There is global ripples in tech policy this week as VPN providers forced to withdraw from India when the country’s new data collection law goes into effect, and UN countries prepare for elections a new head of the International Telecommunication Union — an important internet standards body.
Following explosions and damage to the Nord Stream gas pipeline running between Russia and Germany, the destruction is being investigated as intentional, and A complex hunt is underway to identify the culprit. And hackers have not yet been identified as victims of “super-attacks” to get data using a long feared technique to hijack virtualization software.
The notorious hacker Lapsus$ is back with their attack, affecting major companies around the world and issue a dire but important warning about how vulnerable large organizations will actually compromise. And End-to-end encrypted communication protocol Matrix patched serious and worrying vulnerabilities this week.
Pornhub launches a trial of an automated tool that motivates users who are looking for child sexual abuse material to seek help for their behavior. And Cloudflare Launches a Free Captcha Alternative in an attempt to authenticate people online without the headache of finding bicycles in a grid or deciphering fuzzy text.
We have advice on how to stay strong with Big Tech and Advocate for data privacy and user rights in your communityplus tips on the latest iOS, Chrome and HP updates you need to install.
And much more than that. Every week we highlight news that we don’t cover in depth. Click on the title below to read the full story. And it’s safe out there.
On Thursday night, Microsoft confirmed that two unpatched Exchange Server vulnerabilities are being actively exploited by cybercriminals. The vulnerabilities were discovered by a Vietnamese cybersecurity company called GTSC, which claimed in a post on its website that two zero-days were used in attacks aimed at targeting customers since early August. While the flaws only affected the on-premises Exchange Server to which the attacker had authenticated access, according to GTSC, zero dates can be chained together to create backdoors into vulnerable servers. “The vulnerability became so severe that it allowed an attacker to perform RCE [remote code execution] on the compromised system,” The researchers said.
In a blog post, Microsoft describes the first as a server-side request forgery (SSRF) security vulnerability and the second as “an attack that allows remote code execution on a vulnerable server when an attacker can access PowerShell”. The post also provides guidance on how on-premises Microsoft Exchange customers should mitigate the attack.
According to Reuters. The year-long investigation follows the story of six Iranian men jailed as part of an active Iranian counterintelligence operation that began in 2009. The men were frustrated in part by what Reuters describes as a flawed web-based secret communications system that led to the arrest and execution of dozens of CIA informants in Iran and China. In 2018, Yahoo News reported on the system.
Since the CIA appears to have purchased web hosting space in bulk from the same supplier, Reuters is able to list hundreds of secret CIA websites intended to facilitate communication between informants around the world. world and their CIA handlers. Sites that are no longer active are devoted to topics such as beauty, fitness, and entertainment. Among them, according to Reuters, is one Star Wars fan page. Two former CIA officials told the news agency that each fake website was assigned to only one agent to prevent the entire network from being exposed in the event any spies were caught.
James Olson, the former director of counterintelligence at the CIA, told Reuters, “If we were careless, if we were reckless, and we were infiltrated, shame on us.”
On Wednesday, a former National Security Agency employee was charged with three counts of violating the Espionage Act for allegedly attempting to sell classified defense information to an unnamed foreign government, according to court documents unsealed this week. In a press release about the arrest, the US Department of Justice stated that Jareh Sebastian Dalke, of Colorado Springs, Colorado, used an encrypted email to send excerpts of three classified documents to a special agent. undercover FBI agent, who he believes is working with a foreign government. Dalke allegedly told the agent that he was in serious financial debt and that in exchange for the information, he needed to be compensated in crypto.
The FBI arrested Dalke on Wednesday when he went to Union Station in downtown Denver to deliver classified documents to undercover agents. If convicted, he could face life in prison or the death penalty.
On Tuesday, hackers attacked Fast companyits content management system, issued two obscene push notifications to the publication’s Apple News followers. In response, the publication’s parent company, Mansueto Ventures, shut down Fastcompany.com and Inc.com, which it also owns. Fast company issued a statement calling the messages “vile” and “inconsistent with the content and ethos” of the store. An article that the hacker seems to have posted Fast companyTheir website claims that they get access via shared passwords across multiple accounts, including admins.
As of yesterday, the company’s websites remained offline, redirecting instead to a statement about the hack.
