Can you avoid being stung by AI when you hear the real thing? How to get your own privacy protections in AI-generated automated voice recognition
RansomHub did not provide sample data from that trove to prove its claim. On Friday a representative for the group sent WIRED a list of things that appeared to be patient records and a data sharing contract for United healthcare, which owned Change healthcare and Emdeon, which acquired Change healthcare.
After months of delays, the US House of Representatives voted on Friday to extend a controversial warrantless wiretap program for two years. Section 702 allows theUS government to collect communications of foreigners in other countries. But this collection also includes reams of communications from US citizens, which are stored for years and can later be warrantlessly accessed by the FBI, which has heavily abused the program. An amendment that would have forced investigators to get a warrant failed to pass.
A group of US lawmakers on Sunday unveiled a proposal that they hope will make the country the first to have a nationwide privacy law. The American Privacy Rights Act would give US residents more control over the information that is collected about them and limit how much data is collected by companies. Congress has tried to pass a national privacy law for years and has failed to do so.
Absent a US privacy law, you’ll need to take matters into your own hands. DuckDuckGo, the privacy-focused company famous for its search engine, now offers a new product called Privacy Pro that includes a VPN, a tool for having your data removed from people-search websites, and a service for restoring your identity if you fall victim to identity theft. There are also steps you can take to wrench back some of the data used to train generative AI systems. Not all systems out there offer the option to opt out of data collection, but we have a rundown of the ones that do and how to keep your data out of AI models.
Data collection isn’t the only risk associated with AI advancements. Cloned voices sound eerily like the real thing, with artificial intelligence-generated scam calls becoming more sophisticated. But there are precautions you can take to protect yourself from getting swindled by someone using AI to sound like a loved one.
The latest privacy and security news from Microsoft: Facebook, Twitter, Apple, APT29, Midnight Blizzard, and Cozy Bear
That’s not all. Each week, we round up the privacy and security news we didn’t cover in depth ourselves. Stay safe and click the headlines to read the full stories.
In a statement Friday, the streaming video service warned customers of a security issue that resulted in the compromise of more than 600,000 accounts. The hackers carried out a “credential stuffing” attack, in which they tried passwords for users that had leaked elsewhere, then broke into accounts where users had reused those passwords. The company noted that in less than 400 cases, hackers had actually exploited their access to make purchases with the hijacked accounts. But the company nonetheless reset users’ passwords and is implementing two-factor authentication on all user accounts.
Apple sent notices via email to users in 92 countries around the world this week, warning them that they had been targeted by sophisticated “mercenary spyware” and that their devices may be compromised. Potential hacking victims are urged to take the warning very seriously and the company said it had high confidence in it. The status page said that anyone who receives the warning should contact the Digital Security Helpline to enable Lockdown Mode for future protection. In a public post, Apple gave no information about who the hacking victims are, where they are or who the criminals behind the attacks might be. It wrote in its public support post that it’s warned users in a total of 150 countries about similar attacks since 2021.
April continues to be the cruelest month for Microsoft—or perhaps Microsoft’s customers. On the heels of a Cybersecurity Review Board report on Microsoft’s previous breach by Chinese state-sponsored hackers, the Cybersecurity and Infrastructure Security Agency (CISA) published a report this week warning federal agencies that their communications with Microsoft may have been compromised by a group known as APT29, Midnight Blizzard, or Cozy Bear, believed to work on behalf of Russia’s SVR foreign intelligence agency. The emergency directive states that the compromise of Microsoft corporate email accounts and the exfiltration of communication between agencies and Microsoft presents a grave and unacceptable risk to agencies. In March, Microsoft claimed that it was still trying to get the attackers out of its network.
The Dragonforce group posted a recording of the conversation to its darkweb site in a misguided attempt to pressure the victim company to pay in order to keep their system from being taken over. (TechCrunch didn’t identify the victim.) The call starts like any tedious attempt to find the right person after calling a company’s publicly listed phone number, as the hacker waits to speak to someone in “management.”
Beth asks the hacker to explain the situation as she picks up the phone. When he threatens to make the company’s stolen data available for “fraudulent activities and for terrorism by criminals,” Beth responds “Oh, ok,” in an altogether unimpressed tone. She asked if the data will be posted to Dragonforce.com. At another point, she notes to the increasingly frustrated hacker that recording their call is illegal in Ohio, and he responds, “Ma’am, I am a hacker. I do not care about the law. Finally, Beth refuses to negotiate with the hacker with a “Well, good luck,” to which the hacker responds, “Thank you, take care.”