Infosec.Pub

The company Flok is surveilling us as we drive: A retired veteran named Lee Schmidt wanted to know how often Norfolk, Virginia’s 176 Flock Safety automated license-plate-reader cameras were tracking him. The answer, according to a U.S. District Court lawsuit filed in September, was more than four times a day, or 526 times from mid-February to early July. No, there’s no warrant out for Schmidt’s arrest, nor is there a warrant for Schmidt’s co-plaintiff, Crystal Arrington, whom the system tagged 849 times in roughly the same period. You might think this sounds like it violates the Fourth Amendment, which protects American citizens from unreasonable searches and seizures without probable cause. Well, so does the American Civil Liberties Union. Norfolk, Virginia Judge Jamilah LeCruise also agrees, and in 2024 she ruled that plate-reader data obtained without a search warrant couldn’t be used against a defendant in a robbery case...

In a remarkable leap for quantum physics, researchers in Japan have uncovered how weak magnetic fields can reverse tiny electrical currents in kagome metals—quantum materials with a woven atomic structure that frustrates electrons into forming complex patterns. These reversals amplify the metal’s electrical asymmetry, creating a diode-like effect up to 100 times stronger than expected. The team’s theoretical explanation finally clarifies a mysterious phenomenon first observed in 2020, revealing that quantum geometry and spontaneous symmetry breaking are key to this strange behavior.

Scam websites tied to online shopping, pet sales, and other e-commerce schemes continue to cause millions in losses each year. Security tools can accurately detect fraudulent sites once they are found, but identifying new ones remains difficult. To close that gap, researchers from Boston University created LOKI, a system that ranks search queries by how likely they are to reveal scams. Using a small seed set of 1,663 confirmed scam domains, LOKI discovered 52,493 previously … More → The post Researchers develop AI system to detect scam websites in search results appeared first on Help Net Security.

Catching and Explaining Novel Malware in Seconds with the DSX Brain and DIANNA

How organisations can improve their ability to both detect and discover cyber threats.

Researchers have found a way to extract almost every photon from diamond color centers, a key obstacle in quantum technology. Using hybrid nanoantennas, they precisely guided light from nanodiamonds into a single direction, achieving 80% efficiency at room temperature. The innovation could make practical quantum sensors and secure communication devices much closer to reality.

The California Privacy Protection Agency (CPPA) issued a record fine earlier this month to Tractor Supply, the country’s self-proclaimed largest “rural lifestyle” retailer, for apparently ducking its responsibilities under the California Consumer Privacy Act. Under that law, companies are required to respect California customers’ and job applicants’ rights to know, delete, and correct information that businesses collect about them, and to opt-out of some types of sharing and use. The law also requires companies to give notice of these rights, along with other information, to customers, job applicants, and others. The CPPA said that Tractor Supply failed several of these requirements. This is the first time the agency has enforced this data privacy law to protect job applicants. Perhaps best of all, the company's practices came to light all thanks to a consumer complaint filed with the agency. Your complaints matter—so keep speaking up.  Tractor Supply, which has 2,500 stores in 49 states, will pay for their actions to the tune of $1,350,000—the largest fine the agency has issued to date. Specifically, the agency said, Tractor Supply violated the law by:

Failing to maintain a privacy policy that notified consumers of their rights; Failing to notify California job applicants of their privacy rights and how to exercise them; Failing to provide consumers with an effective mechanism to opt-out of the selling and sharing of their personal information,[...]

Met Police arrested two teenagers over the Kido nursery ransomware attack, which exposed data for 8,000 children. Full details on the hack and police investigation.

Get details on our discovery of a critical vulnerability in GitHub Copilot Chat.

Greenland’s prime minister called on the European Union to deepen cooperation on connectivity in the Arctic territory to prevent “unauthorized parties” from disrupting its digital infrastructure.

September data breach disclosed.

Signal and Rights Groups Urge Berlin to Reject CSAM Proposal Ahead of Key EU VoteThe German federal government is under pressure to withdraw support for a European Union content scanning proposal that critics argue poses large-scale privacy risks. The EU Justice and Home Affairs Council is set to vote Oct. 14 on a regulation called Chat Control.

"Will retain its independent brand, tools and mission."

Security researchers at UC Irvine reveal the 'Mic-E-Mouse' attack, showing how high-DPI optical sensors in modern mice can detect desk vibrations and reconstruct user speech with high accuracy. Learn how this side-channel vulnerability affects your privacy.

From Input Output via this RSS feed

From Input Output via this RSS feed

North Korean hackers have stolen an estimated $2 billion worth of cryptocurrency assets in 2025, marking the largest annual total on record. [...]

Texas-Based Harris Health Says FBI Just Gave Green Light to Notify 5,000 PatientsHarris Health is contacting 5,000 patients about a breach involving a former employee who improperly accessed electronic health records for over a decade. The Texas health entity said it discovered and reported the incident four years ago to the FBI, which just gave the green light for notification.

Researchers report an increase in the use of hidden content in spam and malicious email to confuse filters and other security mechanisms.

Placing "unreasonable load" on servers.