Apple and Meta gave user data to hackers posing as police

Ipsa Scientia potestas est“, the 16th-century philosopher and statesman Sir Frances Bacon wrote in his 1597 work, Meditationes Sacrae. Knowledge itself is power. The aphorism, as cliché as it can be, is a palpable truth in times of war.

Just ask the people of Mariupol, a city in southeastern Ukraine, where The devastating Russian attacks cut off the flow of information in and out of the city. Meanwhile, in Russia, the government has Facebook and Instagram are banned in the context of it suppressing news without a seal of state approval. But as we explained this week, building a full Chinese-style splinternet is much more difficult than the Kremlin might want to admit.

We discovered more of the power of information — and the power to keep it secret — this week by watching a new idea to create digital cash in the US—No, not Bitcoin or any other cryptocurrency. The actual digital currency, importantly, has the same built-in privacy as the bills in your actual wallet. We also dive into the pitfalls of knowing where your kids and other loved ones are at any time through the use of tracking apps, you should probably stop using. And after last week’s approval of Digital Markets Act In Europe, we hard business parsing forcing encrypted messaging apps to work togetheras required by law.

To round things up, we did a thorough investigation of some leaked internal documents that sheds new light on the $Lapsus blackmail gang Okta hack. And we looked at how researchers used a decommissioned satellite to broadcast hacker’s TV.

But that’s not all, guys. Read on below for the rest of the week’s top security stories.

In one of the innovative attempts we’ve seen recently, hackers tricked Apple and Meta into handing over sensitive user data, including names, phone numbers, and IP addresses, according to Bloomberg. report. The hackers did so by exploiting so-called emergency data requests (EDRs), which police use to access data when someone might be in immediate danger, such as a The child is kidnapped and does not need the judge’s signature. Civil liberties watchdogs have long criticized the EDR as ripe for abuse by law enforcement, but this is the first time we’ve heard of hackers using a data security vulnerability. data to steal people’s data.

According to the security journalist Brian Krebs, the hackers gained access to the police system to send fraudulent EDRs, because of the urgent nature, the alleged tech companies are difficult to verify. (Apple and Meta both told Bloomberg that they have systems in place to authenticate requests from police.) Adding another layer to the story: Some of the hackers involved in these scams then include: part of the Lapsus$ group, both Bloomberg and Krebs reported. is in the news again this week for completely different reasons.

Following the arrest and release of seven youths in the United Kingdom last week in relation to chain of famous Lapsus$ hacks and blackmail attemptsCity of London Police announced on Friday that it charged two teenagers, one 16 and one 17, in connection with gang crimes. Each teen faces three counts of unauthorized access to a computer and one count of fraud. The 16-year-old also faces “one count of causing a computer to perform a security function to gain unauthorized access to a program,” police said. Because of strict privacy regulations in the UK, the teenagers have not been named publicly.

While it has been reported that Russia has not used its hacking capabilities as part of its gratuitous war against Ukraine, there is growing evidence that this is not the case. First, Viasat release new details about hacked into its network at the start of Russia’s war against Ukraine in late February, this knocked out some Ukrainian military contacts and tens of thousands of people across Europe. Viasat also confirmed one analysis by SentinelLabs, discovered that the attackers used a modem wipe malware called AcidRain. That malware, the researchers found, may have “developmental similarities” with another malware, VPNFilter, which US national intelligence has linked to the GRU hacker group of Russia. Sandworms.

Then come The most important cyber attack since Russia started the war. Special communication service of the State of Ukraine announced on Monday that state-owned internet provider Ukrtelecom suffered a “robust” cyber attack on its core infrastructure. While the SSSC said Ukrtelecom was able to resist the attack and initiate the recovery, internet monitoring service NetBlock say on Twitter that it saw a nationwide “collapse of connectivity”.

Internet-connected cameras “Wyze Cam” have been exposed for nearly three years, thanks to a vulnerability that could have allowed attackers to remotely access videos and other images stored on the device’s memory card. Such vulnerabilities are, unfortunately, not unusual in internet-connected devices, including IP cameras. However, the situation is particularly important because researchers from Romanian security firm Bitdefender have Attempts to disclose vulnerabilities to Wyze and asked the company to release patches as of March 2019. It’s not clear why the researchers didn’t make the findings public sooner, as is the standard in vulnerability disclosure after three months, to call for more attention to the situation. Wyze released patches for this vulnerability on January 29 for its V2 and V3 cameras. However, the company no longer supports the V1 camera, which is also vulnerable. The bug can be exploited remotely, but not directly on the open Internet. Attackers need to first penetrate the local network the camera is using before targeting the Wyze vulnerability itself.

Stories with WIRED are more amazing

Source link


News5h: Update the world's latest breaking news online of the day, breaking news, politics, society today, international mainstream news .Updated news 24/7: Entertainment, the World everyday world. Hot news, images, video clips that are updated quickly and reliably

Related Articles

Back to top button