As Russia continues On the brink of invasion of Ukraine, IT administrators in this supposedly unlikely country and researchers have discovered destructive data wiping out malware masquerading as ransomware and hidden in some Ukrainian networks. The situation evokes past destructive Russian malware campaigns against Ukraine — including The NotPetya Attack of 2017.
Elsewhere on the continent, the Austrian data regulator recent conclusion that the use of Google Analytics violates the EU GDPR privacy regulations. This decision could resonate in other countries and other analytics services, and could cause ripples across the entire cloud.
A pair of vulnerabilities in Zoom, now patched, may have exposed the popular video conferencing service and its users for clickless or non-interactive malware attacks. And a flaw in iOS 15 that Apple has known since November has been reveal the user’s web browser work. Apple’s new iCloud Private Relay feature, on the other hand, can protect your browsing activity from prying eyes, It’s in beta and you can try it now.
And much more than that. Each week, we compile all the WIRED security news not covered in depth. Click on the title to read the full story.
International crypto exchange giant Crypto.com has finally confirmed this week that a hacker made $30 million worth of crypto stolen from the digital wallets of 483 users. . The company initially called the situation “an incident” and said that “no customer funds were lost.” Hackers stole 4,836.26 ETH, about $13 million, 443.93 BTC, about $16 million, and about $66,200 in other currencies. The exchange said that in most cases it “prevents unauthorized withdrawals” and added that in other cases it refunds customers for their losses. Crypto.com said it has implemented additional security measures and has called in third-party auditors to further evaluate its security. The company did not provide specific details about the improvements.
Israeli business and technology news site Calcalist announced an investigation this week alleging that Israeli law enforcement used NSO Group’s Pegasus spyware to spy on citizens, including prominent members of the movement protesting against former Israeli Prime Minister Benjamin Netanyahu, former government employees and the mayor. Police have denied the reports, but on Thursday, Israeli Justice Minister Avichai Mandelblit told the police chief that he was opening an investigation into the claims. Mandelblit wrote to Israel Police Commissioner Kobi Shabtai: “It is difficult to overstate the severity of the alleged harm to fundamental rights” if Calcalist’s conclusion is correct.
Interpol this week announced that Nigerian law enforcement had arrested 11 suspected fraudsters infiltrating corporate email in mid-December. Some are believed to be members of the notorious SilverTerrier BEC group. BEC is a dominant form of online fraud where attackers use identical email accounts, fake characters, and phishing scams to trick businesses into sending money to the wrong locations. Usually, this is done by hacking email accounts in a target organization to make a ruse look more legitimate. This week, Interpol said that after evaluating the devices of 11 suspects, it had linked them to scams that victimized more than 50,000 targets. According to Interpol, a single suspect is accused of possessing more than 800,000 potential victims’ website logins and having access to inside 16 companies that are actively sending funds to affiliated accounts. with SilverTerrier.
President Joseph Biden signed a memorandum of understanding this week expanding the National Security Agency’s responsibility to protect the US government’s computer networks. The directive specifically focuses on sensitive federal IT infrastructure between the Department of Defense, intelligence agencies, and their contractors. This requires security best practices such as implementing encryption, supporting two-factor authentication, adding network discovery, and using other cloud protection mechanisms. The memo essentially synchronizes requirements for national security agencies with an executive order from May that sets security standards for civilian agencies.
Stories with WIRED are more amazing
