Babel Finance Traded $280 Million of Users’ Crypto, Lost it All. Line not go up any more.

Babel Finance, the Hong Kong-based crypto lender, apparently had other designs when its worldwide user base handed over their crypto to the company than just borrowing and lending. It seems to have been doing what everyone else does with crypto, rapidly speculating and trying to make “line go up.” Of course, all that changed when Read more about Babel Finance Traded $280 Million of Users’ Crypto, Lost it All. Line not go up any more.[…]

Sony’s racing car AI just destroyed its human competitors—by being fast – and having etiquette rules

[…] Built by Sony AI, a research lab launched by the company in 2020, Gran Turismo Sophy is a computer program trained to control racing cars inside the world of Gran Turismo, a video game known for its super-realistic simulations of real vehicles and tracks. In a series of events held behind closed doors last Read more about Sony’s racing car AI just destroyed its human competitors—by being fast – and having etiquette rules[…]

Twitter warns of ‘record highs’ in account data requests

Twitter has published its 20th transparency report, and the details still aren’t reassuring to those concerned about abuses of personal info. The social network saw “record highs” in the number of account data requests during the July-December 2021 reporting period, with 47,572 legal demands on 198,931 accounts. The media in particular faced much more pressure. Read more about Twitter warns of ‘record highs’ in account data requests[…]

Free AI tool restores damaged old photos. Might see a “slight change of identity”. Looks very cool though.

Wang, X. et. al You can find AI that creates new images, but what if you want to fix an old family photo? You might have a no-charge option. Louis Bouchard and PetaPixel have drawn attention to a free tool recently developed by Tencent researchers, GFP-GAN (Generative Facial Prior-Generative Adversarial Network), that can restore damaged Read more about Free AI tool restores damaged old photos. Might see a “slight change of identity”. Looks very cool though.[…]

Roboticists discover alternative physics using different variables

Energy, mass, velocity. These three variables make up Einstein’s iconic equation E=MC2. But how did Einstein know about these concepts in the first place? A precursor step to understanding physics is identifying relevant variables. Without the concept of energy, mass, and velocity, not even Einstein could discover relativity. But can such variables be discovered automatically? Read more about Roboticists discover alternative physics using different variables[…]

For 12 Hours, Was Part of Apple Engineering’s Network Hijacked by Russia’s Rostelecom?

For a little over 12 hours on 26-27 July, a network operated by Russia’s Rostelecom started announcing routes for part of Apple’s network. The effect was that Internet users in parts of the Internet trying to connect to Apple’s services may have been redirected to the Rostelecom network. Apple Engineering appears to have been successful Read more about For 12 Hours, Was Part of Apple Engineering’s Network Hijacked by Russia’s Rostelecom?[…]

Discovery of UEFI rootkit exposes an ugly truth: The attacks are invisible to us

Researchers have unpacked a major cybersecurity find—a malicious UEFI-based rootkit used in the wild since 2016 to ensure computers remained infected even if an operating system is reinstalled or a hard drive is completely replaced. The firmware compromises the UEFI, the low-level and highly opaque chain of firmware required to boot up nearly every modern computer. Read more about Discovery of UEFI rootkit exposes an ugly truth: The attacks are invisible to us[…]

US court system suffered ‘incredibly significant attack’ – no details known yet

The United States’ federal court system “faced an incredibly significant and sophisticated cyber security breach, one which has since had lingering impacts on the department and other agencies.” That quote comes from congressional representative Jerrold Lewis Nadler, who uttered them on Thursday in his introductory remarks to a House Committee on the Judiciary hearing conducting Read more about US court system suffered ‘incredibly significant attack’ – no details known yet[…]

China fines ride-sharer DiDi $1.2bn for data privacy abuse – why is China leading the world in this?

The Cyberspace Administration of China has fined ride-sharing company DiDi global ¥8.026 billion ($1.2 billion) for more than 64 billion illegal acts of data collection that it says were carried out maliciously and threatened national security. Yes, we do mean billion. As in a thousand million. The Administration enumerated DiDi’s indiscretions as follows: 53.976 billion Read more about China fines ride-sharer DiDi $1.2bn for data privacy abuse – why is China leading the world in this?[…]

Atlassian reveals critical flaws in most of their products

Atlassian has warned users of its Bamboo, Bitbucket, Confluence, Fisheye, Crucible, and Jira products that a pair of critical-rated flaws threaten their security. The company’s July security advisories detail “Servlet Filter dispatcher vulnerabilities.” One of the flaws – CVE-2022-26136 – is described as an arbitrary Servlet Filter bypass that means an attacker could send a Read more about Atlassian reveals critical flaws in most of their products[…]

Google forced to allow some Android apps to use third-party payments in the EU

Android developers who distribute apps on the Google Play store can now use third-party payment systems in many European countries. The measure applies to the European Economic Area (EEA), which comprises European Union states as well as Iceland, Liechtenstein and Norway. However, the policy will not apply to gaming apps, which still need to use Read more about Google forced to allow some Android apps to use third-party payments in the EU[…]

Russia fines Google $374M over Ukraine invasion portrayal

A Russian court fined Google $374 million on Monday for its failure to remove prohibited content, according to the country’s internet watchdog Roskomnadzor. The Tagansky District Court of Moscow took exception to YouTube content it claimed contained “fakes about the course of a special military operation in Ukraine” and discredited Russia’s armed forces. The court Read more about Russia fines Google $374M over Ukraine invasion portrayal[…]

UK court okays $1.1b Play Store lawsuit against Google

A London court on Tuesday authorized a lawsuit that seeks to have Google pay £920 million ($1.1 billion) for overcharging customers for app store purchases. Filed as a class action on behalf of 19.5 million UK citizens, the suit alleges Google charged commission fees up to 30 percent on app sales. Consumer rights advocate Liz Read more about UK court okays $1.1b Play Store lawsuit against Google[…]

how I Hacked My Car – completely pwn a 2021 Hyundai Ioniq head unit – a story in 3 parts

The Car Last summer I bought a 2021 Hyundai Ioniq SEL. It is a nice fuel-efficient hybrid with a decent amount of features like wireless Android Auto/Apple CarPlay, wireless phone charging, heated seats, & a sunroof. One thing I particularly liked about this vehicle was the In-Vehicle Infotainment (IVI) system. As I mentioned before it Read more about how I Hacked My Car – completely pwn a 2021 Hyundai Ioniq head unit – a story in 3 parts[…]

Hacker Liberates Hyundai Head Unit, Writes Custom Apps | Hackaday

[greenluigi1] bought a Hyundai Ioniq car, and then, to our astonishment, absolutely demolished the Linux-based head unit firmware. By that, we mean that he bypassed all of the firmware update authentication mechanisms, reverse-engineered the firmware updates, and created subversive update files that gave him a root shell on his own unit. Then, he reverse-engineered the Read more about Hacker Liberates Hyundai Head Unit, Writes Custom Apps | Hackaday[…]

Records reveal the scale of Homeland Security’s phone location data purchases

Investigators raised alarm bells when they learned Homeland Security bureaus were buying phone location data to effectively bypass the Fourth Amendment requirement for a search warrant, and now it’s clearer just how extensive those purchases were. TechCrunch notes the American Civil Liberties Union has obtained records linking Customs and Border Protection, Immigration and Customs Enforcement Read more about Records reveal the scale of Homeland Security’s phone location data purchases[…]

Apple Pay illegally profited by walling off contactless payments, lawsuits in EU, US allege

A proposed class-action lawsuit filed on behalf of payment card issuers accuses Apple of illegally profiting from Apple Pay and breaking antitrust laws. Iowa’s Affinity Credit Union is listed as the plaintiff in the complaint, filed today in the US District Court for the Northern District of California. The lawsuit alleges that by restricting contactless Read more about Apple Pay illegally profited by walling off contactless payments, lawsuits in EU, US allege[…]

“Parallel Reality” Display Shows Different Info to Different People at Same Time

Imagine if you, me and a dozen other people were standing in a room staring at the same screen—but the screen showed something different to each of us, simultaneously. A California-based tech company called Misapplied Sciences has made this possible. They’ve developed a “parallel reality” display “enabled by a new pixel that has unprecedented capabilities,” Read more about “Parallel Reality” Display Shows Different Info to Different People at Same Time[…]

Ubisoft Teaches Customers They Don’t Own All That DLC They ‘Bought’

While we were just discussing how everyone occasionally gets reminded that for many digital goods these days you simply don’t actually own what you’ve bought, all thanks to Sony disappearing a bunch of purchased movies and shows from its PlayStation platform, this conversation has been going on for a long, long time. Whereas the expectation Read more about Ubisoft Teaches Customers They Don’t Own All That DLC They ‘Bought’[…]

Apple AirTags Hacked And Cloned With Voltage Glitching

[…] researchers have shown that it’s possible to clone these devices, as reported by Hackster.io. The research paper explains the cloning process, which requires physical access to the hardware. To achieve the hack, the Nordic nRF52832 inside the AirTag must be voltage glitched to enable its debug port. The researchers were able to achieve this Read more about Apple AirTags Hacked And Cloned With Voltage Glitching[…]

Lenovo fixes trio of UEFI vulnerabilities – fortunately not for Thinkpads though

[…] “The vulnerabilities,” explained the ESET Research team, “can be exploited to achieve arbitrary code execution in the early phases of the platform boot, possibly allowing the attackers to hijack the OS execution flow and disable some important security features.” “It’s a typical UEFI ‘double GetVariable’ vulnerability,” the team added, before giving a hat tip Read more about Lenovo fixes trio of UEFI vulnerabilities – fortunately not for Thinkpads though[…]

Hasbro will 3D-print your face onto its iconic action figures

Have you ever wanted to see your own face on the body of a Power Ranger or a Ghostbuster? Thanks to an ingenious partnership between Hasbro and 3D-printing specialists Formlabs, now you can. The Hasbro Selfie Series will let would-be heroes take a scan of their face with their phone and have a custom-made, look-a-like Read more about Hasbro will 3D-print your face onto its iconic action figures[…]

X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities

[…] CVE-2022-2319 and CVE-2022-2320 were made public this morning and both deal with the X.Org Server’s Xkb keyboard extension not properly validating input that could lead to out-of-bounds memory writes. Hopefully though in 2022 you aren’t relying on your xorg-server running as root. Fixes for these XKB vulnerabilities have been patched in X.Org Server Git Read more about X.Org Server Hit By New Local Privilege Escalation, Remote Code Execution Vulnerabilities[…]