Mandiant researchers published findings this week about a newly revealed Chinese espionage operation that used Sogu malware to spy on the African operations of both European and US organizations. The campaign is significant for the scope of its victims, but also because attackers used a classic malware distribution method: thumb drives. The attacks are the latest example of China’s aggressive global espionage—but read on for statements from the Chinese government about alleged US cyberattacks and digital espionage.
After Elon Musk claimed recently that primates used in Neuralink implant research were close to death anyway, a WIRED investigation this week revealed grisly details about the truth of their deaths that appear to dispute the characterization that the animals were all terminally ill. The revelations come as Neuralink is pursuing human trials of its brain-chip implants.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.
Kia and Hyundai cars have been plagued for years by vulnerabilities—and simply missing protective features—in their antitheft systems that make the cars far too easy to steal. Recently, the companies have been attempting to distribute updates to remedy the situation, but the flaws have already resulted in skyrocketing car theft rates around the United States. New data from 10 US cities compiled by Motherboard through public records requests illustrate the extent of the problem. In Chicago, for example, average car theft rates of about 850 per month are now consistently up to more than 2,000 per month. Similarly, before 2021, rates in Denver used to hover around 800 stolen cars per month. They now typically top 1,000. Atlanta’s car theft rates have doubled from their old level before 2022 of fewer than 250 incidents per month.
“Stolen car rates are not up by 10 percent, or 20 percent, or even 50 percent,” the report says. “In many cities, they are up hundreds of percentage points, Motherboard has found. Rates of stolen Kias and Hyundais in particular are up thousands of percentage points.”
Over the past two weeks, MGM Resorts has been dealing with the very public fallout of a recent cyberattack. Caesars Entertainment also admitted last week that it recently suffered a data breach and faced criminal extortion demands. Adding to the larger context, an executive for the enterprise identity management firm Okta said this week that the same gang that targeted MGM and Caesars, known as Alphv, also hacked three other targets since August as part of the same spree.
That makes five Okta customers in total that were affected. David Bradbury, Okta’s chief security officer, would not name the other three victims but said they are in the technology, retail, and manufacturing sectors. Bradbury said Okta is cooperating with law enforcement investigations into the hacks.
Wiz security firm published findings this week that Microsoft AI researchers unintentionally exposed 38 terabytes of private data on the developer platform GitHub while attempting to open-source a repository of training data. The leak included internal Microsoft data, including more than 30,000 Teams messages, passwords, and private keys. The exposure occurred because of a misconfiguration in how the researchers used an Azure Storage data-sharing feature.
This week, officials from China’s Ministry of State Security publicly accused the US government of breaching and monitoring Huawei’s networks in a 2009 espionage attack. The statement also alleges that the US has conducted “tens of thousands of malicious network attacks” on Chinese institutions and organizations to surveil networks and steal data. Furthermore, the officials claimed that the US government has planted backdoors in software and hardware produced around the world to enable global surveillance. China has accused the US of cyberespionage before—and certainly conducts its share of surveillance and data exfiltration operations. Meanwhile, Huawei has been a particular lightning rod in longtime disputes between the US and China about digital and technical security.