A massive data leak linked to the MOVEit vulnerability has exposed millions of employee records from major companies. Learn about the impact of this leak, the role of the "data vigilante" Nam3L3ss.

****SUMMARY****

*   **MOVEit Flaw and Data Leak**: Data stolen during the MOVEit hack spree is still creating issues for companies.

*   **Nam3L3ss and the Leaks:** A self-proclaimed “data vigilante” named Nam3L3ss has leaked over 760,000 employee records from 27 major companies, including Bank of America, and Nokia + Jll.com’s database containing 12 million rows taking the total number to 13.12 million.

*   **Leaked Data Content:** Leaked data includes sensitive and non-sensitive information such as names, emails, phone numbers, addresses, and company location coordinates.

*   **Cl0p Ransomware Link:** Originally, the data was stolen by the Cl0p ransomware gang after exploiting the MOVEit flaw, while Nam3L3ss is cleaning and leaking the data.

A self-proclaimed “Data Vigilante” named Nam3L3ss has once again caused widespread concern by leaking millions of employee records online, highlighting the fallout from the major security vulnerability in file transfer software called MOVEit.

As seen by Hackread.com, Nam3L3ss has released the information of over 760,000 employees of major organizations on a popular hacking forum ‘BreachForums’ on Monday morning. The leak additionally includes the Jones Lang LaSalle Incorporated (JLL.com) database, containing over 12 million data rows, bringing the total number of leaked records to 13.12 million.

Nam3L3ss on Breach Forums leaking the Bank of America employee data (Source: Hackread.com)

****The MOVEit Mess****

The MOVEit vulnerability was identified in Progress Software’s file transfer tool in 2023 allowing threat actors unauthorized access to sensitive data. Hackers affiliated with the Cl0p ransomware gang exploited this vulnerability and stole information from thousands of companies, impacting an estimated 2,800 organizations and nearly 100 million individuals. They even created clear web websites to leak the stolen data in July 2024.

****Nam3L3ss Leaks Millions****

In November 2024, as reported by Hackread.com, Nam3L3ss emerged on the scene, leaking what they claim is data obtained from the MOVEit breach. These leaks targeted industry giants like Amazon, 3M, HP, and Delta, raising serious concerns about the security practices employed by these corporations. At that time, Nam3L3ss leaked over 7.9 million records from 27 companies.

Hackread.com analyzed the leaked data and found it contained a mix of sensitive and non-sensitive information, including names, email addresses, phone numbers, office and residential addresses, and even company location coordinates. This information could be used by malicious actors for social engineering attacks, identity theft, or targeted phishing scams.

Just weeks after the initial leaks from Nam3L3ss, another batch of employee data surfaced online on Monday. This new data dump contained records from companies like Bank of America, Koch Industries, Nokia, and Morgan Stanley, and appears to be linked to the same MOVEit vulnerability.

Here’s the full list of companies involved in this leak:

*   audible.com – 3,790
*   b-f.com – 1,302
*   xerox.com – 42,735
*   univision.net – 5,954
*   saic.com – 26,917
*   nokia.com – 94,252
*   meijer.com – 7,422
*   cna.com – 6,680
*   cm3.com.au – 6,153
*   ciena.com – 10,820
*   bwater.com – 2,161
*   kochinc.com – 237,486
*   medibank.com.au – 5,201
*   morganstanley.com – 32,860
*   bankofamerica.com – 288,296
*   joneslanglasalle.com aka jll.com – 12,352,524

*   Total: 13,124,553

While Nam3L3ss claims to be a vigilante bringing attention to security flaws, their motives remain unclear. Regardless of their intentions, these leaks expose the significant impact of the MOVEit vulnerability and the risks posed by stolen employee data.

If you’re an employee of one of the affected companies, stay alert for phishing attempts. These could come through email, text messages (smishing), or even phone calls (vishing), as scammers might use this leaked data to target you.

1.  **Hacker Leaks Thousands of Microsoft and Nokia Employee Details**
2.  **Hackers Calling Employees to Steal VPN Credentials from US Firms**
3.  **Shadow IT: Personal GitHub Repos Expose Employee Cloud Secrets**
4.  **Hacker Leaks Data of 33K Accenture Employees in 3rd-Party Breach**
5.  **Indian Ex-Employee Jailed for Wiping 180 Virtual Servers in Singapore**

Data Vigilante Leaks 772K Employee Records from Top Firms and 12.3M-Row Database

This paper provides an in-depth technical explanation, illustration, and verification of discovered attacks affecting PlayReady on Windows 10 / 11 x64 that pertain to Warbird deficiencies, content key sniffer operation, magic XOR keys discovery, white-box crypto attack, and complete client identity compromise attacks.

Microsoft Warbird and PMP Security Research

Websites these days know everything about you — even some details you might not realize. Hackers can take advantage of that with a sharp-toothed attack that exploits Europe's GDPR-mandated data portability rules.

Source: Design Pics Inc Alamy Stock Photo

Researchers are warning that an otherwise positive European data regulation has introduced massive risks to individuals and the companies they work for.

Ever since the passage of the General Data Protection Regulation (GDPR), Internet users in Europe — and in many places around the world following suit — have been able to download the entirety of the data that websites save about them. Besides the obvious benefits to privacy and transparency, the idea was portability: Anyone could take the data one site possessed about them and transfer it to another.

In a new blog post, CyberArk highlights a theoretical yet severe cost to this new right to data portability. Before the rule, everyone's most sensitive data was protected behind brick walls at ultrasecure data centers. Now that users can retrieve that data via a cloud-based mechanism, hackers can access their accounts and steal it all. Considering the extent of the data that websites collect about us today, the possibilities for malfeasance are endless.

"It's my legal right, and it's perfectly fine that I'm capable \[of seeing\] what information is being kept about me," says Lior Yakim, threat researcher at CyberArk Labs, who dubs the attack "White FAANG," since the vulnerable data could be exported from services provided by major tech companies like Facebook, Amazon, Apple, Netflix, and Google (FAANG).

Related:'Bootkitty' First Bootloader to Take Aim at Linux

However, he warns, "Because it's so easy to get all of that highly intrusive information — together with the fact that people use the same devices for corporate and personal purposes — there's a major risk."

**The Data Sites Have on You**

Companies hoard gobs of sensitive information, especially the largest technology companies most central to our online lives. They possess everything from our most sensitive personally identifying information (PII) to the long histories of our online activity. But even the most jaded Internet users might be surprised just how deep this hole goes.

Meta, for example, records not only your documented Facebook activity, but also plenty of undocumented data, like what posts you viewed, and exactly how long you viewed them.

Google, likewise, saves not only your entire search history, but even searches you typed but didn't ultimately execute.

GDPR's well-intentioned data portability regulations forced companies to make all of this information exportable at the click of a button, in a machine-readable format. And what's stopping a hacker in possession of your account from doing just that? "The most common protection is, indeed, multifactor authentication (MFA). But as we know, MFA can be bypassed," Yakim notes.

Related:China's Cyber Offensives Built in Lockstep With Private Firms, Academia

**The Risks to Individuals and Corporations**

With export data, there is no limit to what an attacker can do. They can use your Google search history to blackmail you, your GPS data from Meta to find where you live, and your Apple calendar history to know where you've been and where you'll be, to say nothing of the endless possibilities for cyberattacks.

Beyond all that, there's the risk to employers. Individual accounts can house all kinds of data that pertains to, or can otherwise be used to attack the companies they work for.

Again, the scenarios are limitless. With an Apple export, for example, a hacker could take the MAC address associated with an employee's unpatched AirPods, spoof a Bluetooth connection, exploit CVE-2024-27867 to gain access to them, then listen in on corporate meetings. Or, Yakim suggests, they can leverage information like the operating system version of the employee's mobile phone. "If I know, for example, that the mobile device of the employee is not up to date, I can search for specific, known vulnerabilities in order to target this employee," he says.

And there are far simpler, more present dangers than that. CyberArk surveyed 14,000 employees, finding that around 63% use personal accounts on their work computers, and 80% access work applications from their personal computers. Thanks to this comingling, work passwords tend to end up stored in far less secure personal accounts, from which they can be exported. This was how Cisco got breached in 2022, and Okta in 2023, a case that affected every one of its customers as well.

Related:VISO TRUST Secures $24M to Accelerate Innovation in AI-Powered Third-Party Risk Management

To prevent that from happening, employees need to draw a clear line in the sand between their business and pleasure online. "Personal accounts are less secure than corporate accounts," Yakim says. "That's the message that we're trying to deliver here."

**About the Author**

Nate Nelson is a freelance writer based in New York City. Formerly a reporter at Threatpost, he contributes to a number of cybersecurity blogs and podcasts. He writes "Malicious Life" -- an award-winning Top 20 tech podcast on Apple and Spotify -- and hosts every other episode, featuring interviews with leading voices in security. He also co-hosts "The Industrial Security Podcast," the most popular show in its field.

'White FAANG' Data Export Attack: A Gold Mine for PII Threats

AWS Security Incident Response will help security teams defend their organizations from account takeovers, breaches, ransomware attacks, and other types of security threats.

Source: Leo Wolfert via Adobe Stock Photo

Amazon Web Services (AWS) has launched a new incident response service to help security teams respond to threats faster and reduce the time it takes for organizations to recover from attacks.

AWS Security Incident Response, unveiled ahead of the company's re:Invent 2024 conference in Las Vegas this week, relies on machine learning to automatically triage and analyze security signals from Amazon GuardDuty and other supported third-party threat detection tools available through the AWS Security Hub cloud security posture management service.

The new service will help security teams investigate incidents, coordinate responses across multiple stakeholders, manage permissions across environments, and document actions taken and decisions made. The automated triage feature filters security alerts based on customer-specific information to identify incidents that require immediate attention.

"Security teams often face an overwhelming number of daily alerts, leading to potential misplaced priorities of resources and reduced effectiveness," wrote Betty Zheng, senior developer advocate at AWS, in a blog post announcing AWS Security Incident Response. "Manual investigation of findings strains resources and may cause customers to overlook critical security alerts."

The service offers preconfigured notification rules and permission settings. It can also be configured to execute containment actions, leading to faster incident response times and potentially reduced impact of security incidents, Zheng wrote. The service will create security cases for alerts that cannot be automatically resolved. For high-priority threats, the service connects to the AWS Customer Incident Response Team (CIRT), which provides support 24 hours a day, seven days a week.

The service provides self-service investigation tools, as well as capabilities such as secure data transfer (to share logs and other forensics data), messaging and video conference scheduling (to communicate with key stakeholders and investigators), and automated case history tracking and reporting. Security teams can either handle incidents independently or collaborate with third-party security vendors, based on their needs and requirements.

Security teams can monitor, measure, and improve their incident response performance over time via a service dashboard that displays critical metrics, such as mean-time-to-resolution (MTTR), number of cases addressed within a specific time period, and number of triaged findings.

AWS Security Incident Response is now available in 12 AWS Regions globally: US East (N. Virginia, Ohio), US West (Oregon), Asia Pacific (Seoul, Singapore, Sydney, Tokyo), Canada (Central), and Europe (Frankfurt, Ireland, London, Stockholm). Interested organizations can enable it via the AWS management console and service-specific APIs. For the service to be able to monitor and analyze security alerts, administrators need to enable the proactive response feature to create service-level permissions. Once done, the alerts are automatically sorted and remediated using service automation and customer-specific data, including common IP addresses, AWS Identity and Access Management (IAM) principals, and other relevant attributes. 

"To experience the full service, we recommend activating Amazon GuardDuty and AWS Security Hub as well," AWS said in its post.

AWS Launches New Incident Response Service

Hackers stole $1.48 billion from the crypto industry in 2024. A new report highlights trends in blockchain security, including shifts in target networks.

**SUMMARY:**

*   **Crypto losses in November 2024 totalled $71 million, marking a 79% decrease from the same month in 2023.**

*   **DeFi projects accounted for all reported losses, with no major CeFi incidents recorded.**

*   **BNB Chain became the top target for attacks, hosting 46.7% of incidents, surpassing Ethereum.**

*   **99.96% of funds lost in November came from hacking, while rug pulls accounted for less than $26,000.**

*   **Year-to-date losses in 2024 reached $1.48 billion, a 15% reduction compared to 2023.**

*   **The $1.48 billion lost to hacks and scams in 2024 shows risks despite a 15% drop compared to the previous year.**

The cryptocurrency industry saw a surprising decrease in losses last month, according to a new report from Immunefi, a leading blockchain security platform. While decentralized finance (DeFi) projects continued to be a prime target, the overall figures show a promising trend.

The Immunefi report, shared with Hackread.com, reveals that $71 million was lost to hacks and rug pulls in November 2024, a notable 79% drop from the same month last year.

That figure, while still large, is the second-lowest monthly total this year and means a 79% decrease compared to November of last year. Overall, for 2024, the crypto industry has lost $1.48 billion ($1,489,921,677). While this is a considerable number, it is a 15% drop compared to the same period of 2023, suggesting progress in cybersecurity measures.

The YTD (year-to-date) total of $1.48 billion – Source: Immunefi

****DeFi: Still a Magnet for Malicious Activity****

Immunefi’s findings suggest that all $71 million in losses happened in the DeFi sector, with not a single report of a major hack or exploit affecting CeFi (centralized exchanges). Two noteworthy incidents that stand out are Thala Labs, a decentralized finance firm, lost $25.5 million, and the memecoin trading platform DEXX saw a $21 million loss.

****Hacks Continue to Dominate, Minimal Rug Pulls****

It’s not just the type of platform that shows a trend; the type of attack also shows clear patterns. Of all the funds stolen in November, 99.96% came from direct hacking incidents. Only a tiny fraction, $25,300, was lost through what are called “rug pulls,” where developers abandon a project after raising funds. This suggests that while scams do occur, the more sophisticated exploits are the more damaging threat.

Source: Immunefi

****BNB Chain Takes the Spotlight, Ethereum Drops Back****

The report showed a switch in which the blockchain network was targeted most often. In November, the BNB Chain surpassed Ethereum to become the leading target, hosting nearly half (46.7%) of all attacks. Ethereum came second with 30% of attacks. The rest of the incidents were found across several other networks.

****What Does This Mean?****

The Immunefi report shows a mixed situation for crypto security. While overall losses are down for the year, the dominance of DeFi exploits and the shift of attacker focus to BNB Chain means the fight is far from over.

While the overall loss figure is down, the YTD (year-to-date) total of $1.48 billion lost to hacks and scams still shows a considerable sum. Nevertheless, Immunefi’s report shows that the blockchain industry cannot afford to overlook vulnerabilities and scams, making a solid cybersecurity plan essential.

1.  **6 of the Best Crypto Bug Bounty Programs**
2.  **Top 5 Platforms for Identifying Smart Contract Vulnerabilities** 
3.  **Crypto Industry Lost $685M in Q3 2023, 30% by Lazarus Group**
4.  **Hackers Posed as Google Support to Steal $243 Million in Crypto**
5.  **From Amazon to Target: Hackers Mimic Top Brands in Crypto Scam  
    **

Hackers Drain $1.48 Billion from Crypto in 2024, Led by DeFi Exploits

A researcher has discovered a data broker had stored 644,869 PDF files in a publicly accessible cloud storage container.

A researcher has discovered a data broker had stored 644,869 PDF files in a publicly accessible cloud storage container.

The 713.1 GB container (an Amazon S3 bucket ) did not have password-protection, and the data was left unencrypted, so anybody who stumbled on them could read the files. The files not only contained thousands of people’s vehicle records (license plate and VIN) and property ownership reports, but also criminal histories, and background checks.

The majority of the records were labelled as background checks which contained full names, home addresses, phone numbers, email addresses, employment history, family members, social media accounts, and criminal record history.

Data brokers collect and sell your information, including financial, personal, behavior and interests, for profit. SL Data Services markets itself as a provider of real estate information reports. But when the researcher contacted its support team, they stated the company also provides criminal checks, division of motor vehicles (DMV) records, death and birth records.

Probably to organize the data to this end, the folders inside the container all had names of separate website domains. The company apparently operates a network of an estimated 16 different websites, offering a range of information services (e.g. PropertyRec).

Background checks can and are often done without the subject’s awareness. But with all the combined information about a person, it paints a very complete picture that insurance companies, advertisers, and even cybercriminals can use to their advantage.

The researcher explained:

> “I am not stating nor implying that Propertyrec’s customers or any individuals are at risk of impersonation, spear phishing, or social engineering attacks, I am only providing a real world risk scenario of how this type of information could possibly be exploited by criminals.”

And to make things worse—if possible– the files had names that used the following format: “First\_Middle\_Last\_State.PDF.” Which makes it incredibly easy for anyone, whether they are supposed to have access or not, to find a person of interest and read that file.

It took the researcher quite a few calls and emails to get the exposed data taken out of public sight, and SL Data Services never provided the researcher with a response, let alone an explanation how this could happen.

**Don’t give up your information, remove it where you can**

Unfortunately, incidents like this are commonplace, so it’s clear that we should take it upon ourselves to make sure our information can’t be found by data brokers.

Removing your personal information from data broker sites can be a complex and time-consuming process. While manual opt-outs are effective, they require considerable effort to keep up with new data entries and the reappearance of your information on various sites. This is where data broker removal services come in handy. 

Data broker removal services are designed to automate the process of finding and removing your personal information from data broker databases. These services regularly scan known databases for your information and submit opt-out requests on your behalf, ensuring a more comprehensive and continuous protection of your privacy. 

Malwarebytes offers a Personal Data Remover service (US only) that can delete your information from search results, spam lists, people search sites, data brokers, and more.

 Data broker exposes 600,000 sensitive files including background checks 

Amazon Web Services' identity and access management platform has added new features that help developers implement secure, scalable, and customizable authentication solutions for their applications.

Source: GK Images via Alamy Stock Photo

Amazon Web Services (AWS) has announced updates to Amazon Cognito, its identity and access management service for Web and mobile applications. The service allows developers to secure machine-to-machine authentication, enable role-based access to AWS resources, and create sign-in and sign-up experiences in applications. 

Cognito now supports passwordless login with managed login, enabling users to integrate passwordless authentication methods, including passkeys, email one-time-passwords, and SMS one-time-passwords. 

The new features include a developer-focused console experience that streamlines onboarding via a wizard and use-case specific recommendations. This allows developers to configure their sign-in options and follow the system-provided instructions to create the application's sign-in and sign-up pages. A new user pool, a user directory for authentication and authorization, is automatically created, according to the blog post announcing the new updates. Amazon Cognito also supports major application frameworks and offers detailed instructions for integrating them using standard OpenID Connect (OIDC) and OAuth open source libraries.

Amazon has updated the pricing structure for Cognito, adding user pool feature tiers: Lite, Essentials, and Plus. New user pools are created at the Essentials tier by default, and users can switch between tiers depending on their needs. 

The Lite tier includes user registration, password-based authentication, and social identity provider integration. The Essentials tier includes expanded authentication and access control features, including managed login and passwordless capabilities and enhanced security features. The Plus tier offers more security features, including threat protection capabilities against suspicious logins and compromised credential detection. 

Pricing is based on monthly active users. The Essentials and Plus tiers are available in all AWS regions where Cognito is available, except AWS GovCloud (US) regions. 

**About the Author**

Contributing Writer

Jennifer Lawinski is a writer and editor with more than 20 years experience in media, covering a wide range of topics including business, news, culture, science, technology and cybersecurity. After earning a Master's degree in Journalism from Boston University, she started her career as a beat reporter for The Daily News of Newburyport. She has since written for a variety of publications including CNN, Fox News, Tech Target, CRN, CIO Insight, MSN News and Live Science. She lives in Brooklyn with her partner and two cats.

AWS Rolls Out Updates to Amazon Cognito

Protection ranged from 0.38% to 50.57% for security effectiveness.

PRESS RELEASE

AUSTIN, Texas, Nov. 26, 2024 /PRNewswire/ -- CyberRatings.org (CyberRatings), the non-profit entity dedicated to providing confidence in cybersecurity products and services through its research and testing programs, has completed an independent "Mini-Test" of Cloud Service Provider (CSP) Native Firewalls from Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). Security effectiveness protection ranged from 0.38% to 50.57%.

In today's cloud-centric environment, businesses often face a critical choice regarding the security of their cloud infrastructure. They can rely on firewalls offered directly by Cloud Service Providers (CSPs) or use independent security vendor firewall offerings typically available through the respective CSP's marketplace. Security effectiveness is a crucial factor in selecting the right firewall solution, as it directly impacts the organization's ability to protect against cyber threats.

The CSP firewalls were tested against 522 exploits using Keysight's CyPerf v5.0 software testing platform, offering an evidence-based look at how well these native solutions withstand real-world security threats. Only known Common Vulnerabilities and Exposures (CVEs) from the last ten years with a severity of medium or higher were used to assess security effectiveness, usability, and protection. The exploit (CVE) types targeted servers and are typically relevant to cloud workload deployments.

"This was designed to be an entry level test," said Vikram Phatak, CEO of CyberRatings.org. "The exploits were straightforward; we didn't apply any evasions which is normally how attackers bypass security products. The number of missed exploits is concerning. Until cloud native firewalls demonstrate they have a higher level of security effectiveness to protect against cyber threats, we strongly recommend that customers consider third-party providers with a proven track record."

This test is part one of a two-part test. Part two will include a higher number of exploits, along with evasions and malware. The second part of the test will also compare cloud service provider native solutions against market leading third-party cloud network firewall providers.

The native firewalls were tested using Keysight's CyPerf v5.0 software testing platform. Enterprises can easily replicate the results with a 2-week free trial from Keysight. Further details of the strike library can be found here: https://www.keysight.com/us/en/products/network-test/cloud-test/cyperf.html

The test report is available for free at cyberratings.org.

About CyberRatings.org 

CyberRatings.org is a 501(c)6 non-profit organization dedicated to providing confidence in cybersecurity products and services through our research and testing programs. We provide enterprises with independent, objective ratings of security product efficacy to make informed decisions. To become a member, visit www.cyberratings.org and follow us on LinkedIn.

SOURCE  CyberRatings.org

CyberRatings.org Announces Test Results for Cloud Service Provider Native Firewalls

Newly published research finds that the flashing lights on police cruisers and ambulances can cause “digital epileptic seizures” in image-based automated driving systems, potentially risking wrecks.

Carmakers say their increasingly sophisticated automated driving systems make driving safer and less stressful by leaving some of the hard work of knowing when a crash is about to happen—and avoiding it—to the machines. But new research suggests some of these systems might do the virtual opposite at the worst possible moment.

A new paper from researchers at Ben-Gurion University of the Negev and the Japanese technology firm Fujitsu Limited demonstrates that when some camera-based automated driving systems are exposed to the flashing lights of emergency vehicles, they can no longer confidently identify objects on the road. The researchers call the phenomenon a “digital epileptic seizure”—_epilepticar_ for short—where the systems, trained by artificial intelligence to distinguish between images of different road objects, fluctuate in effectiveness in time with the emergency lights’ flashes. The effect is especially apparent in darkness, the researchers say.

Emergency lights, in other words, could make automated driving systems less sure that the car-shaped thing in front of them is actually a car. The researchers write that the flaw “poses a significant risk” because it could potentially cause vehicles with automated driving systems enabled to “crash near emergency vehicles" and “be exploited by adversaries to cause such accidents.”

While the findings are alarming, this new research comes with several caveats. For one thing, the researchers were unable to test their theories on any specific driving systems, such as Tesla’s famous Autopilot. Instead, they ran their tests using five off-the-shelf automated driving systems embedded in dashcams purchased off of Amazon. (These products are marketed as including some collision detection features, but for this research, they functioned as cameras.) They then ran the images captured on those systems through four open source object detectors, which are trained using images to distinguish between different objects. The researchers aren’t sure whether any automakers use the object detectors tested in their paper. It could be that most systems are already hardened against flashing light vulnerabilities.

The research was inspired by reports that Teslas using the electric carmaker’s advanced driver assistance feature, Autopilot, collided with some 16 stationary emergency vehicles between 2018 and 2021, says Ben Nassi, a cybersecurity and machine learning researcher at Ben-Gurion University who worked on the paper. “It was pretty clear to us from the beginning that the crashes might be related to the lighting of the emergency flashers,” says Nassi. “Ambulances and police cars and fire trucks are different shapes and sizes, so it’s not the type of vehicle that causes this behavior.”

A three-year investigation by the US National Highway Traffic Safety Administration into the Tesla-emergency vehicle collisions eventually led to a sweeping recall of Tesla Autopilot software, which is designed to perform some driving tasks—like steering, accelerating, braking, and changing lanes on certain kinds of roads—without a driver’s help. The agency concluded that the system inadequately ensured drivers paid attention and were in control of their vehicles while the system was engaged. (Other automakers’ advanced driving assistance packages, including General Motors’ Super Cruise and Ford’s BlueCruise, also perform some driving tasks but mandate that drivers pay attention behind the wheel. Unlike Autopilot, these systems work only in areas that have been mapped.)

In a written statement sent in response to WIRED’s questions, Lucia Sanchez, a spokesperson for NHTSA, acknowledged that emergency flashing lights may play a role. “We are aware of some advanced driver assistance systems that have not responded appropriately when emergency flashing lights were present in the scene of the driving path under certain circumstances,” Sanchez wrote.

Tesla, which disbanded its public relations team in 2021, did not respond to WIRED’s request for comment. The camera systems the researchers used in their tests were manufactured by HP, Pelsee, Azdome, Imagebon, and Rexing; none of those companies responded to WIRED’s requests for comment.

Although the NHTSA acknowledges issues in “some advanced driver assistance systems,” the researchers are clear: They’re not sure what this observed emergency light effect has to do with Tesla’s Autopilot troubles. “I do not claim that I know why Teslas crash into emergency vehicles,” says Nassi. “I do not know even if this is still a vulnerability.”

The researchers’ experiments were also concerned solely with image-based object detection. Many automakers use other sensors, including radar and lidar, to help detect obstacles in the road. A smaller crop of tech developers—Tesla among them—argue that image-based systems augmented with sophisticated artificial intelligence training can enable not only driver assistance systems, but also completely autonomous vehicles. Last month, Tesla CEO Elon Musk said the automaker's vision-based system would enable self-driving cars next year.

Indeed, how a system might react to flashing lights depends on how individual automakers design their automated driving systems. Some may choose to “tune” their technology to react to things it’s not entirely certain are actually obstacles. In the extreme, that choice could lead to “false positives,” where a car might hard brake, for example, in response to a toddler-shaped cardboard box. Others may tune their tech to react only when it’s very confident that what it’s seeing is an obstacle. On the other side of the extreme, that choice could lead to the car failing to brake to avoid a collision with another vehicle because it misses that it is another vehicle entirely.

The BGU and Fujitsu researchers did come with a software fix to the emergency flasher issue. Called “Caracetamol”—a portmanteau of “car” and the painkiller “Paracetamol”—it’s designed to avoid the “seizure” issue by being specifically trained to identify vehicles with emergency flashing lights. The researchers say it improves object detectors’ accuracy.

Earlence Fernandes, an assistant professor of computer science and engineering at University of California, San Diego, who was not involved in the research, said it appeared “sound.” “Just like a human can get temporarily blinded by emergency flashers, a camera operating inside an advanced driver assistance system can get blinded temporarily,” he says.

For researcher Bryan Reimer, who studies vehicle automation and safety at the MIT AgeLab, the paper points to larger questions about the limitations of AI-based driving systems. Automakers need “repeatable, robust validation” to uncover blind spots like susceptibility to emergency lights, he says. He worries some automakers are “moving technology faster than they can test it.”

Emergency Vehicle Lights Can Screw Up a Car's Automated Driving System

Cybercriminals are spamming content platforms like Spotify and Amazon with cracks, keygens, and forex trading platforms. We explain why.

Spotify and Amazon services have been flooded with bogus listings that push dubious “forex trading” sites, Telegram channels, and suspicious links claiming to offer pirated software according to our friends over at BleepingComputer.

Cybercriminals are abusing the options to inject keywords and links into playlist names to make their entries rank high in Google search results.

BleepingComputer found that spammers had posted a lot of links on the content platforms, but that the length of the audio “episodes” published under these “podcasts” was zero seconds.

What you can expect to be offered are cracks, keygens, cheat codes, and other game related content, but also “forex trading” seems to be a popular subject to promote.

The fact that many cracks, keygens, and game mods are often replaced by or come bundled with malware was already known in the previous century, so that shouldn’t surprise anyone.

The “forex trading” part may be a little harder to understand.

On the content platforms we mentioned, links are shared pointing to forex trading platforms where you can trade one currency for another speculating on exchange rate fluctuations. Forex trading is far from illegal, it’s an important part of international trade. But in areas where so much money changes hands, there will always be criminals looking for a piece of the action.

There are two main types of forex trading scams you need to be aware of. Scams performed by external criminals, and unethical forex brokers. Even though management teams within brokers must be vetted by regulators and licensers, there are plenty of incentives for brokers to take advantage of their customers.

The scams themselves can be largely identified as:

*   Signal scams: Signals are data-driven broker-generated information prompts that give traders improved opportunities to make profitable trades. While many of them can be considered legitimate, they do not guarantee success and they can be abused by signal-sellers that prey on our tendency to want to get rich fast and with little effort.
*   Pyramid schemes: The pyramid schemes are in fact private circles run by individuals who seek to profit by charging a subscription fee and encouraging new members to recruit fellow investors for the prize of a small commission payout. The higher up the money-earning pyramid you are, the more subscription fees flow your way.
*   Point-spread scam: As brokers earn their commissions based on the gap between bid and ask prices, they make more money when the gap is bigger. When the natural supply and demand conditions do not create a big enough gap, some brokers have been known to exaggerate the gap by rigging the code that displays the prices.
*   Robot scamming: This is a relative newcomer to the scams. It offers traders the option to earn money while you are not actively trading on your system. The term “robot” refers to the automation of the process with software. Needless to say these robots can be rigged to work for the broker instead of for you.
*   Sale of personal information: Under the rules of Know Your Customer (KYC) legislation, every trader must be able to supply private and confidential information that often includes details like banking information and credit card information. Scam brokers could sell this information to a third party, who may try to lure you into another scheme.

But cybercriminals could also have set up their own fraudulent trading platforms and be phishing for your login credentials to existing platforms.

**How to stay safe**

If you decide you want to delve in forex trading, there are a few pointers to keep your money safe.

There are some similarities between forex trading and casino gambling, only forex trading involves more skill and analysis than most casino games. Don’t go all-in. Don’t lose your shirt.

*   Get rich quick schemes often work for those offering them, but not for those falling for them.
*   It is vital to research any financial service or platform before investing.
*   As always, if it sounds too good to be true, it probably is.
*   It is crucial to understand what you are doing or what is being done for you.
*   Watch out for clone websites.
*   If you don’t understand how the trader’s robot works, ask until you do or don’t use it.
*   Stay away from forex trading platforms promoted on content platforms that have nothing to do with forex trading.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Tag

#amazon