Security

A British man responsible for a high-profile 2020 hack of Twitter, now known as X, has been ordered to pay back 4.1 million British Pounds ($5.37 million USD) in cryptocurrency. Joseph James O'Connor, 26, is currently serving a five-year prison sentence in the United States after pleading guilty to multiple charges including computer intrusion and wire fraud. The cyber attack in July 2020 affected the accounts of numerous public figures, including then-presidential candidate Joe Biden, former President Barack Obama, and Tesla CEO Elon Musk. Other notable victims included Bill Gates, Warren ...view more

WhatsApp has announced a significant security enhancement: passkey support for end-to-end encrypted chat backups on both iOS and Android devices. This update means users can secure their valuable chat histories using the same simple methods they use to unlock their phones, such as a fingerprint, face scan, or screen lock PIN. (Source: forbes.com ) The move is designed to make robust security more accessible by removing a major hurdle for users. Previously, securing a cloud backup with end-to-end encryption required users to remember a complex password or safeguard a cumbersome 64-digit key. ...view more

Google has declined to fix a security vulnerability in its Gemini AI assistant that allows attackers to embed hidden instructions in emails and calendar invites. The flaw, known as ASCII smuggling, uses invisible characters that users cannot see but that artificial intelligence systems can read and process. Security researcher Viktor Markopoulos from cybersecurity firm FireTail discovered the vulnerability and reported it to Google in September. The company dismissed the issue, stating it only constitutes social engineering rather than a technical security bug. How the Attack Works ASCII ...view more

Microsoft has officially released Windows 11 version 25H2, marking the company's annual "feature update" for 2025. It's a quicker install than many updates, which is down to both the delivery and content of the update. Unlike traditional Windows updates that replace entire system files, version 25H2 utilizes a streamlined "enablement package" approach. The update activates feature code already present on machines running 24H2, requiring only a single restart to complete the installation process. Shared Codebase Simplifies Update Process Windows 11 versions 24H2 and 25H2 share the same ...view more

Microsoft has announced it will provide one year of no-strings free Extended Security Updates (ESUs) for Windows 10 users in the European Economic Area (EEA). Unlike the rest of the world, there's no need to follow any special conditions. Windows 10: The End is Near The end-of-support date for Windows 10 is October 14, 2025. Beyond this date, devices will no longer receive crucial security patches unless they are enrolled in the ESU program. Microsoft has shifted policy several times, originally suggesting the ESU was - as with previous Windows editions - only for businesses. It then offered ...view more

Researchers say a malware operation involving 224 malware-laden Android apps was particularly creative. They used a combination of tactics to disguise the malware and hide it from Google and security researchers. Human Security, which revealed details of the operation, has labeled the operation as "SlopAds". Its ultimate goal was to hijack phones and tablets to make bogus clicks to make it look like a user has viewed an ad on a site operated by the scammers. They then collect revenue from advertisers who are unaware no human saw their message. (Source: humansecurity.com ) The researchers say ...view more

Emails which appear to come from Apple email servers may be carefully crafted spam. Scammers have found a way to abuse Apple's calendar tools to disguise the spam and bypass filters. The spam is getting to many more recipients than usual as the messages appear to come from the user noreply[@]email.apple.com. It appears to be convincing enough that some spam filter systems are treating it as coming from a legitimate source within Apple, which is clearly not something most people would want blocked. The trick behind the spam is that the original message isn't sent as a standard email. Instead ...view more

iOS WhatsApp users should make sure their app is up to date following a dangerous security attack. The technique is particularly effective but fortunately seems to be highly targeted so far. It's been described as a zero-click attack, meaning a phone could be comprised simply by a user receiving a message. That's different to most messaging-based attacks which require a user to open an attachment or image, or to click on a link. The issue affects the Mac, iPhone and iPad apps for WhatsApp and is the result of a particularly unfortunate combination of two vulnerabilities. One is with WhatsApp ...view more

AOL dial-up Internet is ending in September. It lasted 34 years, long after a peak when it handled a claimed 40 percent of US online traffic. Exactly how many people were still subscribing is unclear. Several surveys in recent years estimated around 250,000-300,000 dial-up users in the United States, which AOL dominated in the remaining market. A couple of smaller companies do still offer the service in limited areas. AOL will continue as a business but is now primarily offering security tools. (Source: bbc.co.uk ) While many Infopackets readers likely remember dial-up, for the few who have ...view more

WhatsApp says it has taken down more than 6.8 million accounts linked to "criminal scam centers." It says scammers are using complex methods that use multiple apps to avoid being detected by any one of them. The company, owned by Meta (which also owns Facebook), says this isn't just a case of lone actors pulling off scams. It says many are the work of full-blown organized crime gangs which exploit forced labor workers - quite often they are used in sextortion and pig butchering schemes . While the specifics of the scams change, for example getting people to "invest" in cryptocurrency or ...view more