Subject: U.S. works with Germany, Finland to disrupt terror-supporting cryptocurrency exchange
Source: UPI.com
https://www.upi.com/Top_News/World-News/2025/03/07/germany-finland-garantex-cryptocurrency-exchange-disrupted/5061741373259/
March 7 (UPI) — Working with Germany and Finland, U.S. officials disrupted and took down the online infrastructure used to operate Garantex, a cryptocurrency exchange that allegedly facilitated money laundering by transnational criminal organizations.Those organizations included terrorist groups, according to U.S. Justice Department officials, who made the announcement in a press release on Friday.
According to the indictment, Garantex has processed at least $96 billion in cryptocurrency transactions since April 2019.
The U.S. Justice Department said that, on March 6, U.S. law enforcement executed a seizure order authorized by a judge in the Eastern District of Virginia against three website domain names used to support Garantex’s operations: Garantex.org, Garantex.io, and Garantex.academy.
Source: BleepingComputer
https://www.bleepingcomputer.com/news/security/us-cities-warn-of-wave-of-unpaid-parking-phishing-texts/
US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city’s parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day.While parking scams have been around for years, a massive wave of phishing text messages has caused numerous cities throughout the US to issue warnings, including from Annapolis, Boston, Greenwich, Denver, Detroit, Houston, Milwaukee, Salt Lake City, Charlotte, San Diego, San Francisco, and many others.
The current wave of texts started last December and has continued since, with BleepingComputer receiving a text targeting New York residents earlier this week.
The text message received by BleepingComputer claims to be from the City of New York about an unpaid parking invoice, which would incur a daily $35 fine if not paid. The text then prompts you to visit an enclosed link to pay the fine.
…
Filed: https://www.bleepingcomputer.com/news/security/
Subject: OPM watchdog to investigate IT risks tied to DOGE’s agency access
Source: Nextgov/FCW
https://www.nextgov.com/cybersecurity/2025/03/opm-watchdog-investigate-it-risks-tied-doges-agency-access/403611/
OPM, known colloquially as the government’s “human resources department” that manages troves of personal data on millions of federal employees…
Nextgov/FCW previously reported those OPM emails may have run afoul of the privacy policy for the system used to distribute them because responses were not initially framed as “explicitly voluntary.”
In the letter dated March 7, OPM Deputy Inspector General Norbert Vint said the agency’s watchdog “initiated a new engagement on specific emerging risks at OPM” that were raised in a Feb. 6 letter from Democrats on the House Oversight Committee.
The ability to access OPM data would be a dream for hackers and scammers because it contains sensitive personal and financial information on millions of federal employees, including Social Security numbers, background checks, security clearance details and other data that could be exploited for identity theft, financial fraud, espionage or blackmail.
…
Source: WIRED
https://www.wired.com/story/eleven11bot-botnet-record-size-ddos-attacks/
Eleven11bot infects webcams and video recorders, with a large concentration in the US.
A newly discovered network botnet comprising an estimated 30,000 webcams and video recorders—with the largest concentration in the US—has been delivering what is likely to be the biggest denial-of-service attack ever seen, a security researcher inside Nokia said.
The botnet, tracked under the name Eleven11bot, first came to light in late February when researchers inside Nokia’s Deepfield Emergency Response Team observed large numbers of geographically dispersed IP addresses delivering “hyper-volumetric attacks.” Eleven11bot has been delivering large-scale attacks ever since.
At 30,000 devices, the Eleven11bot was already exceptionally large (although some botnets exceed well over 100,000 devices). Most of the IP addresses participating, Nokia researcher Jérôme Meyer told me, had never been seen engaging in DDoS attacks.
Besides a 30,000-node botnet seeming to appear overnight, another salient feature of Eleven11bot is the record-size volume of data it sends its targets.
A breakdown showed that the largest concentration of IP addresses, at 24.4 percent, was located in the US. Taiwan was next at 17.7 percent, and the UK at 6.5 percent.
…
Mirai-based botnets employ various methods for infecting their targets. One common method is to attempt to log in to device administrator accounts using username/password pairs commonly set as defaults by manufacturers. Mirai botnets have also been known to exploit vulnerabilities that bypass security settings.
Filed: https://www.wired.com/category/security/
This story originally appeared on Ars Technica.
Source: 404media.co
https://www.404media.co/the-200-sites-an-ice-surveillance-contractor-is-monitoring/
A contractor for Immigration and Customs Enforcement (ICE) and many other U.S. government agencies has developed a tool that lets analysts more easily pull a target individual’s publicly available data from a wide array of sites, social networks, apps, and services across the web at once, including Bluesky, OnlyFans, and various Meta platforms, according to a leaked list of the sites obtained by 404 Media. In all the list names more than 200 sites that the contractor, called ShadowDragon, pulls data from and makes available to its government clients, allowing them to map out a person’s activity, movements, and relationships.
The news comes after ICE detained Mahmoud Khalil, a prominent Columbia University protester and green card holding legal permanent resident of the U.S., on Saturday with the intention of deporting him. It also comes as Secretary of State Marco Rubio is reportedly launching an AI-fueled “Catch and Revoke” effort to scan the social media accounts for tens of thousands of student visa holders’ social media accounts, looking for what Axios reported as foreign nationals who appear to support Hamas or other designated terror groups.
Source: TechRadar via gHacks Tech News
https://www.ghacks.net/2025/03/13/anthropics-claude-ai-to-introduce-two-way-voice-conversations/
Anthropic’s AI chatbot, Claude, is poised to undergo significant enhancements, introducing two-way voice interactions and memory capabilities. These updates aim to create more natural and personalized user experiences, positioning Claude as a versatile assistant in the evolving AI landscape.
Two-Way Voice Interaction – The forthcoming voice mode will enable users to engage in hands-free conversations with Claude, allowing the AI to both listen and respond vocally. This functionality is designed to facilitate more fluid interactions, akin to conversing with a human assistant. While specific details regarding the implementation are pending, the feature is anticipated to be available in the coming months.
Source: The Markup
https://themarkup.org/artificial-intelligence/2025/03/13/ai-can-rip-you-off-heres-how-california-lawmakers-want-to-stop-price-discrimination
AI can help businesses charge you more based on how it evaluates your personal history and desires. California lawmakers want to end that price discrimination.
Amazon, ride-sharing apps, travel companies, and retail giants such as Staples and Target have engaged in the practice, which can set different prices for customers based on factors including internet browsing data or where they live. In one recent example published by SFGATE, a person in the Bay Area was offered a hotel room for $500 more than people in less affluent areas.
One bill introduced by Assembly member Cecilia Aguiar-Curry, a Democrat representing Davis, would make it easier for the California attorney general to pursue lawsuits against companies that use a pricing algorithm trained on nonpublic competitor data. Another bill would ban use of algorithms that personalize prices based on perceived characteristics or personal data.
One more, Senate Bill 52, would ban use of algorithms that set prices for rental properties and allow tenants to sue their landlord if they discover use of the technology. The proposal follows the filing of an antitrust lawsuit by eight states against RealPage, a Texas company whose software is used to set rental prices. A 2020 investigation by The Markup and The New York Times found that RealPage used faulty algorithms to automate tenant background checks, falsely accusing people of crimes and denying them a place to live.
…
Source: FedScoop
https://fedscoop.com/opm-inspector-general-doge-access-it-systems/
An Office of Personnel Management watchdog investigation into cybersecurity risks on government networks and the potential exposure of sensitive information will include an examination of DOGE access to those systems. OPM’s Office of Inspector General said in a letter to Democrats on the House Oversight Committee that it would incorporate “parts” of the lawmakers’ February request to probe DOGE’s unauthorized accessing of IT networks and Americans’ data into “existing work.” The watchdog also said it had “initiated a new engagement on specific emerging risks at OPM that are related to issues raised” in Democrats’ letter.
…
Filed: https://fedscoop.com/tag/presidential-transition/
Source: The Register
https://www.theregister.com/2025/03/10/allstate_sued_pii_exposure/
Crooks built bots to exploit astoundingly bad quotation website and made off with data on thousandsNew York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it.
The data was lifted from Allstate’s National General business unit, which ran a website for consumers who wanted to get a quote for a policy. That task required users to input a name and address, and once that info was entered, the site searched a LexisNexis Risk Solutions database for data on anyone who lived at the address provided.
The results of that search would then appear on a screen that included the driver’s license number (DLN) for the given name and address, plus “names of any other drivers identified as potentially living at that consumer’s address, and the entire DLNs of those other drivers.”
“National General intentionally built these tools to automatically populate consumers’ entire DLNs in plain text — in other words, fully exposed on the face of the quoting websites — during the quoting process,” the court documents [PDF] state.
When asked about the lawsuit, an Allstate spokesperson emailed The Register the following statement: We resolved this issue years ago, promptly securing our systems after finding vulnerabilities in online quoting tools that could have exposed driver’s license numbers. We promptly notified regulators, contacted potentially affected consumers and offered free credit monitoring as a precaution.
But by the time the insurer resolved the mess, crooks had built bots that harvested at least 12,000 individuals’ driver’s license numbers from the quote-generating site.
…
Tagged: