And thatâs not all. Each week, we round up the security and privacy news we didnât cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
If you use uBlock Originâs Chrome extension to filter out online ads, expect to get mildly annoyed in the near future. Google has begun implementing new Chrome extension standards, called Manifest V3, that will disable the legacy version of uBlock Originâs extension that most users likely have installed. And while you might be thinking, âGoogle is a silverback gorilla of online advertising, of course theyâre finally forcing me to see ads!â there is some good news. A new version of the ad-filtering extension that meets the Manifest V3 standards, uBlock Origin Lite, is now available. Then again, it wonât block as much as the previous iteration of uBlock. Still, as a Google spokesperson told The Verge, you have options: âThe top content filtering extensions all have Manifest V3 versions available â with options for users of AdBlock, Adblock Plus, uBlock Origin and AdGuard.â Either way, youâll need to install a new extension soon.
US authorities announced charges this week against a 25-year-old Alabama man accused of hacking the Security and Exchange Commissionâs X account. Prosecutors claim Eric Council Jr. obtained personal information and the materials for a fake ID of a person who controlled the @SECGov account from unidentified coconspirators. Council allegedly used the fake ID to carry out a SIM-swapping attack, duping AT&T retail store staff into giving him a new SIM card, which he ultimately used to take control of the victimâs phone account. The coconspirators used that to gain access to the SECâs X account, where they posted a fake announcement about Bitcoinâs regulatory status, which was followed by a price jump of $1,000 per bitcoin. Council stands charged of conspiracy to commit aggravated identity theft and access device fraud.
The grocery store chain Kroger has never used facial-recognition technology broadly in its stores and has no current plans to, a spokesperson told Fast Company this week. The company has been facing a firestorm over its use of electronic shelving labels over concerns that ESLs could be used to impose surge pricing on popular items, and fears that the devices could also be deployed with facial recognition. The company did a single-store facial-recognition pilot of a technology called EDGE in 2019, but it did not move forward with the service. US lawmakers including Rashida Tlaib, Elizabeth Warren, and Robert Casey have publicly raised concerns about Krogerâs use of ESLs.
Microsoft told customers that it failed to capture more than two weeks of security logs from certain cloud services in September, including Microsoft Entra, Sentinel, Defender for Cloud, and Purview. News of the lost logs was first reported by Business Insider. The company said in the notification that âa bug in one of Microsoftâs internal monitoring agents resulted in a malfunction in some of the agents when uploading log data to our internal logging platform.â The blank extends from September 2 to September 19. A Microsoft executive confirmed to TechCrunch that the incident was caused by an âoperational bug within our internal monitoring agent.â
System activity logs are crucial for all sorts of operations and are particularly used for security monitoring and investigations, because they can expose breaches and malicious activity. After Russian hackers breached US government networks through SolarWinds software in 2020, many agencies couldnât detect the activity in their Microsoft Azure cloud services because they werenât paying for Microsoftâs premium tier features, so they didnât have adequate network activity logs. Lawmakers were outraged about the up-charge, and the Biden administration worked for more than two years to get Microsoft to make the logging services free. The company ultimately announced the change in July 2023.
