Security is everyone’s problem, sure, but it’s important to remember that entities that collect, store, process, and sell data have a greater responsibility to secure it than you or I. So when a US senator accuses Microsoft of “gross cybersecurity negligence” and calls for an FTC investigation into the company, or the parent company of luxury brands like Gucci and Balenciaga gets hacked, it’s worth paying attention to.
Yes, we should all do things like use a password manager and learn to avoid phishing attacks. Those skills serve us well in the workplace as well as at home. That way, when we’re at work, we don’t fall victim to the type of phishing attack that resulted in the massive ransomware hack that landed Microsoft in hot water in the first place. Even so, companies can only delegate their responsibilities for data security to their employees so much.
For example, as generative AI tools become more powerful, we’ll see more complicated attacks that end users won’t easily be able to identify. This week, we reported that Kimsuky, a North Korean hacking group, has been using ChatGPT’s image generation tools to build very convincing phishing attacks.
There are still plenty of people trying to help, though. For example, when attorneys representing victims in a 2019 accident (where a driver using Tesla’s “Enhanced Autopilot” crashed into a parked car, killing one occupant and severely injuring another) asked Tesla for crash data, the company claimed it didn’t exist. Well, one hacker believed otherwise, and so did the lawyers working on the case. Together, they uncovered the data and presented it at trial, resulting in over $242 million in damages (which Tesla is, of course, appealing.) We spoke to the hacker about how he got involved and how he got the data.
In the same vein, security company Proton, makers of Proton VPN and Proton Pass, reaffirmed its commitment to reporters and security researchers this week after reinstating the accounts of two journalists who were looking into security issues with the South Korean government. It’s problematic that the firm shut down the accounts in the first place, but the fact that, after looking into it (and being called out for it on social media), the company reversed course is a bright spot.
Besides, after Michigan Republicans introduced a very graphic bill to completely ban adult content on the internet and VPNs (and make it a felony to use the latter or view the former), we can appreciate any organization with a commitment to internet privacy. After all, the risks and consequences of living in a surveillance state aren’t theoretical: they’re very real, and can transform a society, as PCMag contributor Rob Pegoraro’s dispatch from Berlin’s Stasi Museum reveals. The parallels between East Germany’s regime and today’s high-tech surveillance are clear, he notes.
There’s more, though, and these are just the stories we covered. Here are some smart stories from around the web that caught our attention and are worth paying attention to:
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
ChatGPT’s Calendar Integration Can Be Exploited to Steal Emails
Remember back in August when we reported that a rogue calendar invitation could turn Google Gemini against you and leak your data? Well, the beat goes on, this time with ChatGPT. According to SecurityWeek, an attacker could use a malicious calendar appointment to scan a user’s inbox for sensitive information and then send that information back to the attacker. Even worse, you don’t even have to accept the calendar appointment or really interact with it in order for it to work: all it has to do is be in your inbox, and all you have to do is use ChatGPT’s calendar integration to review your upcoming appointments on a given day.
Unfortunately, the researchers point out that these kinds of attacks aren’t limited to ChatGPT and are becoming more common as more people connect AI chatbots, which aren’t designed with security in mind, to sensitive systems like their email inboxes, corporate accounts, cloud storage services, and more. The researchers also explained how similar attacks are easy with chatbots like Gemini, Salesforce Einstein, Microsoft’s Copilot, and others. Even worse, most AI companies are aware that these attacks are possible. Whether they plan to do anything about them, or they even consider the attacks their own problem, is another matter entirely.
Court Rejects Verizon’s Claim That Selling Location Data Without Consent Is Legal
Last year, the FCC fined the major wireless carriers almost $200 million for collecting and selling users’ location data without the explicit consent of their users. In response, the three carriers sued the FCC to try and get the fines overturned. Courts upheld the verdict against T-Mobile, overturned the verdict against AT&T (in an appeals court well known to be business-friendly), and now have upheld the verdict against Verizon, according to reporting by Ars Technica.
Recommended by Our Editors
The root issue was that back in 2018, all three major carriers were caught selling location data to a network of buyers who used the data for hyper-local targeted advertising. It wouldn’t have been an issue (legally, anyway) if the carriers had informed the users that their data was being collected and sold for this purpose, but none of them gave their customers a heads-up that this was happening, or offered them an opportunity to opt out.
In court, the carriers tried to make the argument that your device location doesn’t count as “proprietary network information” that exists as part of the relationship between a customer and a carrier, which is covered by Section 222 of the Communications Act, and that the law only applies to call-specific data instead. The appeals courts disagreed, but because AT&T won its petition, the Supreme Court may have to wade into the issue, which runs the risk of diminishing the FCC’s ability to fine or punish companies for violating your privacy.
Airlines Sell 5 Billion Plane Ticket Records to the Government for Warrantless Searching
Before you come away from the last story with the idea that the government is taking the privacy rights of its citizens seriously, keep in mind that some agencies have different priorities. As part of a public records investigation by 404 Media, the outlet learned that airlines had a very lucrative program selling airline ticket records and itineraries to the government as part of a warrantless surveillance program. In short, if you’ve flown anywhere at all recently, your ticket data may have been sold to (or at least is available to purchase by) government agencies like the FBI, ICE, the IRS, the Secret Service, and others.
This is all possible because of a legal loophole that allows data brokers to sell information they’ve obtained to the government, but forbids airlines from doing it directly. So the airlines set up their own collectively-owned data broker that gets updated ticket sales and travel information every day to feed the database that the broker then sells access to. By creating a middleman, the airlines avoid accountability, and the government doesn’t have to obtain a warrant or prove that they need a person’s travel data for a justifiable reason; instead, they can just buy it. Even more damning, the broker has previously asked the government not to tell the public where they get the data from. According to 404 Media, there is a bipartisan bill in Congress to close this loophole, but it’s stalled in the Senate.
About Our Expert
Alan Henry
Managing Editor, Security
Experience
I’ve been writing and editing stories for almost two decades that help people use technology and productivity techniques to work better, live better, and protect their privacy and personal data. As managing editor of PCMag’s security team, it’s my responsibility to ensure that our product advice is evidence-based, lab-tested, and serves our readers.
I’ve been a technology journalist for close to 20 years, and I got my start freelancing here at PCMag before beginning a career that would lead me to become editor-in-chief of Lifehacker, a senior editor at The New York Times, and director of special projects at WIRED. I’m back at PCMag to lead our security team and renew my commitment to service journalism. I’m the author of Seen, Heard, and Paid: The New Work Rules for the Marginalized, a career and productivity book to help people of marginalized groups succeed in the workplace.
Security software, including encryption tools, VPNs, ad blockers, and other privacy apps
Personal productivity tools
Password managers
Headphones, DACs, and audio equipment
Monitors and GPUs
Gaming peripherals
Phones and tablets (with a focus on Android)
I’m writing this on a computer I built myself. It’s powered by an Intel Core i7 with 32GB of RAM, 2TB of storage, and a disturbingly anime-themed NVIDIA GeForce 3070 inside (look, it was on sale). It’s connected to a beautiful LG 34-inch ultrawide monitor on my left that I use for gaming (and spreadsheets) and an LG 27-inch 4K monitor in portrait mode on my right that I use for browsing, editing, and reading. Connect all of that to a Logitech Streamcam, an Elgato capture card, an Elgato Stream Deck, and an Elgato Wave:3 using the WaveLink software for mixing, and you might have figured out that I’m also a streamer.
When I’m not at my desk, I usually use a Microsoft Surface Laptop Studio, which is a little heavy for my tastes but incredible as a combination of laptop and tablet that I can use to work and game when I’m traveling. My IT-issued Lenovo Thinkpad is lovely and light, but it’s on standby should I need it. My current phone is a Pixel 6 Pro.
I used to be more of an Apple person. These days, I have an iPad Air for art and easy reading and an old MacBook Pro that used to be my daily driver before the Surface entered my life.
I use Firefox for browsing, and keep a cadre of privacy tools installed to minimize my data footprint. I use Proton products both for VPN and secure email, and I trust Bitdefender and MalwareBytes to keep my data safe from harm.
A handful of Sonos speakers power the audio around my home when I’m not wearing headphones. Speaking of which, I have a collection of both wired and wireless headphones, but my daily wear is a set of Sennheiser HD6XXs that I adore. On the go, I resort to a pair of Beats Studio Buds for the true wireless experience (with a set of Comply eartips, for comfort).
If you’re a gamer, ask me about my relationship with Destiny 2.
This article was published by WTVG on 2025-09-19 11:26:00
View Original Post
