This week’s security news: Fake cops scammed Apple and Meta to get user data

- Advertisement -


Ipsa scientia potestas estThe 16th-century philosopher and statesman Sir Francis Bacon famously wrote in his 1597 work: sacred meditations. Knowledge itself is power. This aphorism, cliche as it may be, finds tangible truth in times of war.

- Advertisement -

Just ask the residents of Mariupol, a city in southeastern Ukraine, where Devastating Russian attacks interrupted the flow of information in and out of the city.. Meanwhile in Russia the government banned from facebook and instagram amid news suppression without state approval. But as we explained this week, creating a full Chinese-style splinternet much more difficult than the Kremlin would like to admit.

- Advertisement -

This week we further explored the power of information and the ability to keep information secret by looking at a new idea for creating digital money in the USA— no, not Bitcoin or any other cryptocurrency. Real digital money that, most importantly, has the same built-in privacy as the bills in your real wallet. We’ve also delved into the pitfalls of knowing where your kids and other loved ones are at any given moment with tracking apps that you should probably stop using. And after last week’s approval Digital Markets Law in Europe we figured out the difficult task of getting encrypted messaging apps to work togetheras required by law.

To round things up, we got our gauntlets on some leaked internal documents who shed new light on the Lapsus$ ransomware gang Octa hack. And we watched as the explorers used decommissioned satellite to broadcast hack TV.

- Advertisement -

But that’s not all guys. Read the rest of the week’s top security stories below.

In one of the most creative ploys we’ve seen recently, the hackers tricked Apple and Meta into handing over sensitive user data, including names, phone numbers, and IP addresses, according to Bloomberg reports. reports. The hackers did this using so-called Emergency Data Requests (EDRs), which police use to access data when someone is potentially in immediate danger, such as a kidnapped child, and which do not require a judge’s signature. Civil liberties watchers have long criticized EDRs as ripe for law enforcement abuse, but this is the first time we’ve heard of hackers exploiting a data privacy loophole to steal people’s data.

According to a security journalist Brian Krebs, hackers gained access to police systems to send fraudulent EDRs that, due to their urgent nature, are allegedly difficult for tech companies to verify. (Both Apple and Meta told Bloomberg they have systems in place to screen police requests.) Adding another level to the saga: Some of the hackers involved in these scams were later part of the Lapsus$ group, Bloomberg and Krebs reported. which is back in the news this week for completely different reasons.

Following the arrest and release last week of seven young people in the UK linked to a series of high-profile Lapsus$ hacks and extortion attemptsCity of London Police announced on Friday, two teenagers, a 16-year-old and a 17-year-old, were charged in connection with the gang’s crimes. Each teenager is at risk of three episodes of unauthorized access to a computer and one episode of fraud. Police said the 16-year-old also faces “one charge of making a computer perform a function to protect unauthorized access to a program.” Due to strict privacy regulations in the UK, the teens’ names have not been made public.

Despite claims that Russia did not use its hacking power as part of its unprovoked war against Ukraine, mounting evidence shows that this is not true. First, Viasat new details released about attack on his network at the start of Russia’s war against Ukraine at the end of February, which disabled some Ukrainian military communications and tens of thousands of people across Europe. Viasat also confirmed en SentinelLabs analysis, which discovered that the attackers were using modem cleaning malware known as AcidRain. The malware, the researchers found, may have “evolved similarities” to another malware, VPNFilter, that US national intelligence has linked to the Russian GRU hacking group. sandworm.

Then came the biggest cyberattack since Russia started the war. State Service for Special Communications of Ukraine announced On Monday, state-owned Internet service provider Ukrtelecom suffered a “powerful” cyberattack on its core infrastructure. While the State Security Service said that Ukrtelecom was able to repel the attack and begin recovery, the NetBlock Internet monitoring service said on Twitter that he had witnessed a “disruption of communication” throughout the country.

Internet-connected Wyze Cams have been vulnerable for nearly three years due to a vulnerability that could allow attackers to remotely access videos and other images stored on devices’ memory cards. Such vulnerabilities, unfortunately, are not unusual for IoT devices, in particular for IP cameras. However, the situation was especially important because researchers from the Romanian security firm Bitdefender attempt to expose Wyze vulnerability and force the company to release a patch from March 2019. It is not clear why the researchers did not release the results earlier, as is customary for the disclosure of vulnerabilities after three months, in order to draw more attention to the situation. On January 29, Wyze released fixes for their V2 and V3 cameras. However, the company no longer supports its V1 camera, which is also vulnerable. The bug can be used remotely, but not directly on the open Internet. Attackers first need to compromise the local network where the camera resides before targeting the Wyze vulnerability itself.


More Great WIRED Stories

.


Credit: www.wired.com /

- Advertisement -

Stay on top - Get the daily news in your inbox

DMCA / Correction Notice

Recent Articles

Related Stories

Stay on top - Get the daily news in your inbox