Cyber 332 Weekly Blog

 Security researcher "brutecat" discovered a vulnerability in Google's old username recovery system that allows attackers to brute-force users' recovery phone numbers in seconds. To do this, they'd disable JavaScript and use the recovery password method. Additionally, by browsing Looker Studio document sharing, attackers can reveal users' information, including name and phone number, which shows the last digit, allowing them to bypass CAPTCHA and brute-force the remaining number. As the article shows, a Singaporean phone number can be uncovered in seconds, while a U.S.-based number can take around 20 minutes. This type of vulnerability poses a significant risk, including unauthorized account access and SIM swapping attacks. After Google learned about this attack, they responded by removing the vulnerable form and awarded the researcher a $5,000 bug bounty. This incident highlights how even the simplest thing can lead to a major attack. Companies shouldn't ...

 Today, countries are competing to lead in technology, innovation, and other cutting-edge ideas. The US is working to stay ahead of China in artificial intelligence, but it's crucial not to lose focus on security. While innovation and business influence are key to success, the US must also be mindful of the potential for AI tools to be misused by government officials for surveillance and military purposes.  There are numerous efforts to regulate AI exports, and rules have been created to control them, but these efforts are often inconsistent and can be overturned by subsequent administrations. The US faces some difficulties with AI technologies that are exported from abroad, creating uncertainty. Some US tech companies have partnered with countries in the Far East, raising national security concerns. Both countries advanced the system in the military, which caused a dual-use concern. Achieving AI dominance is about building a system that is both safe and responsible. ...

Salesforce announced its intention to acquire the data management company Informatica for approximately $8 billion, marking its largest acquisition since purchasing Slack for nearly $28 billion in 2021. This move aims to enhance Salesforce's data management and AI capabilities, specifically to boost the Salesforce Agentforce platform, as it will enable the business to automate tasks through virtual AI agents. This deal is priced at around $25 per share, representing a 30% premium over Informatica's stock price prior to the renewed news surfacing. However, the deal may face antitrust scrutiny due to functional overlap with the existing Mulesoft platform within Salesforce. At the same time, Salesforce hopes the acquisition will provide a reasonable return on investment and strengthen its position in the AI-driven software market.   https://www.reuters.com/technology/salesforce-nears-8-billion-deal-informatica-wsj-reports-2025-05-27/   

 According to WIRED, Americans have been targeted by scammers from around the world. Based on the data in the article, nearly $16.6 billion is expected to be lost to online crimes. Approximately 200,000 individuals reported scams such as phishing and spoofing to the FBI, with almost $470 million stolen through scams initiated by anonymous texts or messages. According to the Federal Trade Commission, Google plans to implement AI-on-Device Scam Protection that will run on messaging applications when they launch Android 16, aiming to identify various types of scams, including crypto, lottery, gift card, and prize scams, among others. This security system operates on individual users' devices without sharing data with Google. According to Google, this new system has protected approximately 2 billion suspicious messages from users in one month. This AI can detect both simple and complex schemes. This will be added at the upcoming launch of Android 16 to safeguard against evolving scams ...