As the Israel-Hamas war continues, with Israeli troops shifting into the Gaza Strip and encircling Gaza City, one piece of know-how is having an outsized influence on how we see and perceive the struggle. Messaging app Telegram, which has a historical past of lax moderation, has been used by Hamas to share gruesome images and videos. The data has then unfold to different social networks and hundreds of thousands extra eyeballs. Sources inform WIRED that Telegram has been weaponized to spread horrific propaganda.

Microsoft has had a tough few months in terms of the corporate’s personal safety, with Chinese-backed hackers stealing its cryptographic signing key, continued points with Microsoft Exchange Servers, and its clients being impacted by failings. The firm has now unveiled a plan to cope with the ever-growing vary of threats. It’s the Secure Future Initiative, which plans, amongst a number of parts, to make use of AI-driven instruments, enhance its software program improvement, and shorten its response time to vulnerabilities.

Also this week, we’ve seemed on the privateness practices of Bluesky, Mastodon, and Meta’s Threads as all the social media platforms jostle for house in a world the place X, previously often called Twitter, continues to implode. And things aren’t exactly great with this subsequent era of social media. With November arriving, we now have an in depth breakdown of the safety vulnerabilities and patches issued final month. Microsoft, Google, Apple, and enterprise corporations Cisco, VMWare, and Citrix all fixed major security flaws in October.

And there’s extra. Each week, we spherical up the safety and privateness information we didn’t cowl in depth ourselves. Click the headlines to learn the complete tales, and keep protected on the market.

The Flipper Zero is a flexible hacking software designed for safety researchers. The pocket-size pen-testing system can intercept and replay every kind of wi-fi indicators—together with NFC, infrared, RFID, Bluetooth, and Wi-Fi. That means it is attainable to learn microchips and examine indicators being admitted from units. Slightly extra nefariously, we’ve found it can easily clone building-entry cards and browse bank card particulars by means of folks’s garments.

Over the previous couple of weeks, the Flipper Zero, which prices round $170, has been gaining some traction for its ability to disrupt iPhones, notably by sending them into denial of service (DoS) loops. As Ars Technica reported this week, the Flipper Zero, with some customized firmware, is ready to ship “a constant stream of messages” asking iPhones to attach through Bluetooth units comparable to an Apple TV or AirPods. The barrage of notifications, which is distributed by a close-by Flipper Zero, can overwhelm an iPhone and make it nearly unusable.

“My phone was getting these pop-ups every few minutes, and then my phone would reboot,” safety researcher Jeroen van der Ham instructed Ars a few DoS assault he skilled whereas commuting within the Netherlands. He later replicated the assault in a lab atmosphere, whereas other security researchers have also demonstrated the spamming means in latest weeks. In van der Ham’s exams, the assault solely labored on units operating iOS 17—and in the mean time, the one solution to forestall the assault is by turning off Bluetooth.

In 2019, hackers linked to Russia’s intelligence service broke into the community of software program agency Photo voltaicWinds, planting a backdoor and ultimately finding their way into thousands of systems. This week, the US Securities and Exchange Commission charged Tim Brown, the CISO of Photo voltaicWinds, and the corporate with fraud and “internal control failures.” The SEC alleges that Brown and the corporate overstated Photo voltaicWinds’ cybersecurity practices whereas “understating or failing to disclose known risks.” The SEC claims that Photo voltaicWinds knew of “specific deficiencies” within the firm’s safety practices and made public claims that weren’t mirrored in its personal inner assessments.

“Rather than address these vulnerabilities, SolarWinds and Brown engaged in a campaign to paint a false picture of the company’s cyber controls environment, thereby depriving investors of accurate material information,” Gurbir S. Grewal, director of the SEC’s Division of Enforcement said in a statement. In response, Sudhakar Ramakrishna, the CEO of Photo voltaicWinds, said in a blog post that the allegations are a part of a “misguided and improper enforcement action.”

For years, researchers have proven that face recognition programs, skilled on hundreds of thousands of images of individuals, can misidentify ladies and folks of shade at disproportionate charges. The programs have led to wrongful arrests. A new investigation from Politico, specializing in a yr’s price of face recognition requests made by police in New Orleans, has discovered that the know-how was nearly solely used to attempt to establish Black folks. The system additionally “failed to identify suspects a majority of the time,” the report says. Analysis of 15 requests for the usage of face recognition know-how discovered that solely considered one of them was for a white suspect, and in 9 instances the know-how did not discover a match. Three of the six matches have been additionally incorrect. “The data has pretty much proven that [anti-face-recognition] advocates were mostly correct,” one metropolis councilor mentioned.

Identity administration firm Okta has revealed extra particulars about an intrusion into its programs, which it first disclosed on October 20. The firm mentioned the attackers, who had accessed its buyer help system, accessed files belonging to 134 customers. (In these situations, clients are particular person firms that subscribe to Okta’s providers). “Some of these files were HAR files that contained session tokens which could in turn be used for session hijacking attacks,” the corporate disclosed in a weblog put up. These session tokens have been used to “hijack” the Okta classes of 5 separate firms. 1Password, BeyondTrust, and Cloudflare have all beforehand disclosed they detected suspicious exercise, however it’s not clear who the 2 remaining firms are.