Apple may owe you $20 in Siri privacy lawsuit

It might be a new year, but hacks, fraudsand dangerous people lurkers online haven’t gone anywhere.

Just a day before the ball drops, The United States Treasury Department said it had been hacked. Officials believe the attackers are an as-yet-unidentified Advanced Persistent Threat group linked to the Chinese government, which used vulnerabilities in remote technical support software created by BeyondTrust to carry out what the Treasury Department described as a “major” breach . The company told the Treasury Department on Dec. 8 that the attackers stole an authentication key that ultimately allowed them access to the department’s computers. While the Treasury Department says the attackers were only able to steal “certain unclassified documents,” new details have already begun to emerge, which we’ll explore further below.

before the killing of UnitedHealthcare CEO Brian Thompson last monthgun silencers have mostly been something you’ve seen in Hollywood movies — or in Facebook and Instagram ads if you look closely. WIRED found that someone was on the run thousands of ads for “fuel filters” that are actually meant to be used as gun silencerswhich are heavily regulated by US law. Meta, which owns Facebook and Instagram, has since removed many of the ads, but new ones continue to appear. So if you see one, keep scrolling – owning an unregistered silencer can lead to felony charges.

When a targeted Amber Alert pops up on your phone, getting all the information you need to help find an abducted child can literally be a matter of life and death. That’s a lesson the California Highway Patrol learned this week when send an amber alert that links to a post on X that people can’t access unless they’re signed in. Although the CHP says it has links to social media posts from 2018. with no issues until this week, a spokesperson tells WIRED that they are now “looking into it.”

If you’ve added better privacy and security practices to your list of 2025 goals, an easy place to start is your old chats. You might be surprised how much sensitive information is out there, perhaps forgotten but definitely not gone.

That’s not all Every week we round up security and privacy news that we haven’t covered in depth. Click on the headlines to read the full stories. And stay safe out there.

This week, Apple agreed to pay $95 million to settle a class-action lawsuit over the alleged wiretapping of its Siri voice assistant. the case Lopez et al v. Apple Inc.accused Apple of recording people’s conversations without their knowledge and sharing that data with third parties to serve ads. The problem stems from Siri’s voice-activated feature — “Hey Siri” — that two plaintiffs say secretly intercepted conversations that led to ads for Nike and Olive Garden shoes. One claimant alleged that he was served with an advertisement for medical treatment after speaking with his doctor. People who qualify as part of the class covered by the settlement, which must be approved by a federal judge in California, can receive up to $20 per device for up to five devices. As Reuters points out, the settlement amount is roughly nine hours of profit for Apple, which made nearly $94 billion in the last fiscal year. The company will not admit any wrongdoing as part of the settlement.

Recently unsealed court documents revealed that the FBI allegedly discovered during a search of an illegal firearm “the largest seizure of improvised explosive devices in the history of the FBI.” According to court records, the explosives arsenal was discovered at Brad Spafford’s home in Virginia, where investigators allegedly found more than 150 pipe bombs and other explosive devices. Prosecutors say the FBI found a backpack containing pipe bombs and emblazoned with a grenade-shaped sticker with the hashtag #NoLivesMatter — a potential reference to a far-right extremist “accelerator” group, The New York Times reports. While prosecutors say Spafford, who allegedly used a photo of US President Joe Biden for target practice, aimed to “retrieve political killings”, his lawyer said he was a harmless “family man”. , which should be released

Following revelations earlier this week that Chinese state-backed hackers penetrated the US Treasury Department in early December, the Washington Post reported on Wednesday that the hackers specifically targeted the Office of Foreign Assets Control. The attackers may have sought information about the Office’s possible plans to sanction Chinese entities. Also, Bloomberg reported on Thursday that the attackers targeted the computers of senior Treasury officials, where they accessed unclassified material. So far, investigators have identified about 100 computers compromised by the hackers. Sources told Bloomberg, however, that the attack appears to have been a crime of opportunity rather than a covert, long-planned operation like China’s recent intrusion into US telecommunications companies.

As the hacking of China’s Ministry of Finance comes into focus, the impact of its penetration of US telecommunications firms is still widening. Two days after Christmas, Anne Neuberger, the White House deputy national security adviser for cyber and emerging technologies, held a briefing with reporters in which she raised the number of telecoms breached by the Chinese hackers known as Salt Typhoon from eight to nine and suggested , that at least some of the blame for these breaches lies with the companies’ own inadequate security. “The reality is that from what we see in terms of the level of cyber security implemented in the telecommunications sector, these networks are not as secure as they need to be to defend against a well-funded, capable offensive cyber actor like China.” Neuberger said. She added that the hackers attacked the communication histories of fewer than 100 people — mostly in Washington, including President-elect Donald Trump and Vice President-elect JD Vance. Neuberger said the spying incident calls for new Federal Communications Commission cybersecurity regulations, which she said could limit the scope of the violations, if they were in place.

Cars collect and transmit as much sensitive location data as any modern digital device, and the privacy pitfalls of all this tracking are becoming all too clear. Case in point: A whistleblower alerted Germany’s Chaos Computer Club and the country’s news bulletin Der Spiegel that Cariad, a subsidiary of Volkswagen, had left exposed online a data set of the location of 800,000 electric vehicles. The leak includes cars sold not only by Volkswagen, but also by other brands including Seats, Audi and Skoda. For Audis and Skodas, this location data was only accurate to about six miles, but Volkswagens and Seats could be located to within about four inches. The exposed data has since been secured, but the incident still shows how far automakers have to go to curb data collection.