Security

The company now offers up to $250,000 to people who find, detail, and demonstrate remote code execution vulnerabilities in Chrome. That more than doubles Chrome’s previous top payout, which sat at $100,115.

As reported by 404 Media, a survey from the anti-human trafficking nonprofit Thorn revealed that 1 in 10 minors said they knew of peers who used AI to create nudes of other kids:

While the motivation behind these events is more likely driven by adolescents acting out than an intent to sexually abuse, the resulting harms to victims are real and should not be minimized in attempts to wave off responsibility. 

In March, two Florida teens were arrested for creating deepfake nudes of classmates.

The web browser and search startup confirmed to TechCrunch that 27 roles have been axed, but provided no explanation for the cuts.

That’s a significant number for a company the size of Brave — just 191 staffers according to a Pitchbook estimate. The move also follows Brave laying off 9 percent of its workforce in October last year.

The Washington Post reports Jesse Kipf pleaded guilty to computer fraud and identity theft charges for using a doctor’s login to falsify a death certificate and attempting to sell access to death registry systems.

US attorney Carlton S. Shier IV called it “a cynical and destructive effort, based in part on the inexcusable goal of avoiding his child support obligations.”

“The [intelligence community] is confident that the Iranians have through social engineering and other efforts sought access to individuals with direct access to the presidential campaigns of both political parties,” according to a joint ODNI, FBI, and CISA statement.

The Trump campaign said earlier this month that it had been hacked and claimed that Iran was responsible.

The program, which paid security researchers up to $20,000 to locate vulnerabilities in popular Android apps, is being shuttered after seven years due to “a decrease in the number of actionable vulnerabilities reported.”

Google last announced in 2019 that it had paid $265,000 in bounties via the program — a fraction of the $10 million it paid out across all vulnerability programs last year.

As reported by Bleeping Computer, Google is testing a new experimental flag that can hide sensitive content while “screen sharing, screen recording and similar actions” in regular tabs — redacting the user's entire screen if things like credit card details or passwords are detected.

There’s no mention of a release date, but it should be available for testing in Chrome Canary in the coming weeks.

Specifically, about $60 million — a hefty civil penalty to settle allegations that the telecom giant failed to report incidents of unauthorized access to sensitive data, violating a national security agreement it made to acquire Sprint in 2020.

It’s the largest fine ever imposed by the Committee on Foreign Investment in the US, and just one of many data breaches T-Mobile has faced in recent years.

Citizen Lab and Access Now linked a “sophisticated spear phishing campaign” to a group associated with the Russian Federal Security Service (FSB). The campaign has allegedly targeted exiled opposition figures as well as non-governmental organization staff in the US and Europe. Threat actors would allegedly email their targets, pretending to be a colleague or funder, the groups say.

Trump adviser Roger Stone told The Washington Post that “a couple” of his personal email accounts had been compromised.

As for phishing emails sent to three Biden-Harris campaign staffers, the publication reports that “investigators have not found evidence that those hacking attempts were successful.”

Just weeks after the NYT profiled Blake Benthall about his Silk Road 2.0 role and post-prison endeavors, 404 Media has identified a co-founder, Thomas White, as its “Dread Pirate Roberts 2.0.”

Between his 2014 arrest and receiving a five-year prison sentence in 2019, White apparently launched DDoSecrets with Emma Best, which was eventually tagged a “criminal hacker group” after publishing the “BlueLeaks.”

The vulnerability deals with how browsers deal with queries to the IP address 0.0.0.0, as reported by Forbes and the security startup Oligo. Apple tells Forbes that it is making changes to the macOS Sequoia beta to fix the issue, while Google has plans to fix it in Chrome.

CrowdStrike blamed testing software for taking down 8.5 million Windows machines last month, but now a full root cause analysis offers more details. The main issue was a mismatch between the input fields expected by CrowdStrike’s Falcon driver and the ones supplied in a content update. CrowdStrike is now promising to better test updates and is using two independent third-party software security vendors to review its sensor code and release processes.

If you update to macOS Sequoia, you’ll have to go to Settings > Security & Privacy and approve the app on first open, because Apple is taking away the current right-click (ctrl-click) workaround.

The warning signifies the developer never had Apple malware scan and notarize the app. Sensible security step or not, I’ll still grumble every time I have to open Settings to run something.

BleepingComputer points out the notes for this month’s Android security patch, with fixes for flaws that could allow someone to take over your device. The 2024-08-05 patch level specifically addresses a kernel flaw tagged CVE-2024-36971 which “may be under limited, targeted exploitation” already, so be sure to update your devices ASAP.

Level, Chamberlain, Moen, Aqara, and Lutron are just some of the manufacturers the publication reports lack a dedicated way for security researchers to flag vulnerabilities — meaning a malicious hacker could potentially take advantage of a flaw before the company knows about it.

Check out the full report to see who’s on the naughty list — and who made the nice list.

This was mandated for all federal agencies back in March, so expect more of these kinds of announcements.

CISA’s general ambit means this hire is a tad bit more significant than the average Chief AI Officer — the agency deals with foreign influence operations and election cybersecurity, for instance. (In 2020, the agency’s head was yeeted by Trump for saying that the election had in fact been safe and secure.)