In the light of all the news on Facebook lately – though honestly, when there isn’t – you may finally be thinking about jumping on a ship. If so, here’s how to delete your Facebook account. Please.
However, this is not all that happened this week! Google has shed new light on an Iranian hacker group known as APT35 or Charming Kitten, and how they use Telegram bots to notify them when a phishing lure has a bite. Speaking of Telegram, a new report shows how bad the messaging service has done, keeping extremism off the platform.
There was good news for Cloudflare this week, as a judge ruled that the Internet infrastructure company was not responsible when one of its customers infringed on the copyright of its websites. And there was bad news for humanity, as the governor of Missouri repeatedly threatened to sue a journalist for responsibly revealing a security flaw on a state website he uncovered.
And there is more! Every week we gather all the security news that WIRED does not cover in depth. Click on the headlines to read the full stories and be safe.
In February, someone tried to poison the water supply of the city of Florida by breaking into its control system and drastically increasing the amount of sodium hydroxide. In 2020, a former employee of a water facility in Kansas accessed and forged his controls remotely. And that’s before you even get to the four ransomware attacks that intelligence officials documented this week, in a joint warning about the continuing threats that hackers pose to U.S. water and wastewater facilities. The report notes that wastewater treatment plants tend to invest in physical infrastructure rather than IT resources, and tend to use outdated versions of software, both of which leave them vulnerable to attack. Dissatisfied insiders have wide access to destruction, and ransomware attackers always like a target who can’t afford to stay offline for a significant period of time. While this isn’t necessarily surprising – we issued the same warning in April – the joint FBI / CISA / NSA / EPA note provides new details on how many confirmed attacks have occurred in recent months and offers some guidelines for critical infrastructure operators on how not to we will be the next victim.
A complete Twitch hack recently included source code, gaming payouts, etc., which caused quite a stir among streamers. But this is not the biggest hack in Twitch history. This distinction belongs to a 2014 compromise detailed on the motherboard this week, which was devastating enough that Twitch had to “rebuild much of its code infrastructure,” according to the report, because so many of its servers were likely to be compromised. . Inside Twitch, the hack became known as “Emergency Pizza” because of how many engineers had to work – and dinners that the company had to feed them – to mitigate the attack. It is worth reading in full.
Chances are you’ve heard this story before, but it’s still worth including a case with such wild accusations. The Justice Department has charged Navy nuclear engineer Jonathan Toby and his wife with trying to pass on a state secret to a foreign state; the people on the other end of the line turned out to be FBI agents. Toebbe is said to have been involved in a few “dead drops” of sensitive information; court documents say he hid data cards in everything from a peanut butter sandwich to a pack of gum. He allegedly offered thousands of documents, asking for $ 100,000 in cryptocurrency in return.
It’s always a good idea to update all your devices all the time – automatically, even – but especially when this update is specifically designed to correct the so-called zero-day error. In this case, a security researcher was so tired of Apple not crediting his claims that last month he published proof of the concept and full details of four separate flaws in iOS security. This is the second one that needs to be patched, leaving two for work. We hope that Apple will give him a suitable nozzle when he undertakes to fix them.
More great stories