Network security

Google pays around $1.4 billion over privacy case

Google has agreed to pay $1.375 billion to settle a lawsuit brought by the state of Texas over allegations that it violated users’ privacy through features such as Incognito mode, Location History, and biometric data collection.

Despite the sizable sum, Google denies any wrongdoing, stating that the claims were based on outdated practices which have since been updated.

Texas Attorney General Ken Paxton announced the settlement, emphasising that large tech firms are not above the law.

He accused Google of covertly tracking individuals’ locations and personal searches, while also collecting biometric data such as voiceprints and facial geometry — all without users’ consent. Paxton claimed the state’s legal challenge had forced Google to answer for its actions.

Although the settlement resolves two lawsuits filed in 2022, the specific terms and how the funds will be used remain undisclosed. A Google spokesperson maintained that the resolution brings closure to claims about past practices, instead of requiring any changes to its current products.

The case comes after a similar $1.4 billion agreement involving Meta, which faced accusations of unlawfully gathering facial recognition data. The repeated scrutiny from Texas authorities signals a broader pushback against the data practices of major tech companies.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Starkville Utilities hit by cyberattack

Starkville Utilities, a Mississippi-based electricity and water provider that also services Mississippi State University, has revealed a data breach that may have exposed sensitive information belonging to over 11,000 individuals.

The breach, which was first detected in late October last year, led the company to disconnect its network in an attempt to contain the intrusion.

Despite these efforts, an investigation later found that attackers may have accessed personal data, including full names and Social Security numbers. Details were submitted to the Maine Attorney General’s Office, confirming the scale of the breach and the nature of the data involved.

While no reports of identity theft have emerged since the incident, Starkville Utilities has chosen to offer twelve months of free identity protection services to those potentially affected. The company maintains that it is taking additional steps to improve its cybersecurity defences.

Stolen data such as Social Security numbers often ends up on underground marketplaces instead of staying idle, where it can be used for identity fraud and other malicious activities.

The incident serves as yet another reminder of the ongoing threat posed by cybercriminals targeting critical infrastructure and user data.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

LockBit ransomware hacked, data on affiliates leaked

Internal data from the notorious LockBit ransomware group has been leaked following a hack of one of its administration panels. Over 200 conversations between affiliates and victims were also uncovered, revealing aggressive ransom tactics ranging from demands of a few thousand to over $100,000.

The breach, discovered on 7 May, exposed sensitive information including private chats with victims, affiliate account details, Bitcoin wallet addresses, and insights into LockBit’s infrastructure.

A defaced message on the group’s domain read: ‘Don’t do crime, crime is bad xoxo from Prague,’ linking to a downloadable archive of the stolen data. Although LockBit confirmed the breach, it downplayed its impact and denied that any victim decryptors were compromised.

Security researchers believe the leak could provide crucial intelligence for law enforcement. Searchlight Cyber identified 76 user credentials, 22 of which include TOX messaging IDs, commonly used by hackers and connected some users to aliases on criminal forums.

Speculation suggests the hack may be the result of infighting within the cybercriminal community, echoing a recent attack on the Everest ransomware group’s site. Authorities continue to pursue LockBit, but the group remains active despite previous takedowns.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Microsoft bans DeepSeek app for staff use

Microsoft has confirmed it does not allow employees to use the DeepSeek app, citing data security and propaganda concerns.

Speaking at a Senate hearing, company president Brad Smith explained the decision stems from fears that data shared with DeepSeek could end up on Chinese servers and be exposed to state surveillance laws.

Although DeepSeek is open source and widely available, Microsoft has chosen not to list the app in its own store.

Smith warned that DeepSeek’s answers may be influenced by Chinese government censorship and propaganda, and its privacy policy confirms data is stored in China, making it subject to local intelligence regulations.

Interestingly, Microsoft still offers DeepSeek’s R1 model via its Azure cloud service. The company argued this is a different matter, as customers can host the model on their servers instead of relying on DeepSeek’s infrastructure.

Even so, Smith admitted Microsoft had to alter the model to remove ‘harmful side effects,’ although no technical details were provided.

While Microsoft blocks DeepSeek’s app for internal use, it hasn’t imposed a blanket ban on all chatbot competitors. Apps like Perplexity are available in the Windows store, unlike those from Google.

The stance against DeepSeek marks a rare public move by Microsoft as the tech industry navigates rising tensions over AI tools with foreign links.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

LockBit ransomware platform breached again

LockBit, one of the most notorious ransomware groups of recent years, has suffered a significant breach of its dark web platform. Its admin and affiliate panels were defaced and replaced with a message linking to a leaked MySQL database, seemingly exposing sensitive operational details.

The message mocked the gang with the line ‘Don’t do crime CRIME IS BAD xoxo from Prague,’ raising suspicions of a rival hacker or vigilante group behind the attack.

The leaked database, first flagged by a threat actor known as Rey, contains 20 tables revealing details about LockBit’s affiliate network, tactics, and operations. Among them are nearly 60,000 Bitcoin addresses, payload information tied to specific targets, and thousands of extortion chat messages.

A ‘users’ table lists 75 affiliate and admin identities, many with passwords stored in plain text—some comically weak, like ‘Weekendlover69.’

While a LockBit spokesperson confirmed the breach via Tox chat, they insisted no private keys were exposed and that losses were minimal. However, the attack echoes a recent breach of the Everest ransomware site, suggesting the same actor may be responsible.

Combined with past law enforcement actions—such as Operation Cronos, which dismantled parts of LockBit’s infrastructure in 2024—the new leak could harm the group’s credibility with affiliates.

LockBit has long operated under a ransomware-as-a-service model, providing malware to affiliates in exchange for a cut of ransom profits. It has targeted both Linux and Windows systems, used double extortion tactics, and accounted for a large share of global ransomware attacks in 2022.

Despite ongoing pressure from authorities, the group has continued its operations—though this latest breach could prove harder to recover from.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Gemini Nano boosts scam detection on Chrome

Google has released a new report outlining how it is using AI to better protect users from online scams across its platforms.

The company says AI is now actively fighting scams in Chrome, Search and Android, with new tools able to detect and neutralise threats more effectively than before.

At the heart of these efforts is Gemini Nano, Google’s on-device AI model, which has been integrated into Chrome to help identify phishing and fraudulent websites.

The report claims the upgraded systems can now detect 20 times more harmful websites, many of which aim to deceive users by creating a false sense of urgency or offering fake promotions. These scams often involve phishing, cryptocurrency fraud, clone websites and misleading subscriptions.

Search has also seen major improvements. Google’s AI-powered classifiers are now better at spotting scam-related content before users encounter it. For example, the company says it has reduced scams involving fake airline customer service agents by over 80 per cent, thanks to its enhanced detection tools.

Meanwhile, Android users are beginning to see stronger safeguards as well. Chrome on Android now warns users about suspicious website notifications, offering the choice to unsubscribe or review them safely.

Google has confirmed plans to extend these protections even further in the coming months, aiming to cover a broader range of online threats.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Indian stock exchanges curb foreign access amid cybersecurity concerns

India’s two largest stock exchanges, the National Stock Exchange (NSE) and BSE Ltd, have temporarily restricted overseas access to their websites amid rising concerns over cyber threats. The move does not affect foreign investors’ ability to trade on Indian markets.

Sources familiar with the matter confirmed the decision followed a joint meeting between the exchanges, although no recent direct attack has been specified.

Despite the restrictions, market operations remain fully functional, with officials emphasising that the measures are purely preventive.

The precautionary step comes during heightened regional tensions between India and Pakistan, though no link to the geopolitical situation has been confirmed. The NSE has yet to comment publicly on the situation.

A BSE spokesperson noted that the exchanges are monitoring cyber risks both domestically and internationally and that website access is now granted selectively to protect users and infrastructure.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

LockBit ransomware Bitcoin addresses exposed

Nearly 60,000 Bitcoin addresses linked to LockBit’s ransomware operations have been exposed following a major breach of the group’s dark web affiliate panel.

The leak, which included a MySQL database dump, was shared publicly online and could assist blockchain analysts in tracing LockBit’s financial activity instead of leaving such transactions untracked.

Despite the scale of the breach, no private keys were leaked. A LockBit representative reportedly confirmed the incident in a message, stating that no sensitive access data was compromised.

However, the exposed database included 20 tables, such as one labelled ‘builds’ that contained details about ransomware created by affiliates and their targeted companies.

Another table, ‘chats,’ revealed over 4,400 messages from negotiations between victims and LockBit operators, offering a rare glimpse into the inner workings of ransomware extortion tactics.

Analysts believe the hack may be connected to a separate breach of the Everest ransomware site, as both featured identical messages, hinting at a possible link.

The incident has again underscored the central role of cryptocurrency in the ransomware economy. Each victim is typically given a unique address for payments, making tracking difficult.

Instead of remaining hidden, these addresses now give law enforcement and blockchain experts a chance to trace payments and potentially link them to previously unidentified actors.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!

Tether adds Chainalysis tools to enhance crypto compliance

Tether has partnered with Chainalysis to integrate its compliance and monitoring tools into the Hadron by Tether platform. The collaboration will provide users with advanced risk detection and real-time transaction monitoring, helping institutions meet regulatory requirements.

The move is part of a wider trend of increased oversight in the crypto industry.

Hadron by Tether, launched in November 2024, enables institutions, governments, and corporations to tokenise real-world assets like financial instruments and real estate. The platform has seen a surge in adoption, with the real-world asset (RWA) market growing by 10.5% in the past month.

Tether’s CEO, Paolo Ardoino, highlighted that this integration would provide institutional-grade compliance without compromising decentralisation.

Chainalysis is known for its security tools and blockchain data platform. It will now support Hadron users with risk detection, real-time transaction monitoring, and Know-Your-Transaction (KYT) services.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot

Microsoft drops passwords in Authenticator app to support passkeys

Microsoft has announced that its Authenticator app will stop supporting the saving of new passwords from 1 June, with autofill features to be removed in July. By August, users will no longer have access to any passwords stored in the app.

The decision marks a shift in Microsoft’s focus from app-based password management to browser-based solutions, particularly via Microsoft Edge.

The company recommends that users move their saved passwords to a dedicated password manager or the Edge browser immediately.

Instead of continuing to develop Authenticator as a full password manager, Microsoft is encouraging users to adopt passkeys—digital credentials that offer stronger security.

Passkeys use cryptographic keys stored locally on devices, making them much harder to steal or guess compared to traditional passwords.

Microsoft insists this change is part of a broader push to phase out outdated password systems in favour of safer, faster authentication methods.

Security experts support this move but caution users to take immediate action to prevent losing access to important logins.

Microsoft itself admits that Authenticator was never a proper password manager in the traditional sense, and that dedicated apps such as 1Password or Apple’s built-in password tools provide better options for storing credentials securely.

Users should ensure they export or migrate their stored information well before the August cutoff.

A change like this also reflects Microsoft’s alignment with industry trends, alongside Apple and Google, to accelerate the adoption of passkeys.

The company argues that with attackers increasingly exploiting weak or reused passwords, replacing them altogether with newer technology is not just advisable—it’s essential.

Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!