The rolling series of breaches targeting customers of cloud platform Snowflake appears to be a supply chain attack wrapped in another supply chain attack. A hacker who claims to have been involved in the attacks tells WIRED that the hackers, known as ShinyHunter, stole victims’ Snowflake credentials by first breaching an employee of a third-party contractor. (The contractor, however, says it does not believe it was involved.)
Ultimately, the breach of the Snowflake customer accounts, which include Ticketmaster, banking firm Santander, and potentially more than 160 other companies, was possible because their Snowflake accounts did not have multifactor authentication enabled.
Antivirus giant Kaspersky’s worst nightmare has finally come true: The United States government announced on Thursday that it is banning the sale of its software to new customers in the US over alleged Russian national security threats. (Kaspersky has challenged the Biden administration’s claims.) Existing customers, meanwhile, will be banned from downloading Kaspersky software updates after September 29. What could go wrong?
Perplexity AI, an artificial-intelligence-powered search startup, says it’s already valued at a billion dollars. But a WIRED investigation published this week found that its secret sauce has a pungent ingredient: bullshit.
Beyond “hallucinating” details generated by its chatbot, WIRED found that the AI tool appears to be ignoring the Robots Exclusion Protocol—a standard web tool used to prevent scraping—on sites owned by WIRED’s parent company, Condé Nast, and other publications, seemingly allowing it to scrape articles despite the internet equivalent of a “Do Not Enter” sign hanging on WIRED and other Condé Nast sites. Perplexity’s chatbot later plagiarized that same article when prompted.
People traveling through some of the largest train stations in the United Kingdom secretly had their faces scanned by Amazon’s face-recognition tools, according to documents obtained by WIRED. The technology, which was used as part of a trial run, predicted travelers’ various attributes, including gender, age, and likely emotions. The surveillance, which one privacy advocate called “concerning,” could potentially be used for serving advertisements.
Finally, we detailed the rise of robot “dogs” used by militaries, explained what would happen if China invaded Taiwan, and got into the nitty-gritty of the boring-sounding but serious work of spotting the billion-dollar scam tactic known as business email compromise.
That’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
For months, ransomware gangs have rampaged across the health care industry, with ruthless attacks targeting Change Healthcare’s national payment network for more than a thousand health care providers, Ascension Healthcare’s 140 hospitals, and dozens of other victims in the medical field. Now that hacking epidemic is crystallizing into yet another catastrophic hospital hack—one that has resulted in the data of 300 million UK patient records leaking online.
Synnovis, a joint-venture medical testing company partially owned by the UK’s National Health Service, has for weeks been battling and negotiating with the Russia-linked ransomware group Qilin, which has deeply disrupted its services in an attempt to extort the company. The result has been well over a thousand postponed operations and thousands more postponed outpatient appointments across multiple UK hospitals. Ambulances have been diverted from the affected hospitals, potentially causing delays in lifesaving care. They’ve even had to ask for new urgent donations of O-type blood, as testing disruptions have prevented other types from being used in patients’ blood transfusions.
