Skip to contentPhysical Address
304 North Cardinal St.
Dorchester Center, MA 02124
It may be a new year, but the pirate, scamsand dangerous people lurking online have not gone anywhere.
Just a day before the ball drops, the US Treasury Department said it had been hacked. Officials believe the attackers are an as-yet-unidentified Advanced Persistent Threat group linked to the Chinese government that exploited flaws in remote technology support software made by BeyondTrust to carry out what the Treasury Department described as ‘is a “major” violation. The company told Treasury on Dec. 8 that the attackers stole an authentication key, which ultimately allowed them to access the department’s computers. While the Treasury says the attackers were only able to steal “certain unclassified documents,” new details have already begun to emerge, which we’ll get into further below.
At first the assassination of UnitedHealthcare CEO Brian Thompson last monthgun silencers were mostly something you came across in Hollywood movies – or in Facebook and Instagram ads, if you looked closely. WIRED found that someone escaped thousands of ads for “fuel filters” that are, in fact, intended to be used as gun silencerswhich are heavily regulated by US law. Meta, which owns Facebook and Instagram, has since removed many of the ads, but new ones continue to pop up. So if you see one, keep scrolling – owning an unregistered silencer could result in felony charges.
When an Amber Alert push notification pops up on your phone, getting all the information you need to help find a kidnapped child can literally be a matter of life and death. That’s a lesson the California Highway Patrol learned this week when sent out an Amber Alert that linked to a post on X, which people couldn’t access unless they signed up.. While CHP says it has been linking to posts on the social network since 2018 with no problems until this week, a spokesperson tells WIRED they are “looking into it” now.
If you added better privacy and security practices to your list of 2025 goals, an easy place to start is your old chat history. You might be surprised how much sensitive information is there, maybe forgotten, but definitely not gone.
That’s not all. Every week, we add security and privacy news that we haven’t covered in depth. Click the headlines to read the full stories. And stay safe outside.
Apple this week agreed to pay $95 million to settle a class action over alleged wiretapping of its Siri voice assistant. The process, Lopez et al v. Apple Inc.accused Apple of recording people’s conversations without their knowledge and sharing that data with third parties to serve ads. The problem stemmed from Siri’s voice-activated feature — “Hey, Siri” — which two actors say surreptitiously captured conversations that resulted in ads for Nike shoes and Olive Garden. A plaintiff claimed that he was served an ad for medical treatment after having a conversation with his doctor. People who qualify as part of the class covered by the settlement, which must be approved by a federal judge in California, could receive up to $20 per device, for as many as five devices. As Reuters points out, the settlement amount is about nine hours of profit for Apple, which made almost $94 billion in the last fiscal year. The company does not admit any wrongdoing as part of the deal.
Newly selected court documents revealed that the FBI discovered during a search for a single illegal firearm the “largest seizure of homemade explosives in FBI history.” According to court records, the arsenal of explosives was found in the Virginia home of Brad Spafford, where investigators found more than 150 pipe bombs and other explosive devices. Prosecutors say the FBI found a backpack containing pipe bombs and emblazoned with a grenade-shaped patch with the hashtag #NoLivesMatter, a potential reference to a far-right extremist. “accelerationist” group, The New York Times reports. While prosecutors say Spafford – who allegedly used a photo of US President Joe Biden for targeted practices – aimed to “recoup political murders”, his lawyer says he is a harmless “family man” which should be released.
Following revelations earlier this week that Chinese state-owned hackers breached the U.S. Treasury in early December, the Washington Post reported Wednesday that the hackers specifically targeted the Comptroller’s Office. Foreign Assets. The attackers could be looking for information about the possible plans of the Office to sanction Chinese entities. Also, Bloomberg reported on Thursday that attackers targeted the computers of senior Treasury officials, where they were able to access unclassified material. So far, investigators have identified about 100 computers compromised by the hackers. Sources told Bloomberg, however, that the attack appeared to have been more of a crime of opportunity than a clandestine, long-planned operation like China’s recent infiltration of US telecommunications companies.
As China’s Treasury hacker comes under fire, the impact of his intrusions into American telecommunications companies is still widening. Two days after Christmas, Anne Neuberger, the White House deputy national security adviser for cyber and emerging technology, held a briefing with reporters in which she raised the count of telecommunications breached by Chinese hackers known as Salt Typhoon from eight to nine and suggested that at least part of the blame for these breaches lies in the companies’ inadequate security. “The reality is that, from what we see in terms of the level of cybersecurity implemented in the telecommunications sector, these networks are not as defensible as they need to be to defend against a well-resourced and capable offensive cyber actor like China.” Neuberger said. He added that the hackers targeted the communication histories of fewer than 100 people — mostly in Washington, D.C., including, allegedly, President-elect Donald Trump and Vice President-elect JD Vance. Neuberger said the spying incident calls for new Federal Communications Commission cybersecurity regulations that she says could have limited the scope of the breaches if they were in place.
Cars collect and transmit as much sensitive location data as any modern digital device, and the privacy pitfalls of all the tracking have become all too clear. Case in point: A whistleblower alerted Germany’s Chaos Computer Club and the country’s Der Spiegel news outlet that Cariad, a subsidiary of Volkswagen, left a trove of location data on 800,000 electric vehicles exposed online. The leak included cars sold not only by Volkswagen, but also by other brands, including Seats, Audi and Skoda. For Audi and Skoda, the location data was only accurate to about six kilometers, but Volkswagen cars and Seats could be located to about four centimeters. Since then, the exposed data has been secured, but the incident shows how far car manufacturers have yet to go to curb their data collection.
