Since then Elon Musk spends $44 billion on Twitter and lay off a large percentage of the company’s employeeshad concerns about data breaches. Now, it looks like a security incident that preceded Musk’s takeover is causing many headaches. This week, it emerged that hackers released a repository of 200 million email addresses and their links to Twitter processinglikely collected between June 2021 and January 2022. Selling the data could put anonymous Twitter accounts at risk and expose the company to additional regulatory scrutiny.
WhatsApp has launched a new anti-censorship tool that it hopes will help people in Iran avoid government-enforced blocks on the messaging platform. The company has created conditions for everyone use proxy to access WhatsApp and avoid government filtering. This tool is available globally. We have also Explain what is a pig slaughter scam and how to avoid falling into their trap.
Also this week, cybersecurity firm Mandiant revealed that it has seen Russian cyber espionage group Turla uses innovative new hacking tactics in Ukraine. This group, believed to be affiliated with the FSB intelligence agency, was found to be taking advantage of the dormant USB infection of other hacker groups. Turla registered the expired domains of the years old malware and managed to take over its command and control servers.
We also reported on the ongoing aftermath of the EncroChat hack. In June 2020, police across Europe revealed that they had breached the encrypted EncroChat phone network and collected more than 100 million messages from users, many of which were potentially criminal. serious offense. Now, thousands of people have been jailed based on intelligence gathered, but the arrest is raising questions around Law enforcement hacking and the future of encrypted phone networks.
But that’s not all. Each week, we compile security stories that we don’t cover in depth ourselves. Click on the title to read the full story. And stay safe out there.
On December 31, as millions prepare for the start of 2023, Slack posted a new security update on its blog. In the post, the company said it discovered “a security issue related to unauthorized access to a subset of Slack’s code repositories.” Starting December 27, it discovered that an unknown threat actor had stolen Slack employee tokens and used them to access an external GitHub repository and download some code. of the company.
“When notified of the incident, we immediately invalidated the stolen tokens and began investigating the potential impact on our customers,” the Slack disclosure added. The attacker doesn’t access customer data, and Slack users don’t need to do anything.
This incident is similar to the December 21 security incident disclosed by the authentication company Okta, as a cybersecurity journalist Notes Catalin Cimpanu. Right before Christmas, Okta revealed its code repository has been accessed and copied.
Slack quickly discovered the incident and reported it. However, as discovered by Computer is sleeping, Slack’s Privacy Disclosure doesn’t appear on its usual news blog. And in some parts of the world, the company has included code to prevent search engines from including it in their results. In August 2022, Slack forces a password reset after one bug exposed hashed passwords for five years.
A black man in Georgia has been in jail for nearly a week after police reported relying on inaccurate facial recognition results. Police in Louisiana used the technology to obtain an arrest warrant for Randal Reid in a theft they were investigating. “I have never been to Louisiana a day in my life. Then they told me it was for theft. So not only have I never been to Louisiana, but I haven’t stolen,” Reid told the local news site Nola.
The publication said a detective “used an algorithm at face value to secure an arrest warrant” and gave little information about police use of facial recognition technology in Louisiana. The names of any systems used have not been disclosed. However, this is only the latest case of facial recognition technology used in false arrests. While the police use facial recognition technology has quickly spread throughout the states of the United StatesResearch has repeatedly shown that it misidentifies people of color and women more often than white men.
On the first day of this year, Ukraine launched its deadliest missile attack on invading Russian troops to date. An attack on a temporary Russian barracks in Makiivka, in the Russian-occupied Donetsk region, killed 89 soldiers, the Russian Defense Ministry announced. Ukrainian officials said about 400 Russian soldiers were killed. Later, the Russian Ministry of Defense stated that the location of the troops had been determined because they were use mobile phones without permission.
During the war, both sides said that they were Can block and locate phone calls. Although the latest Russian statement should be handled with caution, the conflict has highlighted how Open source data can be used to target the military. Drones, satellite images and social media posts have been used to track down those on the front lines.
A new law in Louisiana requires porn sites to verify the age of visitors from the state to prove that they are over 18. The law states that age verification must be used when a website contains 33.3% or more pornographic content. In response to the law, PornHub, the world’s largest porn site, now offers everyone option to link their driver’s license or government ID through a third-party service to prove they are a legal adult. PornHub says it does not collect user data, but the move raises concerns about surveillance.
Around the world, countries are enacting laws that require porn site visitors to prove that they are old enough to view pornography. Lawmakers in Germany and France have threatened to block porn sites if they do not take measures. Meanwhile, in February 2022 Twitter starts blocking adult content creators in Germany because the age verification system was not implemented. The UK attempted to introduce similar age-testing measures between 2017 and 2019; however, the plans fell apart due to porn site admin confusion, design flaws, and data breach concerns.
The world of spies is, in essence, shrouded in secrecy. States deploy agents to countries to gather intelligence, recruit other assets, and influence events. But sometimes these spies get caught. Since Russia’s full-scale invasion of Ukraine in February 2022, many Russian spies across Europe have been identified and expelled from the countries. One new database from open source researcher @inteltakes has gathered known cases of Russian espionage in Europe since 2018. The database lists 41 exposed espionage entries and, if possible, details nationality, occupations and services for which they are employed.