Monday, April 20, 2026

Maryland bans Surveillance pricing

 

Maryland banned using your personal data to secretly charge you more for groceries than someone else — a first in the U.S.

Under the Protection from Predatory Pricing Act, Maryland will become the first U.S. state to outlaw this practice in the grocery sector. The law:

Prohibits

  • Using personal or surveillance data to set individualized grocery prices
  • Charging different people different prices for the same grocery item based on who they are
  • Real‑time price changes driven by consumer profiling

Requires

  • Grocery prices generally remain fixed for at least one business day, limiting sudden price spikes from digital tag
     

     
     

Posted by at No comments:

Sunday, April 19, 2026

Booking.com data breach follow up


 

Posted by at No comments:

Tuesday, April 14, 2026

Booking.com data breach April 14, 2026

  Customers began receiving notifications April 12-13

According to Booking.com’s own notifications and follow‑up reporting, the exposed information may include:

  • Names
  • Email addresses
  • Phone numbers
  • Postal addresses
  • Reservation details (dates, property info, itinerary)
  • Messages or notes shared with accommodation providers

Booking.com has repeatedly stated that payment and credit‑card data were not accessed.

Booking.com reports it:

  • Reset reservation PIN codes tied to affected bookings
  • Contacted impacted customers directly by email
  • Advised customers to be vigilant for phishing attempts
  • Stated the incident is now “under control”, though investigations are ongoing

The company has not disclosed:

  • How many customers were affected
  • Exactly when the breach occurred
  • Technical details of how the access happened

  • While no financial data was taken, experts warn that the combination of personal info + travel details makes this breach particularly dangerous. Attackers can craft highly convincing phishing messages (email, SMS, WhatsApp, or phone calls) that reference real bookings.

    Reports already show customers receiving scam contacts pretending to be Booking.com or their hotel, asking for “verification” or payments.

     

    Booking.com has emphasized that it will never:

    • Ask for credit‑card details
    • Request bank transfers
    • Ask for personal information via email, phone, text, or WhatsApp

    Customers are strongly advised not to click links in unsolicited messages claiming to be from Booking.com or properties. 

     

    Based on Booking.com’s guidance and security reporting:

    • ✅ Treat unexpected messages about bookings as suspicious
    • ✅ Verify any issue by logging directly into Booking.com (not via links)
    • ✅ Be cautious of urgent payment or “verification” requests
    • ✅ Monitor email and messaging apps for phishing attempts
     

Posted by at No comments:

Sunday, April 12, 2026

Anthropic Mythos

  AI giant Anthropic announced a new model called Mythos..
Mythos finds security flaws in software. Windows, MacOS, Linux, browsers, aps, ANYTHING.

 This prompted a urgent meeting with the Treasury Secretary, the Federal Reserve, and Wall Street executives.

 Given the scope of this tool  it might be good to use more acceptance to offered patching.

Posted by at No comments:

WARNING from FBI, NSA, CISA and Department of Energy - Ireanian hackers

 Collective alarm from US government agencies citing Iranian attacks in US Critical Infrastructure via exploits in Programmable Logic Controllers (PLCs).

 Mutually Assured Disruption

A report cites 5,200 device reachable on the Internet.

 

Posted by at No comments:

Russia spy agency reported to be hacking into home and small business routers

 As a follow on to the recent blog post of  March 30 where the FCC has banned almost all consumer grade routers not made in the United States - a Russian spy agency was recently found to be hacking into TP-Link and MicroTik routers with known vulnerabilities to route victim's Internet traffic to servers under the control of Russian hacking unit known as Fancy Bear.

 The intent is to steal passwords and OAuth tokens to gain access th those accounts.

 The FBI has secured a court order allowing them to effectively hack into the affected routers and remove the dodgy DNS records.
 

 

Posted by at No comments:

Tuesday, March 31, 2026

ClickFix exploits on the rise

 

ClickFix tricks users into running malicious commands themselves by pretending they’re “fixing” a problem or completing a verification.

Why ClickFix is so dangerous

  • Bypasses security tools – the action looks legitimate
  • Cross‑platform – Windows, macOS, and Linux are all targeted
  • No vulnerability required – exploits human behavior instead
  • Very fast – compromise can happen in seconds

Microsoft and other vendors report ClickFix has surpassed traditional phishing in some environments as an initial access method

Common ClickFix disguises you’ll see

  • Fake “I am not a robot” CAPTCHA
  • Fake Cloudflare verification
  • Fake Windows Update screen
  • “Browser error – fix required”
  • “Document failed to load – run this to fix”
  • Fake IT support instructions 

    Legitimate websites will NEVER ask you to paste commands into Terminal, PowerShell, or Run to verify or fix something.
     

Posted by at No comments:
Subscribe to: Comments (Atom)