The largest data breach ever may be unfolding before our very eyes. What started as incidents impacting Ticketmaster and financial services firm Santander has snowballed into a multi-pronged attack potentially impacting hundreds of companies—and hundreds of millions of people. The source of the allegedly stolen data is Snowflake, a cloud storage firm, whose customers appear to have been targeted with infostealer malware that seemingly allowed hackers to access their Snowflake accounts.
Microsoft has also (and once again) had a bad week. After the tech giant recently announced its new Recall tool—which takes screenshots of everything a person does on their PC every five seconds and makes it all searchable—security researchers set off the red alert that this, frankly, sounds like a terrible idea. Indeed, one researcher used a preview version of Recall to create a tool that extracts all the data stored by the feature in just seconds. Another found that the tool was vulnerable to “privilege escalation” attacks, making it possible for a hacker to access a Recall database even if they don’t have administrative powers. Microsoft apparently took the criticism to heart, however, and will now turn off Recall by default and add additional security measures.
Embattled social media behemoth TikTok had a security scare this week after an attacker targeted high-profile TikTok users via direct messages in the app. TikTok says that only two accounts were successfully hijacked by the attack, while a third, belonging to celebrity Paris Hilton, was targeted but not taken over. Details about the incident remain sparse, but the company said Friday it has fixed the flaw that enabled the malware used to snatch accounts.
The city of Chula Vista, California, has pioneered a new kind of policing: using drones to respond to 911 calls. The “drone as first responder” program is the first of its kind in the US and has launched more than 20,000 drone flights since it started in late 2018. A WIRED investigation, based on an analysis of more than 22 million flight coordinates, public records, and interviews with dozens of residents, revealed this week what it’s like to live in a future policed by machines.
WIRED found this week that a US-based company enabled what the FBI believes are North Korean agents to carry out a scheme that funneled money to the country’s military. The scam involved setting up shell companies, through which North Koreans would get freelance IT jobs with US firms, and have the money they earned given to Kim Jong Un’s regime. The company that registered those shell companies is based in Wyoming, and it says it has since stopped working with the implicated shell companies.
We also laid out the privacy and security risks of using AI in the workplace, explored the ways a potential second Trump administration could weaponize surveillance against US residents, detailed how YouTube has become a giant crack in Russia’s propaganda firewall, and highlighted a Silicon Valley–funded startup that says it’s building a “handheld iron dome” for shooting drones out of the sky using standard firearms.
That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Apple Is Coming for Your Password Manager
At Apple’s Worldwide Developer Conference next week, the company will reportedly announce its own stand-alone password manager that will compete with apps like 1Password and LastPass. Dubbed simply Passwords, according to Bloomberg News, the app will reportedly have features that go well beyond the iCloud or Mac Keychain tools Apple already offers, allowing users to save passwords for Wi-Fi networks, store passkeys, and organize login credentials into categories. Passwords will also reportedly work on Windows machines, but it’s unclear whether people who use Android devices can get in on the security tool.
Epoch Times Executive Charged With Money Laundering
US prosecutors on Monday charged an executive at The Epoch Times newspaper with carrying out a massive money-laundering scheme. According to the US Department of Justice, Epoch Times chief financial officer Weidong “Bill” Guan engaged in “a transnational scheme to launder at least approximately $67 million of illegally obtained funds to benefit himself and the media company.”
The scheme, according to the indictment against Guan, largely involved using cryptocurrency to purchase prepaid debit cards “loaded with US dollars that had been obtained through various frauds”—including funds obtained through unemployment benefits fraud—for less than the funds on the prepaid debit cards. The purchase of the cards was carried out by members of The Epoch Times’ “Make Money Online” team, which Guan managed, according to the DOJ. The so-called MMO team would allegedly then use “stolen personal identification information” to open various accounts, which were used to transfer money from the prepaid debit cards to bank accounts associated with The Epoch Times and its employees. Guan faces one count of conspiring to commit money laundering, two counts of bank fraud, and could face decades in prison if convicted.
Eric Schmidt Ramps Up His Secret AI Military Drone Business
Google’s former CEO, billionaire Eric Schmidt, is quietly building a military drone company, reports Forbes. The company, called White Stork, has been testing devices at both its Hillspire office complex in Menlo Park, California, and in Ukraine. Relatively little has been publicly revealed about the company or the specifics of its technology. According to Forbes, however, “individuals flying small drones” have been spotted near the Hillspire property, and Schmidt has reportedly hired alumni from Google, SpaceX, and Apple to carry out his secretive project, providing some clues about its ambitions.
Russian Cybercriminals Blamed for London Health Care Ransomware Attack
A cyberattack against an organization that facilitates blood transfusions and other sensitive medical care disrupted hospitals and other health care entities across London this week. The attack targeted Synnovis, which manages a partnership between King’s College Hospitals trust and Guy’s and St Thomas’ hospital trust, and Synlab, a European medical testing firm. In a statement published on Tuesday, Synnovis said the attack “has affected all Synnovis IT systems, resulting in interruptions to many of our pathology services.” This forced hospitals to cancel surgeries involving blood transfusions and other procedures. Ciaran Martin, a former top UK cybersecurity official, blamed the attack on Qilin, a cybercriminal gang believed to have ties to Russia.
