We all know that we’re being tracked online, but the sheer scale of it — at least when this scale is properly communicated. Dry facts like “Your browser connected to 456 advertising trackers in the past hour” usually don’t get the point across. The problem is that such numbers lack context. They fail to connect our online actions with their unseen consequences. But what if we could somehow make online tracking visible — or audible? Electronic music artist Jasmine Guffond did just that a few years back… The sound of Google tracking She created a browser extension called Listening Back, which pl ..read more

Episode 345 of the Transatlantic Cable podcast kicks off with a story from the U.S, where a Pew survey suggested that most American’s feel that social media platforms have too much political power and influence. From there the team discuss news that ChatGPT can hack software vulnerabilities and the U.K becomes the first country in the world to ban simple passwords such as 123456 or ‘password’ for smart devices. If you liked what you heard, please consider subscribing. Social media companies have too much political power, 78% of Americans say in Pew survey Could ChatGPT be the next big cyberse ..read more

As usual, for May the 4th (MTFBWY), we’re publishing a report for Star Wars fans, telling how a long time ago in a galaxy far away the Empire was negligent about information security. This year’s report subject is the just-concluded third season of the “Star Wars: The Bad Batch” animated series. As usual, we have to warn that the text below may contain spoilers. Despite seemingly not the most serious format, the plot twists and overall coherence of the narrative in “The Bad Batch” are much better than in most recent live action series and movies. Ever since in the ninth episode “Palpatine Some ..read more

Dropbox has shared the results of an investigation into a hack of its infrastructure. The company doesn’t specify when the incident actually occurred, stating only that the attack was noticed by company employees on April 24. Here, we explain what happened, what data was leaked, and how to protect yourself and your company from the consequences of the incident. Dropbox Sign hack: how it happened and what data was stolen Unidentified attackers have managed to compromise the Dropbox Sign service account, and thus gain access to the platform’s internal automatic configuration mechanism. Using thi ..read more

The first Thursday in May is a special day. For over a decade, this day has been celebrated as World Password Day. For us at Kaspersky, it’s an important occasion; we don’t throw a party, but rather take the opportunity to once again remind you of one of the important things in life. That’s right — passwords! So let’s discuss how to create them, where to store them securely, and why “qwerty12345” is a no-no. This conversation is crucial because many people still rely on weak and reused passwords that are too easy to guess and have repeatedly fallen into the hands of hackers. Why this happens a ..read more

Evidence-based approach toward IT product security assessment is a powerful tool that allows to evaluate the trustworthiness of solutions. That is why since year 2018 we continue to expand our Global Transparency Initiative all over the world. Just at the end of April we opened our twelfth Transparency Center in Istanbul, Turkey, where our partners and customers, as well as cybersecurity regulators can learn more about our solutions, review the source code of our on-premise products, software updates, and threat detection rules. Additionally, visitors can check the results of independent audit ..read more

You’ve probably received more than a few spam or phishing emails from addresses belonging to seemingly reputable organizations. This may have left you wondering how attackers manage this feat, and perhaps even concerned if anyone out there sends malicious emails under your own company’s name. The good news is that several technologies exist to combat emails sent on someone else’s behalf: Sender Policy Framework (SPF); DomainKeys Identified Mail (DKIM); and Domain-based Message Authentication, Reporting, and Conformance (DMARC). The not-so-good news is that attackers occasionally discover ways ..read more

Episode 344 of the Transatlantic Cable podcast kicks off with news that Grindr is being sued or sharing sensitive user data with third-parties. From there the team talk about news from the U.K, which shows that a third of 5-7 year old children already have their own mobile phones. To wrap up, the team talk about news that Meta AI is now inserting itself into Facebook group chats, but it doesn’t always go to plan. If you like what you heard please consider subscribing. Grindr sued for allegedly revealing users’ HIV status Ofcom: Almost a quarter of kids aged 5-7 have smartphones Meta’s AI tell ..read more

Israeli researchers from Offensive AI Lab have published a paper describing a method for restoring the text of intercepted AI chatbot messages. Today we take a look at how this attack works, and how dangerous it is in reality. What information can be extracted from intercepted AI chatbot messages? Naturally, chatbots send messages in encrypted form. All the same, the implementation of large language models (LLMs) and the chatbots built on them harbors a number of features that seriously weaken the encryption. Combined, these features make it possible to carry out a side-channel attack when the ..read more

When it comes to spam, we usually think of a bunch of absolutely irrelevant advertising letters, which antispam engines filter out with no trouble at all. However, this is far from the most unpleasant thing that can fall into your mailbox. Sometimes spam is used to carry out a DDoS attack on corporate email addresses, and the victim gets bombarded with completely legitimate emails that don’t raise any suspicion of a standard antispam engine. Registration confirmations attack In order to perform a mail bomb attack, attackers can exploit the registration mechanisms on the web resources of totall ..read more