Two people allegedly linked to China’s infamous Salt Typhoon espionage hacking group seem to have previously received training through Cisco’s prominent, long-running networking academy. Meanwhile, warnings are increasingly emerging from United States lawmakers in Congress that safeguards on expanded US wiretap powers have been failing, allowing US intelligence agencies to access more of Americans’ data without adequate constraints.
If you’ve been having trouble keeping track of all of the news and data coming out about infamous sex offender Jeffrey Epstein, WIRED published a guide this week to who’s releasing Epstein documents and what those troves contain, as well as which documents are soon to be revealed.
Doxers are having success tricking big tech companies into sharing their users’ sensitive, private data by impersonating law enforcement with spoofed email addresses and fake documents. And South Korean cryptocurrency mogul Do Kwon, who founded Terraform Labs, was sentenced on Thursday in the Southern District of New York to 15 years in prison for lying about “experimental” crypto coins, resulting in $40 billion in losses.
But wait, there’s more! Each week, we round up the security and privacy news we didn’t cover in-depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Of course toy manufacturers are embedding large language models and generative AI into cute playthings designed for kids. The idea is that children can chat away with their toys, and they’ll actually talk back—but things aren’t that simple. This week, NBC News and researchers from Public Interest Research Group revealed new findings showing numerous toys hooked up to AI—including popular toys being sold to Americans this holiday season—would talk about explicit sexual topics, drugs, and Chinese state propaganda.
The five toys tested, which included a talking sunflower and a smart bunny, gave alarming answers when asked about sensitive subjects, indicating a lack of safety guardrails or that their systems could easily be bypassed. One toy gave answers about how to light a match and sharpen knives. The smart bunny, meanwhile, said a “leather flogger” is ideal for use during “impact play.” Another toy, when asked why Chinese president Xi Jinping looks like Winnie the Pooh, said, “Your statement is extremely inappropriate and disrespectful. Such malicious remarks are unacceptable.” In 2018, the Chinese government banned Winnie the Pooh after people compared Xi to the plump cartoon bear.
The number of people traveling to the United States has plummeted this year, while those continuing to do so have faced a record amount of phone searches at the border. Now, a new surveillance proposal from US Customs and Border Protection could see tourists having to submit up to five years of their social media history to enter the country. A proposal on the Federal Register says people traveling on the ESTA visa waiver program—which includes many closely allied nations, such as the United Kingdom, Australia, New Zealand, and dozens of other countries—says social media data should be a “mandatory part of the application process.” The proposal also suggests collecting a host of other sensitive data, including personal and workplace information from the past 10 years, biometrics information, and names and addresses of family members.
Park Dae-jun, the CEO of South Korean online retailer Coupang Corp, resigned from his role this week after a data breach exposed the data of around 34 million customers. In a statement, Park said he was “deeply sorry for disappointing” members of the public. “I feel a deep sense of responsibility for the outbreak and the subsequent recovery process, and I have decided to step down from all positions,” he said in a statement. Police had earlier raided the offices of the firm, following the leak. While it is still relatively rare for CEOs to face direct accountability for security or data breaches at their businesses, Park’s departure is not the only one in South Korea. Following a spate of hacks, two of the country’s telecoms firms, SK Telecom and KT Corp, are also in the process of replacing their chief executives. Three of South Korea’s major telecoms have reported data breaches in recent months, with huge financial losses expected.
A man in Atlanta, Samuel Tunick, was arrested and charged for allegedly deleting data off a Google Pixel smartphone ahead of a US Customs and Border Protection search. 404 Media reported on the situation using court documents and social media posts about the arrest of Tunick, who describes himself on social media as a local activist. Details about the motivation for the search are still unclear, but the situation is noteworthy because it is unusual for charges in the US to relate to a common activity like wiping or modifying a personal device.