If it seems like there’s suddenly a whole lot more data breaches, you may be right. Part of this apparent spike is thanks to the growing popularity of infostealer malware. These types of malicious software are increasingly being used by cybercriminals to scoop up as many login credentials and other sensitive data as possible. That stolen data is then sold on criminal hacker forums, then used to break into victims’ accounts, which can include those of massive corporations. It’s a good reminder to always enable multi-factor authentication anywhere it’s available.
A security researcher this week disclosed the discovery of more than a dozen unsecured databases containing sensitive information on voters in counties across Illinois. The data, which was stored by a government contractor, includes driver’s license numbers, Social Security numbers, death certificates, and more. While election security has generally improved in recent years, the episode illuminates how difficult it can be to protect all voter data all the time.
The history of confidential FBI informants is long and sordid—and ongoing. A WIRED investigation published this week revealed how one informant infiltrated far-right groups and turned over their secrets to the Feds—all while pushing hateful ideologies that helped inspire a new generation of violent extremists online.
Hacking computers with lasers has always been a rich person’s game—until now. Security researchers Sam Beaumont and Larry “Patch” Trowell are releasing an open source laser hacking tool called RayV Lite, which can be produced for just $500, a tiny fraction of the $150,000 price tag of laser equipment historically used for hardware hacking. The pair will be detailing the RayV Lite at the Black Hat security conference next week in Las Vegas. (WIRED will be on the ground for Black Hat and Defcon, the other big security conference happening next week in Vegas, so check back for our full coverage starting on Tuesday.)
Finally, we dove into the fine print of OpenAI’s ChatGPT-4o to lay out the privacy wins and pitfalls of the generative AI tool.
But that’s not all. Each week, we round up the big security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
US Hands Over Russian Cybercriminals in WSJ Reporter Prisoner Swap
In a historic prisoner swap between the US and Russia, Wall Street Journal reporter Evan Gershkovich and former Marine Paul Whelan were freed from Russian detention on Thursday. The White House said the secret deal, negotiated for over a year, involved 24 prisoners: 16 moved from Russia to the West and eight from the West to Russia, including two cybercriminals. NBC News reports this is likely the first time the US has released international hackers in a prisoner exchange.
The two Russian hackers are Roman Seleznev and Vladislav Klyushin. Seleznev was sentenced in 2017 to 27 years in prison for racketeering convictions. According to the US Department of Justice, he installed malware on point-of-sale systems software that allowed him to steal millions of credit card numbers from more than 500 US businesses. In September 2023, Klyushin was sentenced to nine years in prison for what US prosecutors described as a “$93 million hack-to-trade conspiracy.”
Meta Pays $1.4 Billion Over Face Recognition Controversy
Meta, the parent company of Facebook and Instagram, will pay $1.4 billion to settle a lawsuit brought by the Texas attorney general, whose office accused the social media behemoth of illegally capturing the biometric data of millions of Texans. In 2022, the state sued Meta over its implementation of a feature that used face recognition to automatically suggest people to tag in photos and videos uploaded to Facebook. Prosecutors say the feature, initially called Tag Suggestions, violated a Texas law that makes it illegal for companies to capture and profit from someone’s biometric identifiers without their consent. While Meta did not admit to any wrongdoing as part of the agreement, according to Texas attorney general Ken Paxton's office, it’s the single largest privacy settlement ever obtained by a state.
Cyberattack Sparks Eight-Hour Microsoft Azure Outage
A widespread Microsoft Azure outage that impacted a range of services—including Microsoft 365 products such as Office and Outlook—was caused by a cyberattack, the tech company revealed on Wednesday. According to Microsoft’s Azure status history page, the incident lasted approximately eight hours on Tuesday and affected “a subset” of customers globally.
The company described the attack as a distributed denial of service, a malicious attempt by hackers to disrupt a target company’s operations by overwhelming its infrastructure with a flood of internet traffic. According to PCMag, two hacktivist groups have claimed responsibility. Microsoft plans on publishing a review of the incident.
Most PopularThe Top New Features Coming to Apple’s iOS 18 and iPadOS 18By Julian Chokkattu CultureConfessions of a Hinge Power UserBy Jason Parham GearHow Do You Solve a Problem Like Polestar?By Carlton Reid SecurityWhat You Need to Know About Grok AI and Your PrivacyBy Kate O'Flaherty
GearThe Azure outage comes just weeks after two near-simultaneous and unrelated internet infrastructure calamities wreaked havoc around the world. On July 18, tens of thousands of Microsoft 365 customers were impacted by an Azure configuration change. Hours later, security firm CrowdStrike released a flawed software update that sent some 8.5 million Windows computers into a reboot spiral, disrupting 911 call services, hospitals, airlines, and more.
Find the Cop Inside of You
Artist and educator Sam Lavigne released this week a custom face recognition system called Coppelganger, which is trained on publicly available images of 11,000 New York Police Department officers with complaints or disciplinary records—roughly a third of the force. This system identifies the top three most similar-looking police officers to an input image and links to the complaints filed against them. According to Lavigne, the images were sourced from 50-a.org, a searchable database of civilian complaints against NYPD officers.
The project shows how surveillance technology, once exclusive to government agencies and police departments, can now be utilized by virtually anyone with access to widely available tools and some programming skills. It could be used by activists to identify police engaging in misconduct at protests, for instance—not just the other way around. “I'm interested in finding ways to point surveillance technology back onto those who use and abuse it,” Lavigne tells WIRED.