AT&T and Verizon have confirmed cyberattacks linked to a Chinese hacking group known as “Salt Typhoon,” but assured the public on Saturday that their US networks are now secure. Both companies acknowledged the breaches for the first time, stating they are cooperating with law enforcement and government agencies to address the threat. AT&T disclosed that the attackers targeted a small group of individuals tied to foreign intelligence, while Verizon emphasised that the activities have been contained following extensive remediation efforts.
The attacks, described by US officials as the most extensive telecommunications hack in the nation’s history, reportedly allowed Salt Typhoon operatives to access sensitive network systems, including the ability to geolocate individuals and record phone calls. Authorities have linked the breaches to several telecom firms, with a total of nine entities now confirmed as compromised. In response, the Cybersecurity and Infrastructure Security Agency has urged government officials to transition to encrypted communication methods.
US Senators, including Democrat Ben Ray Luján and Republican Ted Cruz, have expressed alarm over the breach’s scale, calling for stronger safeguards against future intrusions. Meanwhile, Chinese officials have denied the accusations, dismissing them as disinformation and reaffirming their opposition to cyberattacks. Despite assurances from the companies and independent cybersecurity experts, questions remain about how long it will take to fully restore public confidence in the nation’s telecommunications security.
Manually created Windows 11 installer media for October and November 2024 patches could leave systems unable to install future security updates. The issue impacts USB or CD installers for version 24H2 and may affect businesses, schools, and PC enthusiasts.
Microsoft clarified that systems receiving October and November updates via Windows Update or the Update Catalog remain unaffected. However, media-created installations require rebuilding with the December 2024 update, followed by a full reinstallation. Microsoft recommends ensuring December’s patch is included in new installation media.
The company acknowledged the issue on its known problems page and is actively developing a permanent fix. Other bugs in version 24H2 have also emerged, affecting audio devices, Outlook with outdated Google Workspace Sync, and certain Ubisoft games.
Serbia has been accused of using spyware to target journalists and activists, according to a new Amnesty International report. Investigations revealed that ‘NoviSpy,’ a homegrown spyware, extracted private data from devices and uploaded it to a government-controlled server. Some cases also involved the use of technology provided by Israeli firm Cellebrite to unlock phones before infecting them.
Activists reported unusual phone activity following meetings with Serbian authorities. Forensic experts confirmed NoviSpy exported contact lists and private photos to state-controlled servers. The Serbian government has yet to respond to requests for comment regarding these allegations.
Cellebrite, whose phone-cracking devices are widely used by law enforcement worldwide, stated it is investigating the claims. The company’s representative noted that misuse of their technology could violate end-user agreements, potentially leading to a suspension of use by Serbian officials.
Concerns over these practices are heightened due to Serbia’s EU integration programme, partially funded by Norway and administered by the UN Office for Project Services (UNOPS). Norway expressed alarm over the findings and plans to meet with Serbian authorities and UNOPS for clarification.
Australia’s financial crime watchdog, AUSTRAC, has launched a dedicated cryptocurrency task force to enforce anti-money laundering laws on crypto ATM providers. The move aims to curb the rising use of cryptocurrency in scams, money laundering, and fraud as the sector grows rapidly.
The task force will focus on ensuring that digital currency exchanges offering crypto ATM services implement robust safeguards against illicit activities. Australia currently has 1,200 crypto ATMs and 400 registered digital currency exchange providers. Non-compliance with regulations will result in financial penalties, AUSTRAC warned.
With Bitcoin surpassing $100,000 following Donald Trump’s election as US president, the global cryptocurrency market has nearly doubled in value this year. AUSTRAC CEO Brendan Thomas emphasised the urgent need for action, citing the increasing number of Australians falling victim to crypto-related scams.
Microsoft announced that most services for Outlook and Teams were restored late Monday after a widespread outage disrupted users throughout the day. While a small number of users continue to face issues with Outlook on the web, the company promised full restoration by Tuesday.
The disruption peaked with over 5,000 complaints logged on Downdetector, though Microsoft implemented fixes that restored functionality to 98% of affected environments by midday. Progress slowed in the afternoon, but by evening, reports of issues had significantly declined.
This outage, which impacted countless office workers ahead of the Thanksgiving holiday, is the latest in a year of major tech disruptions globally. Although significant, the scale of this incident was far smaller than the summer outage of CrowdStrike’s systems, which caused billions in losses across industries.
Aleksei Andriunin, the founder of cryptocurrency firm Gotbit, has been indicted in the US for alleged involvement in a conspiracy to manipulate cryptocurrency markets. The Justice Department claims that Andriunin and his firm provided market manipulation services to increase artificial trading volumes for various cryptocurrency companies from 2018 to 2024.
The superseding indictment also names Gotbit’s directors, Fedor Kedrov and Qawi Jalili, who were already charged earlier in October. Prosecutors allege that these actions aimed to distort the cryptocurrency markets, with several companies, including some in the United States, reportedly benefitting from these tactics.
If convicted, Andriunin faces significant penalties, with wire fraud charges carrying a potential 20-year prison sentence. He could also face an additional five years for conspiracy charges. The allegations form part of a larger crackdown on crypto market manipulation, which has already led to several arrests and asset seizures worth $25 million.
Recent moves by federal prosecutors highlight a more aggressive stance on crypto-related fraud. They have targeted multiple firms, including Gotbit, and several leaders have already agreed to plead guilty. The crackdown aims to strengthen transparency and curb malpractice in the cryptocurrency market.
China’s Ministry of State Security announced the discovery of foreign spying devices in its waters, including underwater ‘lighthouses’ that could potentially guide foreign submarines. The ministry revealed on its official WeChat account that it had retrieved several types of devices hidden on the ocean floor, gathering real-time data from within China’s claimed territorial waters.
This revelation comes amid rising tensions in the South China Sea, where China and the Philippines dispute territory, increasing the risk of a broader confrontation potentially involving the US. China’s recent military drills around Taiwan have also heightened concerns, as the US and Taiwan have condemned Beijing’s actions.
China claims nearly all of the South China Sea, overlapping areas claimed by other Southeast Asian nations, and has maintained it will not renounce using force over Taiwan. A new phase in the submarine arms race between China and the US and its allies is underway, with Beijing projected to field nuclear-armed submarines by the decade’s end. The ministry affirmed its commitment to defending China’s maritime sovereignty and addressing threats of foreign espionage in its waters.
A Londoner who had his phone stolen while walking near the Science Museum believes Google’s new AI security update would have made a big difference. Tyler, whose phone was snatched by a thief on a bike, struggled to lock it remotely as he couldn’t remember his password. The update, which uses AI and sensors to detect when a phone is stolen, would automatically lock the screen to prevent thieves from accessing data.
Google’s new feature allows users to remotely lock a stolen device using just their phone number, a measure welcomed by Tyler as he believes it would have helped him secure his device in moments of panic. The initiative is part of a broader effort to combat phone theft, with mobile phones now accounting for 69% of all thefts in London. Last year, over 11,800 robberies involved phone thefts.
Sadiq Khan, the Mayor of London, also supports the update, having previously lobbied phone companies to make their devices less attractive to criminals. Tech experts say the update’s AI-driven security, combined with the Offline Device Lock feature, will make it harder for thieves to access stolen phones.
Tyler hopes the new technology will deter criminals from stealing phones altogether, as the devices would become worthless once locked. Without resale value, he believes phone thefts will be a waste of time for criminals.
Chinese researchers from Shanghai University have claimed a significant breakthrough in quantum computing, asserting that they breached encryption algorithms commonly used in banking and cryptocurrency. Led by Wang Chao, the team employed a quantum computer from Canada’s D-Wave Systems to exploit vulnerabilities in the Present, Gift-64, and Rectangle algorithms, which form the backbone of the Substitution-Permutation Network (SPN) structure underpinning advanced encryption standards (AES) widely used for securing cryptocurrency wallets.
While AES-256 is regarded as one of the most secure encryption standards, the researchers warn that the advent of quantum computers could pose a serious threat to traditional password protection. Their technique, based on quantum annealing, operates similarly to artificial intelligence algorithms, allowing for more efficient searches by circumventing obstacles that traditional methods struggle to overcome.
Despite these advancements, the researchers noted that practical limitations remain, such as environmental factors and hardware constraints that prevent a full-scale quantum attack at this time. However, they emphasised that future developments could uncover new vulnerabilities in current cryptographic systems.
Ethereum co-founder Vitalik Buterin has proposed a potential solution to mitigate the risk posed by quantum computing, suggesting a hard fork of the Ethereum blockchain to implement new wallet software and enhance security. He indicated that the necessary infrastructure for such a move could be developed promptly, providing a proactive approach to safeguarding user funds.
Criminal networks in Southeast Asia are increasingly exploiting Telegram for large-scale illicit activities, according to a new report from the United Nations. The encrypted messaging app is used to trade hacked data, including credit card details and passwords, across sprawling, poorly-moderated channels. The report also notes that unlicensed cryptocurrency exchanges on the platform provide money laundering services.
Fraud tools, such as deepfake software and data-stealing malware, are widely sold, enabling organised crime syndicates to innovate and expand their operations. One vendor in Chinese reportedly claimed to move millions in stolen cryptocurrency daily. Southeast Asia has become a hub for these activities, where criminal groups target victims worldwide, generating up to $36.5 billion annually.
The controversy surrounding Telegram escalated when its founder, Pavel Durov, was arrested in Paris for allowing criminal activity on the platform. Durov, who is now out on bail, has since announced steps to cooperate with law enforcement by sharing users’ information when requested legally and removing certain features used for illegal purposes.
As the UNODC report warns, the widespread use of Telegram for underground markets places consumers’ data at heightened risk. Criminals are not only exploiting technology like artificial intelligence but are also leveraging the platform’s ease of use to target victims globally.
