Information Technology

23andMe / Elyse Betters Picaro / ZDNET23andMe’s interim CEO Joseph Selsavage recently told Congress that roughly 1.9 million customers (about 15% of its 15 million users) have asked to delete their genetic data amid the company’s Chapter 11 bankruptcy and subsequent sale approval to TTAM Research Institute.I was one of 23andMe’s early adopters. I wanted to trace my French and Ashkenazi Jewish roots, and in its early days, the service provided fascinating family-history insights. But after nearly two decades of growth — peaking at a $6 billion valuation in 2021 — 23andMe is a shell of its former self. Its pivot to drug research and development failed to gain traction, and a major October 2023 data breach torpedoed any remaining customer trust, driving the company to lose over 99% of its value by 2024. Also: A drug developer is buying 23andMe – what does that mean for your DNA data?Now, with millions of genetic profiles, including mine, caught in bankruptcy limbo, there have been worries about who will control this vast trove of sensitive DNA data. California’s attorney general has even urged customers to delete their records, pointing out that, unlike medical information protected under HIPAA, direct-to-consumer genomic data lacks strong federal privacy safeguards. It didn’t help that, for a little while, there was a potential looming sale of 23andMe to pharmaceutical maker Regeneron.However, on June 30, a US bankruptcy judge approved the $305 million sale of 23andMe’s data assets to TTAM Research Institute — a nonprofit led by 23andMe co-founder Anne Wojcicki. The institute has promised to improve privacy policies and to continue to allow customers to delete their data. A small group of states (California, Kentucky, Tennessee, Texas, and Utah) remain opposed and have until July 7 to seek a stay to appeal the order. If you’re still uneasy about your genetic information falling into the wrong hands, or being tied indefinitely to pharmaceutical research you didn’t explicitly authorize, you still have the power to delete it. Here’s how. How to delete your 23andMe data What you’ll need: A 23andMe account and the ability to access your account either from a PC or a mobile device. More

Kyle Kucharski/ZDNETGoogle has patched yet another critical security bug in Chrome, which means all of you who use the browser should update it ASAP. On Monday, the company revealed a high-severity vulnerability that could allow a remote attacker to run malicious code on your system.In its release notes for the latest version of Chrome, Google pointed to the security flaw tagged as CVE-2025-6554. The NIST page on this one describes it as: “Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page.”Also: This Google Chrome update could change the fundamentals of browsing – here’s who gets to try it firstV8 is an open-source JavaScript and WebAssembly engine that Google uses in Chrome. Here, a programming problem in the code could give a remote attacker the means to create a malicious web page designed to steal data, install malware, or take over your system. The vulnerability has already been exploited in the wild, which means the bad guys are onto it and have used it to target unsuspecting Chrome users.This particular bug was discovered by Clément Lecigne of Google’s Threat Analysis Group on June 25. To assist with its bug-hunting efforts, Google’s researchers typically turn to such tools as AddressSanitizer, MemorySanitizer, UndefinedBehaviorSanitizer, Control Flow Integrity, libFuzzer, and AFL.Thankfully, Google has rolled out a fix for this flaw with the latest versions of the browser, specifically version 138.0.7204.96/.97 for Windows, 138.0.7204.92/.93 for the Mac, and 138.0.7204.92 for Linux.How to update ChromeTo update Chrome, open the browser, click the three-dot icon at the top, move to Help, and select About Chrome. The program will automatically download and install the latest update. Relaunch Chrome, and you’ll be fully protected, at least until the next critical vulnerability rolls around. More

Kerry Wan/ZDNETDid you know that whenever you turn on your smart TV, you invite an unseen guest to watch it with you? These days, most popular TV models utilize automatic content recognition (ACR), a form of ad surveillance technology that gathers information about everything you watch and transmits it to a centralized database. Manufacturers then use your data to identify your viewing preferences, enabling them to deliver highly targeted ads.Also: Your TV’s USB port is seriously underutilized: 5 features you’re not taking advantage ofWhat’s the incentive behind this invasive technology? According to market research firm eMarketer, in 2022, advertisers spent an estimated $18.6 billion on smart TV ads, and those numbers are only going up.To understand how ACR works, imagine a constant, real-time Shazam-like service running in the background while your TV is on. It identifies content displayed on your screen, including programs from cable TV boxes, streaming services, or gaming consoles. ACR does this by capturing continuous screenshots and cross-referencing them with a vast database of media content and advertisements. More

AT&T SIM swapping is a popular type of fraud in which someone transfers your mobile number to a SIM in their own device. By intercepting any messages or phone calls sent to you, they’re able to access your two-factor authentication codes and other sensitive information. Now, AT&T is offering customers a way to combat this […] More

Jarmo Piironen/Getty Images Until now, the Trump administration’s tax bill — also called its “big, beautiful bill,” which passed in the Senate on Tuesday — included a rule that would prevent states from enforcing their own AI legislation for five years, and would withhold up to $500 million in funding for AI infrastructure if states […] More

ZDNETThose of you who use Microsoft Authenticator as a password manager will have to find another option, and soon. That’s because an upcoming change will pull the plug on the ability to use the Authenticator app to store and autofill passwords.In a recent support document, Microsoft revealed the timeline for Authenticator’s retirement as a password manager. Starting in June, you’ll no longer be able to add or import new passwords in the app, though you’ll still be able to save passwords through the autofill option. Beginning in July, you’ll no longer be able to autofill passwords with Authenticator. Come August, any passwords you’ve saved in the app will no longer be accessible.Also: 10 passkey survival tips: Prepare for your passwordless future nowMicrosoft Authenticator isn’t going away. You’ll still be able to use it for its primary purpose, namely to generate and display multi-factor authentication codes for logging in to secure websites. But its sideline as a password manager will come to an end.OK, but what should you do if you’ve been saving and using passwords in the app?Microsoft offers a few suggestions. Your stored passwords are synced to your Microsoft account, which means you can still use them elsewhere. For that, you can turn to Microsoft Edge. In its support document, the company explains how to use Edge to autofill saved passwords. At the same time, you can use this opportunity to review your saved passwords to remove any you no longer need or want. More

Brother / Elyse Betters Picaro / ZDNETHundreds of Brother printer models have been found to harbor a serious security flaw that can’t be fully patched on existing devices. First noticed by Rapid7 in May and publicly disclosed on June 25, this unpatchable vulnerability lets an attacker who knows — or can find out — your printer’s serial number generate its default administrator password.Also: Patch your Windows PC now before bootkit malware takes it over – here’s howYes, the same password that’s set in the factory and that many of us never change. But the “good” news is you can still protect yourself by changing that default password today. What happened and how bad is it? Rapid7’s zero-day research has revealed eight security holes across 689 Brother printer, scanner, and label-maker models — and an additional 59 devices from Fujifilm, Toshiba Tec, Ricoh, and Konica Minolta. Of those eight flaws, seven can be fully patched with firmware updates. But the big one — CVE-2024-51978 — can’t be fixed on any device already sitting in your home or office. CVE-2024-51978 carries a CVSS score of 9.8 “Critical” severity. Once an attacker knows a device’s serial number, they can reconstruct the password, log in with full privileges, and launch all sorts of nastiness. Also: Is your Asus router part of a botnet? How to check – and what you can doAccording to a detailed technical analysis by Rapid7, Brother uses a password generation algorithm during manufacturing that is easily reversible. An attacker who leaks your serial number (for example via CVE-2024-51977) can reverse this process, recover your factory password, and log in with full privileges — allowing them to reconfigure the device, access scans and address books, trigger remote code execution (CVE-2024-51979), or steal external-service credentials (CVE-2024-51984). How many devices are susceptible? In total, 748 devices across five vendors are affected by at least one of the eight vulnerabilities. Beyond Brother’s 689 models, there are: 46 Fujifilm Business Innovation printers5 Ricoh printers2 Toshiba Tec devices6 Konica Minolta modelsAlso: The best online photo printing services: Expert tested and reviewedNot every flaw impacts every printer. For instance, only 695 models are vulnerable to the default-password bug, and around 208 models can be crashed remotely via the Denial-of-Service flaws (CVE-2024-51982 and CVE-2024-51983). How to tell if your printer is affected If you own a Brother printer, you can check to see if your model is affected on this Brother support page (PDF). What’s been fixed? Brother has released firmware updates that patch seven of the eight vulnerabilities: You can download these updates from Brother’s support pages (under Printers, Scanners, or Label Printers). Fujifilm, Ricoh, Toshiba, and Konica Minolta have similarly published advisories and firmware for their affected models. More

ANDREY DENISYUK/Getty The Trump administration’s tax bill — also called its “big, beautiful bill,” which is facing a vote today — includes a rule that would prevent states from enforcing their own AI legislation for five years, and would withhold up to $500 million in funding for AI infrastructure if states don’t comply.  Over the […] More