A former engineer at Apple, Xiaolang Zhang, finds himself on the wrong side of the law, having been handed a six-month prison sentence for his role in pilfering secrets from the tech giant’s vaults. This unfolds as Zhang admits to swiping details on the development of Apple’s self-driving vehicle project, an endeavour that people have been talking about for years.

The fine includes a hefty sum of $146,984 as well

Zhang’s journey from trusted employee to convicted felon began with his arrest at San Jose International Airport in 2018, moments before he could escape to China. Initially, he fought the charges, pleading not guilty. However, in a dramatic turn of events in 2022, Zhang confessed to the theft of trade secrets, leading to his current predicament. Beyond his prison term, Zhang faces a three-year leash of supervised release and a hefty restitution bill of $146,984.

His tenure at Apple was marked by his involvement in Project Titan, Apple’s mysterious and much-discussed foray into autonomous vehicles. According to allegations, Zhang’s acts of espionage included transferring a detailed 25-page document with engineering blueprints to personal devices and pilfering hardware, illustrating a breach of trust as profound as it was audacious.

Following a paternity leave and a trip to China, Zhang resigned, revealing plans to join XPeng Motors, a move that raised eyebrows given the company’s competing interests in autonomous driving. This revelation set off alarm bells, leading to an investigation that caught Zhang red-handed, engaging in activities that betrayed confidence.

RELATED:

• Apple wins lawsuit over executive compensation for Tim Cook and others.
• Apple Sells The Most Smartphones In 2023 With Seven iPhone Models, Only Three Samsung Phones In The List
• Get Redmi K70 Pro for discounted price of $499
• OnePlus partners with Pixelworks to Elevate Mobile Gaming Experience on the OnePlus 12

(Via)

The post Former Apple Engineer Sentenced for Stealing Self-Driving Car Secrets appeared first on Gizmochina.

Recent developments have brought to light the hacking of WebDetetive, a Portuguese-language spyware company that has been infecting Android phones in South America, primarily in Brazil. Interestingly, the company itself fell victim to hackers, who exploited multiple vulnerabilities to gain access to WebDetetive’s servers and user databases.

At the time of the breach, over 76000 devices had been compromised.

Notably, the unnamed hackers took the unprecedented step of not only downloading all the data but also severing the spyware’s network connection to victim devices. The group justified their actions saying, “Which we definitely did. Because we could. Because #fuckstalkerware.”

A data dump of 1.5 gigabytes, now in the hands of nonprofit DDoSecrets, revealed the extent of WebDetetive’s reach. At the time of the breach, 76,794 devices had been compromised, and the data included 74,336 unique customer email addresses.

Though it’s too early to determine the true identity of the hackers, or to confirm whether they’ve been successful in disconnecting the victim devices, their approach offers an intriguing counter-narrative. Normally cast as villains, these hackers instead appear as digital vigilantes, delivering poetic justice by using their skills to disable a network that invades people’s privacy.

However, the story takes a deeper twist. WebDetetive’s roots are linked to OwnSpy, another notorious spyware app developed in Spain. While the administrators of WebDetetive remain anonymous, the connection to OwnSpy suggests a broader ecosystem for these nefarious activities.

Spyware companies like WebDetetive and OwnSpy exist in a murky legal environment, their coding often as questionable as their ethics. With this incident, questions around the “security” of these security companies are re-ignited. How can entities, notorious for their invasive capabilities, protect their own networks when they are this easily compromised?

While the hackers’ actions raise legal and ethical questions, they also throw a spotlight on the fragility of spyware infrastructures. Ironically, the hackers’ breach could serve as a wake-up call to users and potentially even law enforcement. But for now, it provides a touch of poetic justice in a domain often void of accountability.

RELATED:

• OnePlus 8T and OnePlus 10T receiving August 2023 Security Patch update
• OnePlus Nord 2 receives August Android Security patch in India
• Best 10 8K TVs in 2023 – LG, Samsung, Hisense, & More

(Via)

The post Hackers Turn Vigilantes – A Breach of WebDetetive Gives Poetic Justice appeared first on Gizmochina.

In a shocking revelation, renowned security company Wordfence has recently uncovered a critical zero-day vulnerability in the widely used “user login system” plug-in, Ultimate Member, on the WordPress blogging platform. This vulnerability allows hackers to exploit their accounts and gain elevated administrative rights, effectively granting them full control over targeted websites.

200,000 websites have used the plugin until now

The security flaw, identified as CVE-2023-3460, has been assigned a risk score of 9.8, indicating its severity. Through this vulnerability, cybercriminals can circumvent the plug-in’s built-in security measures, enabling them to manipulate the wp_capabilities configuration data of user accounts. By setting up their own accounts as administrators, hackers can assume complete control of compromised websites.

The plug-in’s developer has responded swiftly to address the issue. On June 26, they released Ultimate Member version 2.6.3, which provided partial mitigation against the vulnerability. Subsequently, on July 1, version 2.6.7 was released, offering a complete fix for the security flaw.

Disturbingly, it has come to light that over 200,000 WordPress websites have incorporated the Ultimate Member plug-in. Given the high number of installations and the potential delay in updating the plug-in due to inadequate information dissemination, these websites remain exceptionally vulnerable to exploitation by malicious actors.

Web administrators and website owners are strongly advised to take immediate action by updating their Ultimate Member plug-in to the latest version, 2.6.7, to safeguard their websites against potential attacks. Additionally, it is crucial to remain vigilant and monitor any suspicious activity or unauthorized access attempts.

Experts emphasize the significance of promptly addressing software vulnerabilities and staying up-to-date with the latest security patches. Regularly updating plug-ins and software is an essential practice that ensures website integrity and safeguards against emerging cyber threats.

RELATED:

• Twitter’s API Shutdown Causes Chaos for Developers
• Xiaomi leads in phone sales during this year’s 11.11 shopping festival, Apple in second
• Best Ultra Budget Smartphones of 2023

(Via)

The post Zero-Day Vulnerability in Popular WordPress Plug-In Puts Thousands of Websites at Risk appeared first on Gizmochina.