOS, and soon Android against risky websites, without sending browsing history data to the ad biz.... [...]

Automated AI helper intended to make security more manageable Microsoft Copilot for Security, a subscription AI security service, will be generally available on April 1, 2024, the company announced on Wednesday.... [...]

Infosec folk aren’t thrilled that if you poke APIs enough, you learn AI's secrets Boffins have managed to pry open closed AI services from OpenAI and Google with an attack that recovers an otherwise hidden portion of transformer models.... [...]

Under New Management is an early-warning system for potential poisoning of add-ons with malware Millions of Chrome users now have a way to guard against the threat of extension subversion, that is, if they don't mind installing yet another browser extension.... [...]

Play Store commissions are a nice little earner, wherever they come from Google has been accused of profiting from gift card scams.... [...]

/ Hope no one ever reads these functions lmao / NSO Group, the Israel-based maker of super-charged snoopware Pegasus, has been ordered by a federal judge in California to share the source code for "all relevant spyware" with Meta's WhatsApp.... [...]

Cloned then compromised, bad repos are forked faster than they can be removed A malware distribution campaign that began last May with a handful of malicious software packages uploaded to the Python Package Index (PyPI) has spread to GitHub and expanded to reach at least 100,000 compromised repositories …

Those little popups may reveal location, device details, IP address, and more More than 130 petitions seeking access to push notification metadata have been filed in US courts, according to a Washington Post investigation – a finding that underscores the lack of privacy protection available to users of mobile devices …

Talk about gone in 60 seconds Computer scientists have developed an efficient way to craft prompts that elicit harmful responses from large language models (LLMs).... [...]

State government says it's thinking of the children A law firm acting on behalf of the Nevada Attorney General Aaron Ford has asked a state court to issue a temporary restraining order (TRO) denying minors access to encrypted communication in Meta's Messenger application.... [...]

We speak to professor who with colleagues tooled up OpenAI's GPT-4 and other neural nets AI models, the subject of ongoing safety concerns about harmful and biased output, pose a risk beyond content emission. When wedded with tools that enable automated interaction with other systems, they can act on …

Now that's what you call dual-use tech Cyber baddies have turned to ad networks to measure malware deployment and to avoid detection, according to HP Wolf Security.... [...]

Surprising third-act twist as Russian case means more freedom for all The European Court of Human Rights (ECHR) has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights – a decision that may derail European data surveillance legislation known as Chat Control …

'You don't have to do more than that to disconnect an entire network' El Reg told as patches emerge A single packet can exhaust the processing capacity of a vulnerable DNS server, effectively disabling the machine, by exploiting a 20-plus-year-old design flaw in the DNSSEC specification.... [...]

Leaves it to carriers, promoting a complaint to Irish data cops from Big Tech's bête noire Meta has acknowledged that phone number reuse that allows takeovers of its accounts "is a concern," but the ad biz insists the issue doesn't qualify for its bug bounty program and is a …

Security is a process, not a product. Nor a language Memory-safety flaws represent the majority of high-severity problems for Google and Microsoft, but they're not necessarily associated with the majority of vulnerabilities that actually get exploited.... [...]

Firefox maker promises to lean on personal info brokers to scrub records Mozilla on Tuesday expanded its free privacy-monitoring service with a paid-for tier called Mozilla Monitor Plus that will try to get data brokers to delete their copies of subscribers' personal information.... [...]

Chocolate Factory matches Microsoft money for memory safety Google on Monday donated $1 million to the Rust Foundation specifically to improve interoperability between the language and C++.... [...]

Atlassian systen compromised via October Okta intrusion Cloudflare has just detailed how suspected government spies gained access to its internal Atlassian installation using credentials stolen via a security breach at Okta in October.... [...]

Spotting a plaintext password and using it in research without authorization deemed a crime A security researcher in Germany has been fined €3,000 ($3,300, £2,600) for finding and reporting an e-commerce database vulnerability that was exposing almost 700,000 customer records.... [...]

Pen-tester accessed more than 650,000 sensitive messages, and still can, at Indian outfit using Toyota SaaS Toyota Tsusho Insurance Broker India (TTIBI), an Indo-Japanese joint insurance venture, operated a misconfigured server that exposed more than 650,000 Microsoft-hosted email messages to customers, a security researcher has found.... [...]

Microsoft says it's doing its best to crack down on crims The popularity of Github has made it too big to block, which is a boon to dissidents ducking government censors but a problem for internet security.... [...]