WIRED: A US Agency Rejected Face Recognition—and Landed in Big Trouble. “Officials working on Login.gov, used to access dozens of government sites, worried about algorithmic bias. Their decision breached federal security rules.”
Engadget: Biden administration bans federal agencies from using commercial spyware. “In an executive order signed Monday, President Biden barred federal agencies from using commercial spyware that threatens US national security or carries a risk of improper use by foreign governments and individuals. “
CBS News: At least 17 members of Congress had sensitive information exposed in data breach. “The hacking of the DC Health Benefit Exchange Authority data system has triggered at least three investigations and a federal civil lawsuit against the District of Columbia government, CBS News has learned. It has also sent a significant shock through Congress and its staffers.”
Wall Street Journal: U.S. State-Government Websites Use TikTok Trackers, Review Finds. “More than two dozen state governments have placed web-tracking code made by TikTok parent ByteDance Ltd. on official websites, according to a new report from a cybersecurity company, illustrating the difficulties U.S. regulators face in curtailing data-collection efforts by the popular Chinese-owned app.”
Bleeping Computer: Microsoft pushes OOB security updates for Windows Snipping tool flaw. “Now tracked as CVE-2023-28303, the Acropalypse vulnerability is caused by image editors not properly removing cropped image data when overwriting the original file. For example, if you take a screenshot and crop out sensitive information, such as account numbers, you should have reasonable expectations that this cropped data will be removed when saving the image. However, with this bug, both the Google Pixel’s Markup Tool and the Windows Snipping Tool were found to be leaving the cropped data within the original file.”
University of Texas at San Antonio: Uncovering the unheard: Researchers reveal inaudible remote cyber-attacks on voice assistant devices. “Guenevere Chen, an associate professor in the UTSA Department of Electrical and Computer Engineering, recently published a paper on USENIX Security 2023 that demonstrates a novel inaudible voice trojan attack to exploit vulnerabilities of smart device microphones and voice assistants — like Siri, Google Assistant, Alexa or Amazon’s Echo and Microsoft Cortana — and provide defense mechanisms for users.”
The Next Web: Big Tech gives EU access to thousands of user accounts each year. “Most of us share huge amounts of personal information online, and Big Tech companies are in many ways the gatekeepers of this data. But how much do they share with the authorities? And how often do governments request user data? According to new research by VPN provider SurfShark, the answer is a lot, and a lot again.”
Engadget: OpenAI says a bug leaked sensitive ChatGPT user data. “In Tuesday’s incident, users posted screenshots on Reddit that their ChatGPT sidebars featured previous chat histories from other users. Only the title of the conversation, not the text itself, were visible. OpenAI, in response, took the bot offline for nearly 10 hours to investigate. The results of that investigation revealed a deeper security issue: the chat history bug may have also potentially revealed personal data from 1.2 percent of ChatGPT Plus subscribers.”
Gizmodo: ChatGPT Bug Let People See Other Users’ Chat History Titles. “On Monday, a few ChatGPT threads on Reddit and Twitter showed how a sidebar that usually displays user history was showing the history titles of other users as well. It’s unclear why the Reddit user was seeing a few Chinese-language titles as well as histories related to Chinese ideologies. Jordan Wheeler, a cybersecurity consultant, shared a much more broad selection of prompts in a Monday Twitter post.”
Michigan Daily: A case for keeping your relationship off of social media. “I certainly don’t love the idea of any of my followers gossiping about what I’m posting, and I’m sure you don’t either. Yet, isn’t that inevitable? By putting even just small pieces of our lives on social media, don’t we invite people to speculate about it all, including our relationships?”
Mashable: Twitter turns off SMS 2FA today if you don’t pay. Here’s why you should act now.. “If you have Twitter’s SMS-based two-factor authentication (2FA) method turned on, but you haven’t paid for Twitter Blue, you’ve probably been getting nagging messages from Twitter about it going away. Well, today is the last day to switch to a different 2FA, and it would be wise to do so.”
PC World: Firefox’s new feature protects against email tracking and spam. “In welcome news for all Firefox users, Mozilla announced this week that Firefox Relay, its version of email masking, will become integrated into its browser. Launched in 2020, Relay has only been accessible so far through a browser add-on.”
9to5 Google: Pixel Markup vulnerability lets some screenshots be un-redacted, un-cropped; fixed by March update. “For example (as shared on Twitter), let’s say you upload a screenshot from a hypothetical bank app/website that includes a picture of your credit/debit card. You crop out everything save for the card and then use Markup’s Pen tool to black out the 16-digit number. You then share that message on a service, like Discord. Given a vulnerability in how Markup works, somebody that downloads the image is able to perform a ‘partial recovery of the original, unedited image data of [the] cropped and/or redacted screenshot.'”
New York Times: Justice Dept. Investigating TikTok’s Owner Over Possible Spying on Journalists. “The inquiry appears to be tied to an admission by the app’s owner, ByteDance, that employees had inappropriately obtained Americans’ data. The company said it had fired the workers involved.”
Dallas Morning News: Dallas deputy streamed traffic stop to TikTok, revealed man’s personal info, lawsuit says. “A Tarrant County man is suing Dallas County and a sheriff’s deputy after he says his personal information was revealed to more than 100 people after the deputy livestreamed a traffic stop through TikTok.”
