Security News > 2023 > April

Google Play will be pushing Android app developers to allow users to delete their account and associated data from within the app. Google Play has introduced new app account deletion requirements and added Data deletion questions to developers' Data safety form.

As progress in AI continues to advance, it is important to know how advanced systems will make choices and in what ways they may fail. Machines can already outsmart humans in some domains, and understanding how to safely build ones which may have capabilities at or above the human level is of particular concern.

Automotive security experts say they have uncovered a method of car theft relying on direct access to the vehicle's system bus via a smart headlamp's wiring. A Controller Area Network bus is present in nearly all modern cars, and is used by microcontrollers and other devices to talk to each other within the vehicle and carry out the work they are supposed to do.

"Account access credentials advertised for sale on Genesis Market included those connected to the financial sector, critical infrastructure, and federal, state, and local government agencies," the U.S. Department of Justice said in a statement. DoJ called Genesis Market one of the "Most prolific initial access brokers in the cybercrime world."

ACRO, the UK's criminal records office, is combing over a "Cyber security incident" that forced it to pull its customer portal offline. In an email to users this week - seen by El Reg - ACRO confirmed it has "Recently been made aware of a cyber security incident affecting the website between 17th January 2023 and 21 March 2023.".

Spanish cops have arrested a 19-year-old suspected of stealing records belonging to half a million taxpayers and developing a database to sell stolen information to other cyber criminals. José Luis Huertas, better known as Alcasec, has been described as the "Robin Hood hacker" and a "Dangerous computer criminal."

Telegram has become the working ground for the creators of phishing bots and kits looking to market their products to a larger audience or to recruit unpaid helpers. While the messaging platform has been used for cybercriminal activities for several years, it appears that threat actors in the phishing business have started to rely on it more lately.

Resecurity has recently identified the STYX Innovation Marketplace, a new cybercriminal e-commerce platform with a specialized focus on financial fraud and money laundering. This platform is specifically designed to facilitate financial crime, providing cybercriminals with a range of services, including stolen financial data, credit card information, forged documents, money laundering services, victim reconnaissance 'lookups', and more.

Organizations globally are under tremendous pressure to address evolving threats like ransomware, zero-day vulnerabilities, and espionage, and they face challenges in extending security coverage across multiple environments and dealing with an ongoing skills shortage, according to Bitdefender. "The results of this survey demonstrate, more than ever, the importance of layered security that delivers advanced threat prevention, detection and response across the entire business while improving efficiencies that allow security teams to do more with less," said Andrei Florescu, deputy GM and SVP of products at Bitdefender Business Solutions Group.

Researchers at the University of Surrey have developed software that can assess the amount of data that an artificial intelligence system has acquired from a digital database of an organization, in response to the increasing global interest in generative AI systems. This verification software can be used as part of a company's online security protocol, helping an organisation understand whether an AI has learned too much or even accessed sensitive data.