Category: Security & Privacy

A 24-year-old hacker from Springfield, Tennessee, named Nicholas Moore, has pleaded guilty to illegally accessing and sharing sensitive information from various U.S. government agencies, including the Supreme Court, AmeriCorps, and the Department of Veterans Affairs. Moore’s actions highlight the vulnerabilities in government systems and the critical need for enhanced cybersecurity measures.

According to the investigation, Moore hacked into these agencies’ networks using stolen user credentials. Once inside, he extracted personal data of individuals authorized to access the systems and posted it on his Instagram account, @ihackthegovernment. The disclosed information included the name and electronic filing records of a Supreme Court victim, personal details of an AmeriCorps victim such as name, date of birth, contact information, citizenship status, and partial social security number, as well as identifiable health information of a Department of Veterans Affairs victim.

As a consequence of his actions, Moore faces a potential sentence of up to one year in prison and a fine of $100,000. This case underscores the ongoing battle against cyber threats and the importance of robust cybersecurity practices across government agencies to safeguard sensitive information from malicious actors.

Source: TechCrunch

California Attorney General Rob Bonta has taken action against xAI, a startup known for its chatbot Grok, over the creation of nonconsensual sexual imagery and child sexual abuse material (CSAM). Following reports of xAI’s involvement in generating deepfake content without consent, the AG’s office issued a cease-and-desist letter demanding an immediate halt to these activities.

The controversy revolves around xAI’s ‘spicy’ mode feature embedded in Grok, designed to produce explicit content. This has triggered investigations not only in California but also in Japan, Canada, Britain, Malaysia, and Indonesia. Despite xAI implementing restrictions on its image-editing capabilities, regulatory bodies continue to scrutinize the startup’s practices.

Emphasizing a ‘zero tolerance’ policy towards CSAM, California’s actions send a clear message regarding the legal consequences of creating and distributing such illicit material. The AG’s office expects xAI to demonstrate proactive measures within five days to address these serious concerns.

The fallout from this situation highlights the ethical challenges posed by AI technologies, particularly in the context of deepfakes and nonconsensual content creation. As the regulatory landscape evolves to combat misuse, tech companies face increasing pressure to ensure responsible deployment of AI-driven features.

Source: TechCrunch

A recent discovery has revealed a sophisticated phishing campaign targeting high-profile users across the Middle East, including a U.K.-based Iranian activist, a Lebanese cabinet minister, and at least one journalist. The campaign utilized WhatsApp messages containing phishing links to steal credentials and compromise accounts, shedding light on the evolving tactics of cyber attackers targeting individuals involved in sensitive activities.

According to TechCrunch’s analysis, the phishing campaign aimed to extract Gmail and other online credentials, compromise WhatsApp accounts, and conduct surveillance by accessing location data, photos, and audio recordings. While the exact identity of the hackers remains uncertain, the impact on the victims was significant, with exposed data including responses from various individuals such as a Middle Eastern academic in national security studies, the head of an Israeli drone manufacturer, a senior Lebanese cabinet minister, and individuals with U.S. connections.

This incident underscores the importance of vigilance and awareness among high-profile individuals to safeguard their digital assets and personal information from malicious actors as cybersecurity threats continue to evolve.

Source: TechCrunch

Iran is currently experiencing one of its longest internet shutdowns, with over 92 million citizens unable to access the internet for more than a week. This shutdown, initiated by the government in response to anti-government protests, highlights the challenges governments face in controlling and restricting access to the internet during times of unrest.

Authorities have resorted to a complete blackout of internet and phone services across the country to quell dissent, leading to a severe information blockade for its citizens. According to experts, this shutdown ranks as one of the longest in Iran’s history, surpassing previous records set in 2019 and 2025.

Isik Mater, the director of research at NetBlocks, notes that Iran’s internet shutdowns are among the most comprehensive and strictly enforced nationwide. Zach Rosson, a researcher at Access Now, points out that Iran’s current shutdown is on track to become one of the top 10 longest shutdowns globally, based on available data.

This trend raises concerns about the increasing use of internet restrictions as a tool for political control and suppression. As technology continues to play a pivotal role in shaping societies, the case of Iran’s internet shutdown serves as a stark reminder of the delicate balance between national security measures and the fundamental right to access information.

Source: TechCrunch

U.S. senators have put major tech companies, including X, Meta, Alphabet, Snap, Reddit, and TikTok, under scrutiny regarding the proliferation of sexualized deepfakes on their platforms. The senators are seeking evidence of robust policies and strategies to effectively address this issue.

The companies have been instructed to retain all data related to the creation, identification, moderation, and monetization of AI-generated sexualized content, along with their associated policies. This move follows X’s decision to update Grok, a tool that previously allowed the creation of inappropriate imagery, to prevent edits on real individuals in revealing attire, limiting such abilities to paid users.

Despite existing rules against non-consensual intimate content and sexual exploitation, the senators highlighted loopholes that enable users to circumvent platform safeguards. Instances of Grok generating sexualized and nude images have underscored the urgency for stricter measures. While X has faced particular criticism, the senators stress that other platforms must also address this growing concern.

Source: TechCrunch

The Federal Trade Commission (FTC) has finalized an order that prohibits General Motors (GM) and its OnStar telematics service from sharing specific consumer data with consumer reporting agencies. This order, which follows a proposed settlement reached a year ago, mandates GM to enhance transparency with consumers and secure explicit consent for any data collection activities.

The order restricts GM from collecting and selling geolocation data to third parties, such as data brokers and insurance companies. This action was prompted by reports revealing how GM and OnStar utilized drivers’ precise geolocation data and driving behavior for commercial purposes.

GM’s Smart Driver program, integrated into its connected car apps, monitored driving behaviors and seatbelt use, with data brokers like LexisNexis and Verisk then selling this information to insurance providers, potentially impacting customers’ rates. Following customer feedback, GM discontinued the Smart Driver program in 2024 and terminated its relationships with data brokers.

The FTC accused GM and OnStar of misleading enrollment practices and insufficiently disclosing data collection and sharing policies. The finalized order requires GM to explicitly seek consumer consent before gathering, using, or sharing connected vehicle data, a process initiated during vehicle purchases at dealerships.

While some exceptions to the data collection ban exist, GM is now mandated to operate with greater transparency and consumer consent to uphold data privacy standards.

Source: TechCrunch

YouTube has introduced new parental controls to allow parents to manage the time their children spend watching YouTube Shorts. The platform now enables parents to set time limits on connected accounts, preventing excessive use and promoting responsible viewing habits.

Parents can establish specific time restrictions for Shorts consumption, ensuring that children don’t get carried away with endless scrolling. Additionally, parents have the option to block Shorts entirely on designated accounts, offering flexibility for different parental preferences or study-focused periods.

Furthermore, YouTube has incorporated features like custom Bedtime and Take a Break reminders, encouraging users, both young and adult, to take breaks from screen time. These tools aim to balance entertainment with healthy digital habits, aligning with the platform’s commitment to user well-being.

These enhancements build upon YouTube’s existing parental controls for teens and align with industry standards observed by platforms like TikTok, Snapchat, Instagram, and Facebook. YouTube’s continuous efforts to enhance safety measures include age-estimation technology to tailor experiences based on users’ ages, ensuring age-appropriate content delivery.

Source: TechCrunch

A recent report has revealed a critical security incident within the global shipping industry, shedding light on the vulnerabilities that can arise in even the most essential tech systems. Bluspark Global, a key U.S. shipping tech company, inadvertently exposed its shipping systems and customer data to the web due to a series of unaddressed vulnerabilities. This revelation comes as cyber threats in the shipping sector are escalating, with hackers targeting logistics companies to divert goods into the hands of criminals.

Bluspark’s platform, Bluvoyix, utilized plaintext passwords, leaving sensitive information, including customer shipment records dating back decades, accessible to anyone online. The company, responsible for facilitating freight shipments for major retailers and manufacturers globally, faced criticism for the lack of robust cybersecurity measures in place.

Security researcher Eaton Zveare, who identified the flaws in Bluspark’s systems, highlighted the challenges in promptly addressing these issues due to the company’s inadequate communication channels. Despite Bluspark’s efforts to rectify the vulnerabilities by fixing five critical flaws, the incident underscores the urgent need for heightened security protocols across the shipping tech landscape.

Source: TechCrunch

A 24-year-old individual from Tennessee is set to admit to repeatedly hacking into the U.S. Supreme Court’s electronic filing system without authorization, as reported by TechCrunch. Nicholas Moore, a resident of Springfield, Tennessee, allegedly accessed the system unlawfully on 25 different days between August and October 2023, obtaining information from a protected computer. The specifics of the accessed information and the method used remain undisclosed at this time. Moore is expected to plead guilty via video link in court on Friday.

Prosecutors have not revealed further details beyond what has been publicly disclosed. The U.S. District Court for the District of Columbia, responsible for the charges against Moore, declined to provide additional information. Similarly, the U.S. Department of Justice did not immediately respond to inquiries from TechCrunch.

This incident adds to a series of cybersecurity breaches targeting U.S. court systems in recent years. The Administrative Office of the U.S. Courts announced heightened cybersecurity measures following a cyberattack on its electronic court records system in August, attributed to hackers linked to the Russian government.

For those interested in further details on this case or other data breaches, TechCrunch invites individuals to share information securely with Lorenzo Franceschi-Bicchierai.

Source: TechCrunch

Financial technology firm Betterment recently confirmed a data breach that exposed some customers’ personal information following a social engineering attack. According to TechCrunch, hackers infiltrated Betterment’s systems using third-party platforms, compromising customer details such as names, email addresses, phone numbers, and dates of birth. The breach allowed hackers to send fake crypto scam notifications to users, attempting to lure them into sending funds to a fraudulent wallet.

Betterment, known for its automated investment services, promptly responded to the breach, detecting the unauthorized access on the same day and launching an investigation with cybersecurity experts. The company reassured customers that no account access or login credentials were compromised. Despite this, the incident underscores the ongoing cybersecurity challenges faced by fintech companies and the importance of robust security measures to protect sensitive customer data.

This breach serves as a reminder of the evolving tactics employed by cybercriminals to exploit vulnerabilities in digital platforms, highlighting the critical need for continuous vigilance and proactive security measures within the financial technology industry.

Source: TechCrunch

Recent legal battles against deepfake porn highlight the ongoing struggle to combat non-consensual image manipulation online. An app named ClothOff has been causing distress for over two years, evading removal from major app stores and social platforms but remaining accessible through the web and a Telegram bot. Attempts to dismantle the app through legal action face hurdles, such as identifying the responsible parties scattered across different countries.

Professor John Langford, involved in a lawsuit against ClothOff, revealed the complexities of chasing down the app’s creators, believed to operate from the British Virgin Islands and Belarus. This case sheds light on the challenges posed by platforms facilitating non-consensual imagery generation, leaving victims with limited recourse for justice.

One striking example from the lawsuit involves an anonymous high school student in New Jersey whose Instagram photos were altered by classmates using ClothOff. The victim, underage when the original images were taken, faced the distribution of AI-modified content classified as child abuse imagery. Despite the clear illegality, prosecuting such cases proves difficult due to evidence collection challenges.

These incidents underscore the urgent need for technological solutions to combat deepfake content proliferation and safeguard individuals from image-based exploitation. The case serves as a cautionary tale, emphasizing the critical role technology plays in enabling and combating online image manipulation.

Source: TechCrunch

Instagram recently faced security concerns after some users reported receiving suspicious password reset requests, raising fears of a potential breach. The situation came to light when antivirus software company Malwarebytes shared details of a purported cybercriminal attack affecting millions of Instagram accounts. According to Malwarebytes, sensitive user information, including usernames, addresses, phone numbers, and emails, was allegedly compromised and put up for sale on the dark web.

Contrary to these claims, Instagram clarified that there was no breach in its security. The platform acknowledged the issue of unauthorized password reset emails being sent and promptly addressed the problem. Instagram assured users that the issue had been resolved and the emails could be disregarded. However, the company did not disclose specifics about the external party responsible for the incident.

This incident underscores the importance of robust security measures in safeguarding user data on social media platforms. While the situation raised concerns about potential data exposure, Instagram’s swift response and resolution demonstrate the critical role of proactive security protocols in mitigating risks and maintaining user trust.

Source: TechCrunch