Eight years after a researcher alerted WhatsApp to vulnerabilities allowing mass extraction of user phone numbers, a new investigation from the University of Vienna has confirmed that this issue persists. The researchers employed a technique exploiting WhatsApp’s discovery function, which allows individuals to check if a phone number is registered on the app. By executing this action billions of times—a practice WhatsApp neglected to mitigate—the team reported what they describe as “the most extensive exposure of phone numbers” to date.
In another concerning development, U.S. high schools have begun implementing vape detectors, raising significant privacy concerns. An investigation revealed that schools are using devices equipped with microphones to not only detect vaping but also to monitor students’ behavior more closely. Critics, including students and parents, argue that although drug use should be curtailed, the extent of surveillance may be excessive and could lead to unintended consequences.
On the cybersecurity front, Cisco is alerting businesses about the vulnerabilities posed by outdated networking infrastructure. The tech giant has issued a warning that AI tools are empowering attackers to exploit these weaknesses more efficiently. Companies with obsolete and unpatched networking equipment are increasingly at risk, thereby underscoring the urgency for upgrades and maintenance.
In an innovative response to health concerns at events, Kawaiicon, a hacker conference in New Zealand, has introduced a CO2 tracking system to monitor air quality in real time. This proactive measure informs attendees about the safety of various rooms, effectively creating a safer conference environment. The approach demonstrates a novel blend of technology and public health initiatives, enhancing participant safety beyond traditional measures.
In a troubling discovery, a detailed investigation by the Associated Press has revealed that the U.S. Border Patrol is engaging in a predictive-intelligence program that monitors millions of American drivers using covert license plate readers. These devices, camouflaged in everyday roadside objects, alert local police to so-called “suspicious” behavior, leading to stops for minor infractions. Documentation reviewed by the AP suggests that targeted actions often lack grounds for suspicion, raising Fourth Amendment concerns regarding privacy and unlawful search.
Reports have surfaced indicating that Border Patrol agents and local law enforcement are sharing sensitive information about U.S. citizens in real time, coordinating what they term “whisper stops” to obscure federal involvement. Investigations have identified these monitoring efforts extending far beyond border areas, reaching over 120 miles from the U.S.-Mexico border. The implications of such surveillance point toward systemic overreach and a potential violation of civil liberties.
In related news, Microsoft has reportedly mitigated the largest recorded distributed denial-of-service (DDoS) attack within a cloud environment, peaking at a staggering 15.72 Tbps. The attack, attributed to the Turbo-Mirai botnet—a network of compromised Internet of Things devices—was launched against an Azure endpoint in Australia. Microsoft successfully absorbed this traffic without significant service disruptions, reinforcing the effectiveness of its DDoS Protection network amidst rising threats.
Researchers note that the Aisuru botnet has amplified its capabilities, launching attacks exceeding 20 Tbps and introducing new tactics including credential stuffing and AI-driven scraping. The evolving nature of these threats demands constant vigilance and adaptation among organizations relying on cloud services.
Finally, a long-standing case against SolarWinds by the U.S. Securities and Exchange Commission has been dismissed, concluding an inquiry into potential fraud related to the company’s 2020 supply-chain hack. The termination of the case is seen by SolarWinds as a validation of its conduct amid one of the most substantial breaches in recent history, highlighting the complex intersection between corporate governance and cybersecurity.
This week, as cybersecurity threats evolve, it is critical for businesses to remain informed and proactive in addressing vulnerabilities. Understanding operational risks and leveraging resources like the MITRE ATT&CK framework can enhance organizational resilience against an increasingly sophisticated threat landscape.
