The EARN IT law that breaks encryption advances in the Senate


It is not frequent You see a new variety of ransomware targeting Mac, but this week researchers investigated ThiefQuest, also called EvilQuest, a variety of malware that continues to give or take, so to speak. ThiefQuest appears to be ransomware for Mac, but its developers do not appear to intend to decrypt victim files. That probably points to cash theft, as ThiefQuest also has another malicious feature set that installs a persistent back door on victims’ computers, extracts data, manages a keylogger, and searches for financial data like cryptocurrency wallets. The spyware / ransomware combo is distributed via pirated software, so stick with legitimate application providers and you will be avoided.

Meanwhile, we look at the low level of cybersecurity defenses in K-12 school systems across the United States and how the Covid-19 pandemic has put them at even greater risk. The emergency pivot for distance learning opened a new exposure for many schools and exacerbated existing problems. Jaggar Henry, who graduated from high school last year in Polk County, Florida, presented a series of vulnerabilities (now fixed) in his district’s systems at a school board hearing last summer. He also found and reported similar flaws at two private Florida universities. All of those findings motivated him to pursue a cyber security career in the educational technology industry.

If you want a little privacy project for the holiday weekend, we’ve got you covered. As part of its macOS Big Sur announcement last week, Apple promised some big privacy enhancements for the new version of Safari. However, for everyone who doesn’t use Mac or doesn’t want to transition to Safari, we made a guide to replicate as many privacy issues as possible in Chrome or Firefox. Take a minute to change your settings and it will reduce the frequency with which you will be tracked on the web, improve your password security and reduce the risk of extension threats. Not bad for a few clicks.

And if you’re a true glutton for punishment, check out the biggest hacks and rapes of the year so far. It’s hard to think that 2020 is just heating up! Also, read on to find out more. Every Saturday we collect security and privacy stories that we did not break or report in depth, but that we think you should know. Click on the headlines to read them and stay safe there.

The Law on the Elimination of Abusive and Unbridled Neglect of Interactive Technologies, which was presented to the Senate in March, unanimously approved the Judicial Committee vote on Thursday. The bipartisan bill aims to focus on removing child sexual abuse material from digital platforms like social media, but security and privacy experts, as well as digital rights advocates, have argued that, in the process, EARN IT It also creates significant disincentives for companies to offer comprehensive services. -end encrypted. The bill also comes as the Justice Department steps up its campaign to require tech companies to provide encryption backdoors for police access. WINNING it was modified this week, but privacy advocates say it still poses a substantial threat to encryption. The renowned end-to-end encrypted chat application Signal announced in early April that it would be forced to leave the US market if the EARN IT Act becomes law.

An investigation by the French and Dutch police, Europol, and the UK National Crime Agency resulted in 746 arrests of prominent criminals across Europe and the seizure of weapons, more than two tons of drugs and more than $ 67 million. The law enforcement operation lasted more than three months and was made possible by police accessing a secure communications platform called EncroChat, which offered encrypted messages, missing messages, and an emergency data cleansing feature. EncroChat, which has now been removed, was only available on specially modified versions of Android. Police say criminals used EncroChat as an illicit market to sell weapons and coordinate drug sales around the world. Police began accessing the platform’s data on April 1 after it allegedly cracked its encryption in March.

State-sponsored hacker groups around the world are likely to exploit a critical security vulnerability revealed this week, according to an alert from the US Cyber ​​Command. The bug is in the PAN-OS operating system, which runs on Network equipment, such as VPN hardware and firewalls, from the business giant Palo Alto Networks. The vulnerability would allow attackers to access target networks as administrators. From there, they would have extensive control of the system. The vulnerability only occurs in certain device configurations, which limits the number of potentially vulnerable networks to a certain extent. But when the bug is present, attackers can exploit it remotely and trivially, the worst combination. “Please patch all devices affected by CVE-2020-2021 immediately,” the Cyber ​​Command warned. “The foreign APTs will probably try to exploit soon.”

Twenty-five apps, all made by the same developer and downloaded together more than 2.3 million times, were caught stealing the usernames and passwords of Facebook users. Google removed them from the Play Store this month and disabled apps on users’ phones. Cybersecurity company Evina first revealed the findings about malicious applications to Google. The apps offered legitimate services like wallpaper generators, flashlight features, games, step counters, and image editors, but they were also designed to detect when a user opened the Facebook app. At that point, the malicious apps would launch a web browsing window with a fake Facebook login page at the top of the Facebook app and ask users to enter their credentials.


More great WIRED stories

.