Every week, a compilation of security and privacy news that wasn’t extensively covered is provided. Readers can click on the headlines for the full stories and are reminded to stay safe.
Users of the uBlock Origin Chrome extension, which is used to filter online ads, may soon face inconvenience. Google is implementing new Chrome extension standards, known as Manifest V3, that will render the current uBlock Origin extension obsolete. A new version, uBlock Origin Lite, compatible with these standards, is now available. However, it will not offer the same level of ad-blocking capacity as its predecessor. Google has indicated that the top content filtering extensions, including AdBlock, Adblock Plus, uBlock Origin, and AdGuard, have Manifest V3 versions available, thus providing users with various options.
In legal news, U.S. authorities have charged Eric Council Jr., a 25-year-old man from Alabama, with hacking the Securities and Exchange Commission’s X account. Prosecutors allege that Council used a fake ID, created from information obtained from unidentified coconspirators, to perform a SIM-swapping attack. This allowed him to trick AT&T retail staff into providing a new SIM card and gain control of the victim’s phone account. The coconspirators then accessed the SEC’s X account and posted a fake Bitcoin announcement, leading to a price surge of $1,000 per bitcoin. Council is accused of conspiracy to commit aggravated identity theft and access device fraud.
Kroger, a grocery store chain, clarified it does not, and does not plan to, broadly use facial-recognition technology in its stores, as confirmed by a spokesperson to Fast Company. Although the company conducted a pilot program with facial-recognition technology called EDGE in 2019, it did not proceed with the service. Concerns about Kroger’s use of electronic shelving labels (ESLs), potentially leading to surge pricing, have drawn attention from lawmakers such as Rashida Tlaib, Elizabeth Warren, and Robert Casey.
Microsoft informed its customers that due to an internal bug, it failed to capture over two weeks of security logs from cloud services like Microsoft Entra, Sentinel, Defender for Cloud, and Purview in September. The issue, occurring from September 2 to September 19, was first reported by Business Insider. A Microsoft executive confirmed to TechCrunch that the problem was an “operational bug” in the company’s internal monitoring agents.
These system activity logs are essential for operations, particularly for security monitoring and investigations, as they help identify breaches and malicious activities. Following the 2020 breach of U.S. government networks via SolarWinds software, many agencies struggled to detect activities without Microsoft’s premium tier features, which included detailed network activity logs. This led to criticisms from lawmakers regarding Microsoft’s pricing, prompting the Biden administration to negotiate for over two years to make the logging services free of charge, a change ultimately announced by Microsoft in July 2023.
