Industry News

Kazakhstani authorities will fine Kazakhtelecom and Air Astana for not doing enough to keep the personal data of Kazakhstanis safe. The two companies will be obliged to pay $825 in fines and correct the violations within the year.

The context. In February, unidentified hackers published data from iSoon (or Anxun), a Chinese contractor for the Ministry of Public Security of China. According to that information, a group of Chinese hackers for two years had maintained access to critical infrastructure of Kazakhstani mobile operators and likely to personal data of Kazakhstanis.

Active since 2023, the Mysterious Werewolf cluster has shifted targets to the military-industrial complex (MIC) by using phishing emails with a weaponized archive.

The archive contains a seemingly legitimate PDF document along with a malicious CMD file, and when the victim opens the archive and double-clicks the PDF, the CMD file executes, deploying the RingSpy backdoor onto the compromised system.

On Monday, OpenAI announced that visitors to the ChatGPT website in some regions can now use the AI assistant without signing in. Previously, the company required that users create an account to use it, even with the free version of ChatGPT that is currently powered by the GPT-3.5 AI language model. But as we have noted in the past, GPT-3.5 is widely known to provide more inaccurate information compared to GPT-4 Turbo, available in paid versions of ChatGPT.

When your home has been broken into, you may not initially comprehend all that has been taken, or the damage that has been done. This is the state of apprehension the Linux community now feels with the recently-unearthed xz backdoor security vulnerability.

“This upstream supply chain security attack is the kind of nightmare scenario that has gotten people describing it called hysterical for years,” Kubernetes Security Chairperson Ian Coldwater had written on X. “It’s real.”

Voice synthesis has come a long way since 1978's Speak & Spell toy, which once wowed people with its state-of-the-art ability to read words aloud using an electronic voice. Now, using deep-learning AI models, software can create not only realistic-sounding voices, but also convincingly imitate existing voices using small samples of audio.

Along those lines, OpenAI just announced Voice Engine, a text-to-speech AI model for creating synthetic voices based on a 15-second segment of recorded audio. It has provided audio samples of the Voice Engine in action on its website.

In early March, Google made the odd announcement that only one of its two latest smartphones, the Pixel 8 and Pixel 8 Pro, would be able to run its latest AI model, called "Google Gemini." Despite having very similar specs, the smaller Pixel 8 wouldn't get the new AI model, with the company citing mysterious "hardware limitations" as the reason. It was a strange statement considering the fact that Google designed and marketed the Pixel 8 to be AI-centric and then designed a smartphone-centric AI model called "Gemini Nano" yet still couldn't make the two work together.

On Friday, researchers revealed the discovery of a backdoor that was intentionally planted in xz Utils, an open-source data compression utility available on almost all installations of Linux and other Unix-like operating systems. The person or people behind this project likely spent years on it. They were likely very close to seeing the backdoor update merged into Debian and Red Hat, the two biggest distributions of Linux when an eagle-eyed software developer spotted something fishy.

Video game giant Activision is investigating a hacking campaign that’s targeting players with the goal of stealing their credentials, TechCrunch has learned.

At this point, the hackers’ specific goals — apart from stealing passwords for various types of accounts — are unclear. Somehow, the hackers are getting malware on the victims' computers and then stealing passwords for their gaming accounts and crypto wallets, among others, according to sources.

A ransomware group is threatening to publish a huge cache of stolen data following a cyber attack on a Scottish health board.

NHS Dumfries and Galloway warned earlier this month that hackers could have acquired “a significant quantity” of patient and staff information. A group calling itself INC Ransom has now said it will make public three terabytes of data unless its demands are met.

Hacking is a phenomenon that has been around since at least the 1960s, initially as an exploration into computing more broadly, fueled by the insatiable curiosity of an eternally brilliant community of "hackers," and in large part, that remains true today. Unfortunately, the term "hacking" can conjure up scenes of a lonely individual in a hoodie behind a keyboard, bullying and stealing from victims with ease from the safety of a poorly lit basement room.