Personal Information Compromised in City of Tucson Data Breach

 In light of a recent data breach, the City of Tucson, Arizona, is alerting approximately 123,000 citizens that their personal information has been compromised. The issue was detected in May 2022, but the city’s investigation didn’t conclude until last month.

As detailed in the notification addressed to those impacted by the data breach, an attacker infiltrated the city’s network and exfiltrated a large number of sensitive files.

Between May 17 and May 31, the threat actors obtained access to the network and stole essential documents containing the personal information of over 123,000 people.

The data breach notification states, “On May 29, 2022, the City learned of suspicious behavior using a user’s network account credentials.” Additionally, “On August 4, 2022, the City discovered that certain files may have been copied and removed from its network.”

The city disclosed in a separate notice, “On September 12, this review concluded, and the review determined that the information at issue included certain personal information.”

The city began contacting potentially affected individuals on September 23, informing them that the attackers may have gained access to their names and Social Security numbers, among the sensitive personal information exposed during the incident.

The notification letters issued to the affected individuals also stated that, at the moment, there’s no proof of personal data being used for fraudulent activities.

Affected individuals are encouraged to monitor their credit reports for any unusual activities that may point to identity theft or fraud using their personal information.

For those affected, the city is giving free credit monitoring and identity protection services from Experian for an entire year, as well as advice on how to avoid being a victim of identity theft.

The city is committed to protecting residents’ personal information as it continues to review its existing policies and procedures regarding cybersecurity and evaluate additional measures and safeguards to protect against this type of event.

Akamai Finds 13 Million Malicious Domains Each Month

According to a new Akamai analysis, the company’s experts classified about 79 million domains as dangerous in the first half of 2022; based on a NOD (newly observed domain) dataset, this is about 13 million malicious domains per month, representing 20.1% of all the successfully resolved NODs.

According to Akamai, a NOD is any domain queried for the first time in the last 60 days. And by “malicious,” it means a domain name that leads to a site meant to phish, spread malware or do some other kind of damage online.

Akamai said, “[The NOD dataset] is where you find freshly registered domain names, typos, and domains that are only very rarely queried on a global scale.” The company observes about 12 million new NODs daily, of which slightly more than 2 million are successfully resolved.

The organization uses relatively simple procedures to determine whether a domain is harmful or not. With the assistance of the larger cybersecurity community, Akamai compiled a 30-year predictive list of known domain generation algorithms (DGAs) that may be used to detect domains registered with DGAs.

Since DGA domains may be created in quantity for even temporary campaigns, hackers frequently use them to distribute malware and host phishing pages. Think of DGAs as places on the internet where malware and other things can meet up and use them.

According to the company, most of Akamai’s malicious domain detections come from the “more than 190 NOD-specific detection criteria” it employs for NOD-based detection. They also mentioned that among the 79 million malicious NODs it discovered in the first half of the year, there were only 0.00042 percent false positives.

There are other options than Akamai’s NOD detection, such as Cisco’s “newly seen domain” detection system, which scans DNS data and alerts users to potentially dangerous websites.

Although it’s unclear how those services stack up against Akamai’s, their end objectives seem to be comparable and indicate that NODs are a well-known security issue that other businesses are seeking to address.

Lyft and Argo Bring Autonomous Vehicle Rides to Austin

Lyft is now launching autonomous robotaxi trips in Austin, Texas. Argo AI will power Ford’s autonomous driving vehicles.

According to a blog post by the company, Austin users can choose a driverless commute directly from the Lyft app for the same price as a regular Lyft ride. Customers can start the ride, unlock the doors, and get in touch with customer service via the app. At first, that might seem strange, especially considering that two people in the driver’s and passenger’s seats will monitor the journey for safety.

After Miami and Las Vegas, Austin is the third city where Lyft offers autonomous rides. In December 2021, the company started providing rides in Miami. As part of a partnership between the three businesses announced in July 2021, these rides also utilize Argo AI technology on Ford automobiles.

The announcement by Lyft and Argo of a launch in Austin was anticipated; the two companies, along with Ford, had previously announced a plan to introduce at least 1,000 autonomous vehicles on Lyft’s network over the course of five years, beginning in Austin and Miami. However, the launch moved faster since leading rival Cruise announced intentions to introduce its autonomous transportation service in Austin before the year.

Lyft and Argo have generally avoided Cruise’s home city of San Francisco, where rivals like Waymo and Zoox have concentrated their resources, and Cruise debuted a fully autonomous commercial ride-hailing service this summer. Instead, the businesses have focussed on other American cities with less rivalry.

In Las Vegas, Lyft and Motional also unveiled a fleet of fully electric robotaxis. In addition, Argo is conducting live tests in seven locations worldwide, including Hamburg, Germany, Washington, D.C., Pittsburgh, Detroit, and Palo Alto.

During the launch, two people in the driver’s and passenger’s seats will monitor the journey for safety on behalf of the company.

According to Lyft, removing the driver would depend on safety performance statistics, an appropriate amount of public approval, and regulations.

Intel Confirms Leak of Alder Lake BIOS Source Code

After a source code leak was posted by an unidentified third party on 4chan and GitHub last week, the technology giant Intel has confirmed that confidential source code related to its Alder Lake CPUs has been leaked.

The disclosed information comprises UEFI (Unified Extensible Firmware Interface) code for the company’s 12th-generation CPUs that were released in November 2021.

It is believed that the leaked data also contained multiple references to Lenovo, including code used for integration with Lenovo String Service, Lenovo Cloud Service, and Lenovo Secure Suite.

According to Intel, the source code is genuine and is their “exclusive UEFI code.” Furthermore, the technology giant stated that it doesn’t believe this exposes any new security vulnerabilities as it does not rely on the obfuscation of information as a security measure.

Sources from Hardened Vault noted that attackers can still gain significantly from the breaches even if the disclosed OEM implementation is only partially deployed in production.

According to other sources, a private encryption key called KeyManifest, which is used to protect Intel’s Boot Guard platform, was also exposed in the breach.

It is unknown whether or not the compromised private key is used in production. Still, if it is, it might allow hackers to alter the boot policy of Intel’s firmware and bypass the company’s hardware-level security measures.

Despite the fact that the source of the leak remains unknown, it’s clear that sensitive information about Intel’s Alder Lake CPUs has been exposed. This breach might allow attackers to exploit security measures put in place by Intel. If you have discovered a vulnerability in the source code, you can report it to Intel’s Project Circuit Breaker bug reward program. Depending on the severity of the issue, you could be eligible for a reward of up to $100,000.

 

New AI Upgrades to Adobe Photoshop and Premiere Elements

While Premiere Elements 2023 is receiving a couple of new features and a considerable speed boost, Photoshop Elements 2023 adds some powerful new features and enhanced performance. Along with these enhancements, both editors have been given a boost from Adobe Sensei, the company’s universal AI.

While Premiere Elements 2023 is receiving a couple of new features and a considerable speed boost, Photoshop Elements 2023 adds some powerful new features and enhanced performance. Along with these enhancements, both editors have been given a boost from Adobe Sensei, the company’s universal AI.

Adobe’s mission is to make video and photo editing more efficient, regardless of the user’s skill level.

The latest editions of the Elements software rely heavily on artificial intelligence. For example, thanks to the new AI implementations, one of the most eye-catching editing features in the new Photoshop Elements 2023 is the ability to convert still images into moving photos.

Adobe demonstrated how easy it is to add movement elements to still pictures. This demonstration showed how you could quickly add animation to bring a waterfall picture to life. All you have to do is select the Moving Elements tool, choose the region to be animated, and specify the movement’s direction. The newly released Photoshop Elements also includes an excellent range of overlays, patterns, backgrounds, and other features.

As for the video editing software, Premiere Elements 2023 will automatically recognize faces and tag videos, making it easier to find friends and family for compilation videos. Another handy feature is auto-reframe; this feature lets you switch between portrait and landscape modes without sacrificing any of the crucial details of the scene. The last features worth mentioning are the different aesthetic effects that can be applied to a video clip and the Auto-Creations feature that automates editing.

The introduction of a three-way “connected experience” has also been announced by Adobe. With the release of web and mobile apps for iOS and Android, users can now view and share media on their mobile devices. In addition, users can make basic edits from a browser.

In addition to the new features, Adobe claims that these new versions are lighter than last year’s versions and that the software launches 50% faster. They also claim that installs are now 35% faster.

Each application is priced at $100 or $80 if upgrading from a previous version. The two applications can be purchased in a bundle for $150 or upgraded for $120.