It may be a new year, but the hacks, scams, and dangerous people lurking online aren’t going anywhere. Just one day before the ball dropped, the United States Treasury Department said it had been hacked. Officials believe the attackers are an unidentified Advanced Threat Group linked to the Chinese government that exploited a flaw in remote technology support software made by BeyondTrust to carry out what the Treasury Department described as a “major” breach. The company told Treasury on Dec. 8 that attackers stole authentication keys, which ultimately allowed them to access department computers. While the Treasury said the attackers could only steal “certain unclassified documents,” new details have begun to emerge, which will be discussed below. the kind of thing you find in Hollywood movies—or in Facebook and Instagram ads, if you look closely. WIRED discovered that someone has run thousands of ads for “fuel filters” that are, in fact, used as gun silencers, which are heavily regulated by US law. Meta, which owns Facebook and Instagram, has eliminated many ads, but new ones keep popping up. So if you see one, keep scrolling—having an unregistered silencer can lead to felony charges. If an Amber Alert push notification pops up on your phone, getting all the information you need to help find a kidnapped child can be a life-threatening problem. and death. That’s a lesson the California Highway Patrol learned this week when it sent out an Amber Alert linked to a post on X, which people can’t access unless they log in. When the CHP said it has been linked to posts on social networks since. 2018 without issue until this week, a spokesperson told WIRED that they are “looking into it” now. If you’re adding better privacy and security practices to your list of 2025 goals, an easy place to start is your old chat history. You might be surprised how much sensitive information is out there, perhaps forgotten but certainly not gone. That’s not all. Every week, we round up security and privacy news that we don’t cover in depth. Click the title to read the full story. And stay safe out there. Apple this week agreed to pay $ 95 million to settle a class action over the voice of Siri’s voice assistant who was allegedly eavesdropping. The lawsuit, Lopez et al v. Apple Inc., accused Apple of recording people’s conversations without their knowledge and sharing that data with third parties to serve advertisements. The issue stemmed from Siri’s voice-activation function – “Hey, Siri” – which the two plaintiffs say surreptitiously captured conversations that resulted in advertisements for Nike shoes and Olive Garden. One plaintiff claimed to have been served an ad for medical treatment after talking to a doctor. People who qualify as part of the class covered by the settlement, which must be approved by a federal judge in California, can receive up to $20 per device, up to five devices. As Reuters points out, the amount of the settlement is about nine hours of profit for Apple, which generated almost $94 billion in the last fiscal year. The company will not admit wrongdoing as part of the agreement. Recently unsealed court documents show that the FBI allegedly discovered during a search for illegal firearms one of the “largest seizures of homemade explosives in FBI history.” According to court records, an arsenal of explosives was found at Brad Spafford’s home in Virginia, where investigatorsallegedly found more than 150 pipe bombs and other explosive devices. Prosecutors said the FBI found a backpack containing a pipe bomb and emblazoned with a grenade-shaped patch with the hashtag #NoLivesMatter—a potential reference to the far-right “accelerating” group, The New York Times reports. While prosecutors said Spafford – who allegedly used a photo of US president Joe Biden for target practice – aimed to “bring back political murder,” his lawyer insisted he was a harmless “family man” who should be freed. that Chinese state-backed hackers breached the US Treasury in early December, the Washington Post reported on Wednesday that the hackers specifically targeted the State Office. Asset Control. The attackers may be seeking information about the Office’s plans to sanction Chinese entities. Additionally, Bloomberg reported Thursday that the attackers targeted the computers of senior Treasury officials, where they were able to access unclassified material. So far, investigatorshave identified about 100 computers that were compromised by hackers. However, sources told Bloomberg, the attack appears to be more of a crime of opportunity than a covert operation, which has been planned for as long as China’s recent infiltration of US telecommunications companies. American telecommunications companies are still expanding. Two days after Christmas, Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technologies, held a briefing with reporters in which she raised the number of telecoms breached by the Chinese hacker known as Salt Typhoon from eight to nine and suggested that at least some of the blame for the publisher lies with the inadequate security of the company itself. “The reality is that, from what we see in terms of the level of cyber security that is being implemented in the telecommunications sector, the network cannot be defended as it should be against a cyber actor that has the resources and can attack like China,” Neuberger said. He added that the hackers had targeted the communication history of less than 100 people – mostly in Washington, DC, reportedly including president-elect Donald Trump and vice president-elect JD Vance. Neuberger said the espionage incident calls for new Federal Communications Commission cybersecurity regulations that he says could limit the scope of such violations once they are in place. all tracking becomes very clear. Case in point: A whistleblower warned the German Chaos Computer Club and the country’s Der Spiegel news outlet that Cariad, a subsidiary of Volkswagen, left exposed online a trove of 800,000 electric vehicle location data. The leaks include cars sold by not only Volkswagen but also other brands, including Seat, Audi, and Skoda. For Audi and Skoda, the location data is accurate to only about six miles, but Volkswagen and Seats can be found to within four inches. The data that has been opened has now been secured, but the incident shows how much the automakers have not been able to control their data collection.
