zackwhittaker

zackwhittaker, 1 month ago to random

Wow, Elon Musk must be desperate if he's re-adding blue checks to people like me who have long left the hellsite formerly known as Twitter. No, I'm not going back. Instead, I will continue my lifelong streak of not giving Musk a single penny of my money.

zackwhittaker, 1 month ago to random

New, by me: U.S. police departments are increasingly relying on a controversial surveillance practice to demand large amounts of users’ data from tech companies.

'Reverse' searches cast a digital dragnet over a tech company’s store of user data to catch the information that police are looking for — like location data or search terms.

Now, the feds are already pushing this controversial practice further by demanding to know who watched certain YouTube videos.

More: https://techcrunch.com/2024/04/02/reverse-searches-police-tap-tech-companies-private-data/

zackwhittaker, 1 month ago to random

Currently reading an advanced copy of @josephcox's new book, DARK WIRE, the absolutely wild inside story of how the FBI carried out the largest wiretap operation ever. Painstakingly reported, incredibly written, and it's already one of my favorite books of the year so far and I'm only half-way through.

Preorders here: https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691/#preorder

zackwhittaker, 1 month ago to random

A new edition of ~ this week in security ~ is now out:

• UK, US slap China's APT31 with sanctions
• AT&T resets millions of customer passcodes
• Backdoor found in xz Linux utility
• UnitedHealth says it's 'obtained' stolen data, analysis ongoing
• 'MFA bombing' attack targets Apple users
• How Facebook snooped on Snapchat encrypted user traffic
• A two-for-one cybercat special

Sign up/RSS: https://this.weekinsecurity.com

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-march-31-2024-edition

Donate/support: https://ko-fi.com/thisweekinsecurity

zackwhittaker, 1 month ago to random

More: Security researcher Sam “Chick3nman” Croley told TechCrunch how he figured out that the encrypted records in the 73 million AT&T leaked data set were customer account passcodes.

Croley said it was not necessary to crack the encryption cipher to unscramble the passcode data, but that the encrypted passcodes could be unscrambled based on surrounding information in the leaked data set.

More: https://techcrunch.com/2024/03/30/att-reset-account-passcodes-customer-data/

zackwhittaker, 1 month ago to random

Breaking: AT&T has reset millions of customer account passcodes after a huge cache of data containing AT&T customer records was dumped online earlier this month, TechCrunch has exclusively learned.

A security researcher who analyzed the leaked data told TechCrunch that the encrypted account passcodes are easy to decipher. TechCrunch held the publication of this story until AT&T could reset customer account passcodes.

More: https://techcrunch.com/2024/03/30/att-reset-account-passcodes-customer-data/

zackwhittaker, 1 month ago to random

The U.S. government said it is extending its reward seeking information on key leadership of the ALPHV/BlackCat cybercrime gang to its affiliate members, one of which last month took credit for a massive ransomware attack on a U.S. health tech giant.

More: https://techcrunch.com/2024/03/28/state-department-10-million-change-healthcare-hackers/

cfarivar, 2 months ago to random

TIL: the Québecois French word for "deepfake" is "l'hypertrucage." ("hyper-tricking")

AJA: le mot québecois pour "deepfake," c'est "l'hypertrucage."

https://blogue.soquij.qc.ca/2023/05/17/r-c-larouche-sommes-nous-dans-une-nouvelle-ere-de-cybercriminalite-hypertrucage/

zackwhittaker, 2 months ago to random

New, by me: The U.K. government has blamed China for a 2021 massive data breach of U.K. voter data.

U.K. said China state-backed hackers took the names and addresses of an estimated 40 million U.K. citizens in the cyberattack.

More: https://techcrunch.com/2024/03/25/uk-government-electoral-breach-voter-data-china/

zackwhittaker, 2 months ago to random

I'm blaming all of this week's newsletter typos on my cat, Theo, who is not the best editor.

https://this.weekinsecurity.com

zackwhittaker, 2 months ago to random

It's late because it's a busy ~ this week in security ~ with:

• Popular hotel keycard locks hacked
• Paladin invested in U.S. exploit maker
• House passes data privacy bill
• Lawmakers investigate Change Healthcare hack
• Glassdoor stuns users by adding real names to profiles
• New AcidRain malware targeting Ukraine ISPs
• Cyber cat, obviously, and more

Sign up/RSS: https://this.weekinsecurity.com

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-march-24-2024-edition

Donate/support: https://ko-fi.com/thisweekinsecurity

zackwhittaker, 2 months ago to random

New, by me: An alleged data breach of 73 million AT&T customer records posted online in full this week looks increasingly authentic.

The dataset, which first emerged in 2021, includes names, home addresses, phone numbers, Social Security numbers, and dates of birth.

But AT&T still hasn’t said how its customers’ data spilled online.

More: https://techcrunch.com/2024/03/22/att-customers-data-leak-online/

zackwhittaker, 2 months ago to random

This is a wild story by @lorenzofb.

The White House this week praised Paladin Capital Group and other investors for pledging not to invest in spyware companies, or startups that "undermine free and fair societies."

But Paladin previously invested in Boldend, a U.S.-based malware maker, which at one point developed a remote access exploit targeting WhatsApp that "got burned by an update," according to a leaked document we've seen.

More: https://techcrunch.com/2024/03/22/us-cyber-investors-pledge-spyware-is-off-limits-with-a-catch

zackwhittaker, 2 months ago to random

As of today, I block just one account on Mastodon.

zackwhittaker, 2 months ago to random

Always thankful for the second pair of eyes.

zackwhittaker, 2 months ago to random

New: Users of the popular site Glassdoor, which lets anyone anonymously sign up to review companies they have worked for, say Glassdoor collected and added their names and other data to their user profiles without their consent.

I spoke with a couple of Glassdoor users who experienced this. One person said Glassdoor took it from an email she sent to customer support. Another said he didn't know how Glassdoor got his information.

More: https://techcrunch.com/2024/03/20/glassdoor-added-real-names-profiles-without-consent/

zackwhittaker, 2 months ago to random

Proof that warrant canaries are still serving their purpose.

The Ethereum Foundation said in a GitHub commit that it had removed the warrant canary after it "received a voluntary enquiry from a state authority that included a requirement for confidentiality."

Here it is: https://github.com/ethereum/ethereum-foundation-website/commit/769b30603504b4b5e8f601f8014691a8d1821390

zackwhittaker, 2 months ago to random

New, by me: Mintlify says dozens of customer GitHub tokens were stolen in a recent cyberattack.

Mintlify allows developers to create documentation for their software and source code by tapping directly into the customer's GitHub source code repositories.

More: https://techcrunch.com/2024/03/18/mintlify-customer-github-tokens-data-breach/

zackwhittaker, 2 months ago (edited 2 months ago) to random

New, by me: Tech giant Fujitsu said it was hacked, and warned of a possible data breach involving "personal information and customer information."

Fujitsu is one of the world's biggest contractors for government tech. The company recently faced renewed furore over its role in the wrongful convictions of hundreds of U.K. postal workers accused of bad accounting and thefts, which were later attributed to bugs in Fujitsu's software.

More: https://techcrunch.com/2024/03/18/fujitsu-tech-giant-hacked-customer-data-breach/

zackwhittaker, 2 months ago to random

A new ~ this week in security ~ newsletter just went out:

•​​ Auto giants sharing driving data with insurance
•​​ Nevada's anti-encryption efforts
•​​ U.S. investigating Change breach
•​​ Backdoor codes for popular safes
•​​ U.S. spy chiefs testify to Congress
•​​ A brand new cyber-cat, and more.

Sign up/RSS: https://this.weekinsecurity.com

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-march-17-2024-edition

Donate/support: https://ko-fi.com/thisweekinsecurity

zackwhittaker, 2 months ago to random

My haiku on the proposed TikTok ban.

TikTok ban is dumb,
A data protection law
is the solution.

zackwhittaker, 2 months ago to random

New, by me: The Irish government fixed a vulnerability two years ago in its national COVID-19 vaccination portal that exposed the vaccination records of around a million residents.

HSE confirmed a data exposure. But details of the vulnerability weren’t revealed until this week after attempts to coordinate public disclosure with the government agency stalled and ended.

More: https://techcrunch.com/2024/03/13/security-flaw-irish-government-hse-covid-19/

zackwhittaker, 2 months ago (edited 2 months ago) to random

Per an update on UnitedHealth's cybersecurity incident page regarding the Change Healthcare hack, it sounds like they've (finally?) "identified the source of the intrusion and, with high confidence, have established a safe restore point," adding: "This point allows us to move forward safely and securely in restoring our data and systems."

In other words, it sounds like the incident responders found and cut off ALPHV's access to Change Healthcare's network.

zackwhittaker, 2 months ago to random

My TechCrunch colleague and friend @Sarahp experienced a devastating house fire last night. Please share and support if you can.

https://www.gofundme.com/f/yd78gx-sarah-and-josie-need-our-help