[ad_1]
This week, we took an exclusive look at the chaos that unfolded within Twitter in the hours after the accounts of Elon Musk, Bill Gates and dozens more were hacked. Since then, Twitter has beefed up its internal security, but with the elections just over a month away, has it done enough?
The Justice Department continued its busy month this week, announcing the global arrests of 179 alleged providers of the dark web in a coordinated effort with Europol. Authorities blame the takedown of the Wall Street Market dark web bazaar in May last year with leading them to the suspects. Facebook also showed some strength this week, dismantling disinformation networks that originated in China, the Philippines and the most troubling of all Russian military intelligence. And a tip from a child about a suspicious TikTok profile led researchers to discover adware in apps that had collectively been downloaded 2.4 million times.
We took a tour of the most important privacy and security features in iOS 14, including new ways to prevent apps from snooping on your camera or microphone. We explain why using the single sign-on features offered by Google, Facebook, and Apple may not be the most secure option. And we looked at some Chrome extensions that will cut down on all those pesky trackers.
Lastly, set aside some time to sit back and read this story of a scandal that shook the poker world. Will be worth.
And there is more! Every Saturday we gather the security and privacy stories that we do not disclose or report in depth, but that we think you should know about. Click on the headlines to read them and stay safe there.
Windows XP’s refusal to die has caused a multitude of security problems; Microsoft officially stopped providing updates to the operating system in 2014, which means that vulnerabilities are largely unsolved on the millions of computers that still run it. The situation managed to get even worse this week, as the source code for Windows XP was leaked on the file-sharing site Mega, the troll forum 4Chan, and more. By reviewing the source code, hackers can identify potential weak spots, making it easy to create malware against which Microsoft probably won’t bother to defend its zombie operating system. Some reports indicate that the source code has been circulating privately for some time, which may mitigate the impact of this broader version. Still, it’s not an encouraging development for anyone who hasn’t updated their PC in half a decade.
The Tribune Publishing Company has weathered a tough few months and longer, cutting budgets and jobs as the pandemic has devastated an already at risk newspaper industry. So employees were surprised to find an email in their inbox celebrating their new bonus of up to $ 10,000. The problem? There was no bonus. It was a phishing test to see who would click. Tribune staff widely condemned the move; Hanging a false promise of cash to people who have seen their colleagues get fired and may have been anxious about their own future with the company is certainly one way to test a phishing scam, but surely there were less cruel options. (Or maybe give everyone a Yubikey next time?)
The name Luxottica may sound strange to you, but you’ve surely heard of at least one of the brands under the umbrella of the eyewear monolith: Oakley, Ray-Ban, LensCrafters, and many more. Last weekend, the company suffered a cyber attack that forced it to close its operations in Italy and China. As of Tuesday, according to a report from BleepingComputer, business had not yet returned to normal. It is simply the latest in a trend of ransomware gangs pursuing “big” targets that can afford millions of dollars in payouts.
Speaking of what! Russian-speaking ransomware gangs rarely target Russian companies, in part because the lines between state-sponsored and for-profit piracy are so blurry. But a group that researchers call OldGremlin has turned to big business there. In fact, it is affecting banks, manufacturing and other companies exclusively in Russia, according to security firm Group-IB. OldGremlin’s methods are not particularly novel; they use spear-phishing attacks to install a custom backdoor, which they in turn use to download malware to steal an administrator’s credentials and then deploy custom ransomware. Nothing too crazy! But going after Russia so aggressively is certainly a way to stand out.
More great stories from WIRED
