Bleeping Computer: Microsoft pushes OOB security updates for Windows Snipping tool flaw

Bleeping Computer: Microsoft pushes OOB security updates for Windows Snipping tool flaw. “Now tracked as CVE-2023-28303, the Acropalypse vulnerability is caused by image editors not properly removing cropped image data when overwriting the original file. For example, if you take a screenshot and crop out sensitive information, such as account numbers, you should have reasonable expectations that this cropped data will be removed when saving the image. However, with this bug, both the Google Pixel’s Markup Tool and the Windows Snipping Tool were found to be leaving the cropped data within the original file.”

Ars Technica: “Click-to-cancel” rule would penalize companies that make you cancel by phone

Ars Technica: “Click-to-cancel” rule would penalize companies that make you cancel by phone. “Canceling a subscription should be just as easy as signing up for the service, the Federal Trade Commission said in a proposed ‘click-to-cancel’ rule announced today. If approved, the plan ‘would put an end to companies requiring you to call customer service to cancel an account that you opened on their website,’ FTC commissioners said.”

TechCrunch: Google removes hundreds of Kenya-focused loan apps from Play Store

TechCrunch: Google removes hundreds of Kenya-focused loan apps from Play Store. “Google has taken down hundreds of loan apps from the Play Store in Kenya since its new policy, which requires digital lenders in the East African country to submit proof of license, went into effect in January. The policy came in the wake of Kenya’s Digital Credit Providers (DCP) regulations last year, which required entities that provide loans digitally to acquire a license to operate from the Central Bank of Kenya.”

Uncovering the unheard: Researchers reveal inaudible remote cyber-attacks on voice assistant devices (University of Texas at San Antonio)

University of Texas at San Antonio: Uncovering the unheard: Researchers reveal inaudible remote cyber-attacks on voice assistant devices. “Guenevere Chen, an associate professor in the UTSA Department of Electrical and Computer Engineering, recently published a paper on USENIX Security 2023 that demonstrates a novel inaudible voice trojan attack to exploit vulnerabilities of smart device microphones and voice assistants — like Siri, Google Assistant, Alexa or Amazon’s Echo and Microsoft Cortana — and provide defense mechanisms for users.”

The Next Web: Big Tech gives EU access to thousands of user accounts each year

The Next Web: Big Tech gives EU access to thousands of user accounts each year. “Most of us share huge amounts of personal information online, and Big Tech companies are in many ways the gatekeepers of this data. But how much do they share with the authorities? And how often do governments request user data? According to new research by VPN provider SurfShark, the answer is a lot, and a lot again.”

Engadget: OpenAI says a bug leaked sensitive ChatGPT user data

Engadget: OpenAI says a bug leaked sensitive ChatGPT user data. “In Tuesday’s incident, users posted screenshots on Reddit that their ChatGPT sidebars featured previous chat histories from other users. Only the title of the conversation, not the text itself, were visible. OpenAI, in response, took the bot offline for nearly 10 hours to investigate. The results of that investigation revealed a deeper security issue: the chat history bug may have also potentially revealed personal data from 1.2 percent of ChatGPT Plus subscribers.”

Governor of Hawaii: Attorney General Warns Of Fake FBI Bitcoin Phone Scam Involving “Spoofed” Department Of The Attorney General Phone Number

Governor of Hawaii: Attorney General Warns Of Fake FBI Bitcoin Phone Scam Involving “Spoofed” Department Of The Attorney General Phone Number. “Scammers are calling Hawaiʻi residents pretending to be Federal Bureau of Investigations (‘FBI’) agents. The callers are lying and telling potential victims that they owe unpaid fines and are going to be arrested unless they immediately make a payment in Bitcoin or other cryptocurrency, or using other methods.”

New York Times: The Younger Brother Caught in the Middle of the FTX Investigation

New York Times: The Younger Brother Caught in the Middle of the FTX Investigation. “The money flowed freely at a pandemic-prevention organization run by the younger brother of Sam Bankman-Fried, the disgraced cryptocurrency mogul. Just over $375,000 financed a failed campaign in Colorado to increase taxes on cannabis sales in order to support pandemic research. Another $1 million was spent on consulting and advertising expenses in a single year. And $3.3 million went toward the purchase of a luxurious townhouse a few blocks from the U.S. Capitol.”

Bleeping Computer: Dole discloses employee data breach after ransomware attack

Bleeping Computer: Dole discloses employee data breach after ransomware attack. “Fresh produce giant Dole Food Company has confirmed threat actors behind a February ransomware attack have accessed the information of an undisclosed number of employees. Dole employs around 38,000 people worldwide, providing fresh fruits and vegetables to customers in more than 75 countries.”

WIRED: The Scorched-Earth Tactics of Iran’s Cyber Army

WIRED: The Scorched-Earth Tactics of Iran’s Cyber Army. “Within its borders, the Iranian regime controls its population through one of the world’s toughest internet filtering systems, physical crackdowns, and mass arrests carried out with impunity. However, the IRI is vulnerable beyond its physical and virtual borders, as the regime struggles to contain the discourse and silence dissidents. To combat opposition narratives in the West and among VPN-armed domestic activists online, the IRI cyber army deploys multifaceted, devious, and sometimes clumsy tactics.”

CNBC: SEC charges Tron founder Justin Sun, celebrities Lindsay Lohan, Jake Paul with crypto violations

CNBC: SEC charges Tron founder Justin Sun, celebrities Lindsay Lohan, Jake Paul with crypto violations. “The Securities and Exchange Commission has unveiled fraud and unregistered securities charges against crypto founder and Grenadian diplomat Justin Sun, alongside separate violations against the celebrity backers of his Tronix and BitTorrent crypto assets, which included Jake Paul, Lindsay Lohan and Soulja Boy.”