Carbon Passports: A Dystopian Surveillance Threat

Global warming prompts the proposal of digital carbon passports, potentially restricting travel enthusiasts’ exploration of international borders, warns Intrepid Travel. The report refers to these limitations as “personal carbon allowances,” and predicts that they will act as incentives for people to adhere to the global carbon budget.

By as early as 2040, travelers may be compelled to surrender the customary privileges of expanding horizons through contemporary tourism due to projected limitations on yearly travel. Carbon passports’ introduction raises privacy concerns over surveillance of individuals’ movements and behavior.

As governments tackle climate issues, the line between necessary action and privacy invasion blurs dangerously. These policies, touted for the greater good, can impinge on individual liberty and confidentiality, undermining democratic values.

Read: https://reclaimthenet.org/carbon-passports-are-the-next-dystopian-surveillance-threat

Diabetes Drug, Ozempic, Suppresses Patients’ Appetite, Sending Drugstores Nationwide into a Panic

The food industry is apparently in a tizzy over Ozempic and its appetite-suppressing qualities — and even the megastore Walmart is feeling the burn.

As Bloomberg reports, a Walmart executive admitted that the company has been looking at anonymized customer data and finding that shoppers taking the diabetes drug and its weight loss management counterpart, Wegovy, are buying less food.

“We definitely do see a slight change compared to the total population; we do see a slight pullback in overall basket,” John Furner, the CEO of the massive superstore chain’s US operations, told Bloomberg. “Just less units, slightly less calories.”

In recent days, Walmart has been the latest company to sound the industrial alarm about medications that use the drug semaglutide as their active ingredient. Semaglutide works by mimicking the natural intestinal hormone known as glucagon-like peptide 1, or GLP-1 for short, which alerts the brain to stomach fullness and sends signals that stop you from being hungry.

Along with helping diabetics control their blood sugar, semaglutide was approved by the FDA as a weight loss drug in 2021, though reports of side effects ranging from a general loss of interest in food to intestinal blockage and worse have dampened its hype.

This week, we’ve been seeing a grim irony play out in the markets: for those who do choose to take the semaglutide — and are able to get it amid an ongoing national shortage — a lower urge to snack is apparently among its positive benefits, but that could impact the bottom lines for the companies that sell us processed foods and empty calories.

Read: https://futurism.com/neoscope/walmart-ozempic-food

Ancestry Website, 23andMe, Data Stolen in Attack Targeting Jews

Genomics company 23andMe confirmed Friday that user data was stolen by attackers who guessed the login information of a subset of users through a recycled password attack, then accessed more information through a feature that allows users to share information with others, according to multiple outlets.

A data sample from the attack was posted on hacker forums, including one website where hackers claimed the sample contained 1 million data points belonging to Ashkenazi Jews.
An attacker offered the data profiles for purchase on Wednesday, with profiles being sold for between $1 and $10 per account, according to Wired, which reported entries for tech billionaires Mark Zuckerberg and Elon Musk were included in the sample—though it is unclear if the entries are legitimate.

However, an investigation into the legitimacy of the data is ongoing, though the leaked data is consistent with an internal company situation in which some accounts were exposed and used to access more data through 23andMe’s DNA Relatives feature, according to Wired.

Customer profile information was gathered through access to individual accounts, though the company itself was not breached.

The data doesn’t appear to include the raw genetic data the company analyzes and instead includes information like sex, birth year, genetic ancestry results, and geographic ancestry information.

Read: https://www.forbes.com/sites/antoniopequenoiv/2023/10/06/23andme-user-data-stolen-and-listed-for-sale-in-attack-targeting-ashkenazi-jews/

Microsoft SharePoint Credentials at Risk Under Fast-Growing Dropbox Campaign

Threat actors are using messages sent from Dropbox to steal Microsoft user credentials in a fast-growing business email compromise (BEC) campaign. The effort evades natural language processing (NLP)-based security scans and demonstrates the rapid evolution of these types of attacks.

Researchers at Check Point Harmony observed more than 5,000 of the attacks — in which fake login pages lead victims to a credential-harvesting site — in the first two weeks of September alone, they revealed in a recent blog post. They informed Dropbox of the campaign’s existence on Sept. 18.

The attack is yet another example of the latest iteration of BEC — BEC 3.0 — in which attackers use legitimate sites that are familiar and trusted by end users to send and host phishing material, the Check Point Team wrote in the post. Other popular sites used in BEC 3.0 attacks include Google, QuickBooks, and PayPal.

“The legitimacy of these sites makes it nearly impossible for email security services to stop and for end users to spot,” according to the post. “It’s one of the cleverer innovations we’ve seen, and given the scale of this attack thus far, it’s one of the most popular and effective.”

Indeed, the attacks are dangerous for users because they evade both NLP technology and the URL scanning that email security technology uses to flag messages as suspicious.

“NLP is useless here — the language comes directly from legitimate services, and nothing is awry,” according to the post. In a similar way, trying to flag a suspicious URL doesn’t work either since the links used in the messages direct to a legitimate Dropbox site.

Read: https://www.darkreading.com/cloud/fast-growing-dropbox-campaign-microsoft-sharepoint-credentials

Unmasking Disinformation: Israel-Hamas War and the Battle for Truth

After Hamas’ attacks on Israel, journalists, researchers, and fact-checkers raced to verify online footage and images. However, users on X (formerly Twitter) seeking information faced a flood of disinformation.OSINT researcher Justin Peden, sometimes known as the Intel Crab online, wrote on X, “For many reasons, this is the hardest time I’ve ever had covering a crisis here.

While reporting on the Gaza escalation in 2021, Peden relied on firsthand accounts from people on the ground and trusted news agencies. However, he encountered significant difficulty this weekend in finding verified content or primary sources on X.

Similar to the events during Russia’s invasion of Ukraine in 2022, a significant portion of the initial footage from the Israel-Hamas conflict emerged on the encrypted messaging platform Telegram. Subsequently, it was disseminated on other platforms, often without undergoing fact-checking or being presented out of context to align with the poster’s narrative.

Read: https://www.wired.com/story/x-israel-hamas-war-disinformation/

Elsewhere online: 

Senior US Firm Executives Targeted by Cybercriminals Using EvilProxy Phishing Kit
Read: https://thehackernews.com/2023/10/cybercriminals-using-evilproxy-phishing.html

British Information Commissioner’s Office Announces Preliminary Notice against Snap Inc. for Failing to Assess “My AI” Privacy Threat
Read: https://therecord.media/snap-ai-chatbot-uk-ico-privacy-watchdog-enforcement

Hacker Groups Amplify Israel-Hamas Conflict with Disruptive Cyberattacks
Read: https://www.securityweek.com/hackers-join-in-on-israel-hamas-war-with-disruptive-cyberattacks/

High-Risk Linux Vulnerability Exposes Numerous Systems to Potential Attacks
Read: https://www.hackread.com/linux-vulnerability-exposes-systems-to-attack/

Stealthy Chinese Hackers Install Custom Firmware on Cisco Routers
Read: https://www.cpomagazine.com/cyber-security/chinese-hackers-installing-custom-firmware-on-cisco-routers-without-detection/

Previously on #AxisOfEasy