[ad_1]
The endless cybercriminal The cat-and-mouse game continued this week with a joint international law enforcement operation, Dark HunTor, which resulted in 150 arrests of alleged dark network providers plus the seizure of $ 31.6 million in cash and cryptocurrency and 230 kilograms of drugs. The action focuses on sellers who sold their goods on the DarkMarket market, which German police closed in January. Meanwhile, ransom gangs continued to rage. The Russian group Grief, an apparent cover for the sanctioned ransom gang Evil Corp, claims to have hit the National Weapons Association this week. The apparent incident is the latest in a series of attacks in which victims must consider the potential consequences of violating sanctions if they want to pay for the outcome.
The British digital identity company Yoti says its machine-based image analysis tool can predict people’s ages between 6 and 60. The tool can be used to impose minimum ages on platforms and to keep children safe online, but it raises questions about how much digital surveillance is too much. Blind and visually impaired people have again won an exemption from the DMCA, which allows them to violate the protection of digital rights management on e-books and create accessible versions. But the release is still temporary and defenders will have to fight to win it back in three years. According to them, the measure should be permanent.
Google’s Pixel 6 and 6 Pro have some advanced security features, thanks to their Tensor processors, the first Pixel system on a chip created to order by Google. If you need some security tips for Windows instead, we’ve put together 11 of the most important settings to focus on. In addition, we have updated recommendations if you are looking for a reliable VPN.
And there is more! Every week we collect all the security news that WIRED does not cover in depth. Click on the headlines to read the full stories and stay safe there.
Russia’s foreign intelligence group hacker SVR, known as Nobelium and Cozy Bear, is targeting a new wave of international IT companies embedded in the global supply chain, according to a warning from Microsoft this week. As scandalous with the network management company SolarWinds in 2020, the group seeks to compromise with key – but often relatively obscure – technology companies as an invisible springboard for attacking the target company’s own customers. This time, Tom Burt, Microsoft’s vice president of security and customer trust, says Nobelium is targeting managed cloud service providers and technology retailers. Burt says the Nobel Prize was fertile all summer. Between July 1 and October 19, the company informed 609 customers that it had been attacked 22,868 times by the group – roughly the same number of attacks that Microsoft had seen from Cozy Bear in the previous three years combined. However, Burt adds that all this recent targeting has had a “success rate for low single digits.”
“This recent activity is another indicator that Russia is trying to gain long-term, systematic access to various points in the technology supply chain and to set up a mechanism to monitor – now or in the future – targets of interest to the Russian government.” wrote Burt. Spies will spy.
Tuesday’s hack, aimed at gas stations in Iran, pulled off almost every subsidized pump payment terminal for days, leading to long queues and turmoil. “There must be serious preparedness in the field of cyber warfare and related bodies must not allow the enemy to pursue its sinister goals,” said Iranian President Ebrahim Raisi. No one has claimed responsibility for the attack, and Raisi did not attribute it, but said he believed anti-Iranian actors were behind the attack. A cyberattack on 64411, a reference to a religious hotline run by the office of Supreme Leader Ayatollah Ali Khamenei, was reportedly written during the payment terminal attack. The number “64411” also appeared in a July attack on Iran’s national railway.
Europol announced the arrest of 12 people on Friday with alleged links to ransomware attacks on corporations and critical infrastructure, which apparently affected more than 1,800 people in 71 countries. Law enforcement agencies from eight countries cooperated in the operation and confiscated more than $ 52,000 in cash, five luxury vehicles and a number of electronic devices. The attacks used a range of ransomware, including LockerGoga, MegaCortex and Dharma.
A bug in the Docket medical records app has revealed data from New Jersey and Utah residents vaccinated against Covid-19. The two countries have specifically approved the app, which allows people to download a digitally signed version of their paper vaccination card. Like other vaccine passports, Docket allows users to access their immunization record as a visible card or scanned QR code. The vulnerability allows anyone to access the QR codes of other users and the relevant personal data. This includes names, dates of birth and information about immunization, such as date of vaccination and brand used. TechCrunch discovered the bug on Tuesday and notified the company that day. Docket said within hours that he had fixed the error by making changes at the server level. The company is in the process of reviewing its log files to see if anyone has visibly abused the flaw before disclosing it.
More great WIRED stories
[ad_2]
Source link