As the 2024 US presidential election approaches, cyber threats from state-backed actors are intensifying. Among these actors is Iran’s APT42, a hacker group linked to Iran’s Islamic Revolutionary Guard Corps, which has targeted individuals connected to the campaigns of Donald Trump and Joe Biden (currently Kamala Harris).
Google’s Threat Analysis Group revealed that these attacks are aimed at undermining the integrity of the election, highlighting the continued vulnerability of political campaigns to international cyber espionage.
In the private sector, a major data breach at National Public Data, a background-check company, has raised serious concerns. Months after the breach occurred, the company only recently admitted to it after nearly 3 billion records were leaked online.
The data includes highly sensitive personal information from individuals in the US, UK, and Canada. The situation remains fluid, with ongoing analysis revealing the complexity and potential risks associated with the breach.
Meanwhile, cybersecurity vulnerabilities are being discovered in unconventional areas. Researchers found that Shimano’s Di2 wireless bicycle shifters can be manipulated remotely to disrupt cyclists, and electronic lockers used in gyms and offices are vulnerable to hacks that could give criminals access to all lockers in a location.
These findings illustrate the expanding scope of cybersecurity issues beyond traditional computing devices, affecting areas like personal safety and security in everyday life.
Google is also facing scrutiny for a significant vulnerability in its Pixel phones, caused by an unpatched flaw in a hidden Android app called Showcase.apk. This flaw potentially allows attackers to gain deep access to devices, either through physical contact or by exploiting other vulnerabilities.
Google plans to address the issue soon, but the delay has sparked criticism, particularly from Palantir, a US military contractor, which has decided to stop using Android devices due to perceived inaction from Google.
Lastly, broader legal battles over privacy and cybersecurity are unfolding. A US federal court ruled that geofence warrants, which allow police to obtain data from devices in a particular location, are unconstitutional. Despite this ruling, law enforcement agencies still have ways to access data without warrants.
Additionally, T-Mobile was fined $60 million for mishandling sensitive data, and New Zealand approved the US’s extradition request for Kim Dotcom, pushing forward his decade-long legal battle. On another front, San Francisco has taken legal action against deepfake pornography websites, aiming to curb the growing problem of AI-generated sexual abuse content.