2024-10-02
Pig butchering scam operations, which often rely on human trafficking and forced labor, have broken out of SE Asia (Cambodia, Myanmar, Laos etc) and emerged in numerous other regions including the Middle East, Eastern Europe, Latin America and West Africa https://www.wired.com/...
Wired
Pig butchering operations that are offshoots of the Southeast Asian activity have emerged in the Middle East, Eastern Europe, Latin America, and West Africa
WIRED reports: — “More than 200,000 people in Southeast Asia have been forced to run online scams …
2024-01-17
GPU local memory security anxiety let's go (with @mattburgess1) https://www.wired.com/...
Wired
Researchers describe a GPU vulnerability that allows attackers to exfiltrate data from local memory on some devices with Apple, Qualcomm, AMD, and other chips
Patching every device affected by the LeftoverLocals vulnerability—which includes some iPhones, iPads, and Macs—may prove difficult.
2023-10-09
The “very crazy night” in which someone tried to steal hundreds of millions of dollars in cryptocurrency from FTX on the same day the company declared bankruptcy. By @a_greenberg https://www.wired.com/...
Wired
An investigation details FTX staff's all-night race to stop a crypto heist as the exchange collapsed, ultimately losing $415M to $432M to unidentified hackers
The same chaotic day FTX declared bankruptcy, someone began stealing hundreds of millions of dollars from its coffers.
23andMe user data was seemingly stolen in a credential stuffing campaign that targeted Ashkenazi Jews. Also maybe data from Mark Zuckerberg, Elon Musk and Sergey Brin is in the leak? 23andMe seems to be confirming the incident yet hasn't validated the data https://www.wired.com/...
Wired
Hackers posted a 23andMe data sample on BreachForums, claiming 1M data points exclusively on Ashkenazi Jews, but the sample appears to lack raw genetic data
At least a million data points from 23andMe accounts appear to have been exposed on BreachForums.
2023-10-08
23andMe user data was seemingly stolen in a credential stuffing campaign that targeted Ashkenazi Jews. Also maybe data from Mark Zuckerberg, Elon Musk and Sergey Brin is in the leak? 23andMe seems to be confirming the incident yet hasn't validated the data https://www.wired.com/...
Wired
Hackers posted an initial data sample from 23andMe on BreachForums earlier in the week, claiming that it had 1M data points exclusively about Ashkenazi Jews
At least a million data points from 23andMe accounts appear to have been exposed on BreachForums.
2023-09-09
Today US and UK officials sanctioned 11 alleged Trickbot members and DoJ unsealed 3 indictments against alleged Trickbot and Conti members. The only person indicted in all 3 is Maksim Galochkin, who @WIRED publicly identified last week in an investigation https://www.wired.com/...
Wired
The US and the UK sanction 11 more alleged Trickbot ransomware gang members, and the US DOJ unseals indictments against nine alleged Trickbot and Conti members
2023-09-08
Today US and UK officials sanctioned 11 alleged Trickbot members and DoJ unsealed 3 indictments against alleged Trickbot and Conti members. The only person indicted in all 3 is Maksim Galochkin, who @WIRED publicly identified last week in an investigation https://www.wired.com/...
Wired
The US and the UK sanction 11 more alleged Trickbot ransomware gang members, and the US DOJ unseals indictments against nine alleged Trickbot and Conti members
Authorities have sanctioned 11 alleged members of the cybercriminal groups, while the US Justice Department unsealed three federal indictments …
2023-05-29
Come for the bcrypt 25th anniversary and general password hashing fun with @dmazieres, stay for @NielsProvos making security-themed EDM 🪩 (as if his swordsmithing wasn't enough) https://www.wired.com/...
Wired
An interview with Niels Provos and David Mazieres, co-inventors of popular password-hashing function bcrypt, which turns 25 this year, on password security
The co-inventor of “bcrypt” is reflecting on the ubiquitous function's 25 years and channeling cybersecurity's core themes into electronic dance music.
2023-05-23
A leaked doc obtained by @WIRED shows how the CSAM scanning legislation sausage is getting made in the EU right now, with commentary from 20 countries about their thoughts on strategy/end-to-end encryption. And Spain is out here calling for an E2EE EU ban! https://www.wired.com/...
Wired
Leaked responses from 20 countries to an EU proposal show the majority favor some form of scanning encrypted messages, with Spain wanting an EU-wide E2EE ban
In response to an EU proposal to scan private messages for illegal material, the country's officials said it is “imperative that we have access to the data.”
2023-05-04
Today Google is launching passkeys for all personal accounts...you can try it out right now. There are some other companies that have done this, including PayPal, but for a lot of people this will be the first time they make a passkey https://www.wired.com/...
The Verge
Google enables passkeys, FIDO Alliance-developed cryptographic keys that require a preauthenticated device, on all accounts, to eventually replace passwords
you can now switch to passkey-only Adam Rowe / Tech.co : Your Google Account Doesn't Need a Password Anymore Luke Mandato / MobileSyrup : Dashlane is exploring password-free logins...
2023-05-03
There's been lots of SolarWinds hack coverage and great reporting but this from @KimZetter is THE SolarWinds story. It has new info and you'll finally feel like you understand the timeline/how everything worked after reading. Plus it's just a gripping saga https://www.wired.com/...
Wired
An in-depth look inside the US DOJ and Volexity's investigation into the SolarWinds hack, one of the most sophisticated cyberespionage campaigns of the decade
I'd like to highlight this bit. Zero trust, my arse. Lots of new details in this report. https://www.wired.com/... Tweets: Stephane Taillat / @staillat : A great work by @KimZett...
2023-04-29
DOJ actually detected the SolarWinds hack in its network back in May 2020 and Microsoft, Mandiant, SW all looked at it at the time, but didn't grasp what they were seeing. Six months later Mandiant publicly exposed the campaign. @KimZetter back in @WIRED! https://www.wired.com/...
Wired
Sources: the US DOJ discovered the SolarWinds breach in late May 2020, months before its public disclosure in December 2020, but was unaware of its significance
In May 2020, the US Department of Justice stumbled upon Russian hackers in its network, but did not realize the significance of what it had found for six months. Tweets: @lilyhnewm...
2023-02-16
Well, it's been a fun 16 years, but @CBP finally did the software upgrades in June 2022 to cryptographically validate e-Passport data https://www.wired.com/...
Wired
The US CBP confirms implementing software to verify e-passports in June 2022, nearly 16 years after the US started issuing passports with RFID chips
until now. Story by @lilyhnewman https://www.wired.com/...
2023-02-08
not as dramatic as all the heckling, but Biden's line about data protection in the State of the Union was noteworthy https://www.wired.com/...
The Verge
At the State of the Union, Biden called for Congress to strengthen data privacy protections and antitrust enforcement to stop Big Tech from self-preferencing
President Joe Biden threw his support behind tougher rules regulating Silicon Valley during his Second State of the Union speech Tuesday night.
2022-12-08
Apple told @WIRED that it's killing the iCloud Photos CSAM scanning plan for real and is instead investing in its opt-in family features for protecting kids and attempting to disrupt exploitation before it happens/escalates https://www.wired.com/...
Wall Street Journal
Apple plans to launch Advanced Data Protection, offering E2EE on iCloud backups, Notes, Photos, and more, in the US in 2022 and globally including China in 2023
‘Advanced Data Protection’ will offer end-to-end encryption on iCloud backups, Notes, Photos and other services—a step that may draw ire from law enforcement
Apple told @WIRED that it's killing the iCloud Photos CSAM scanning plan for real and is instead investing in its opt-in family features for protecting kids and attempting to disrupt exploitation before it happens/escalates https://www.wired.com/...
Wired
Apple won't launch its CSAM detection tool for iCloud photos, instead focusing its anti-CSAM efforts on the Communication Safety features launched in 2021
2022-10-11
Re: this $2,500 PayPal misinfo fine “An AUP notice recently went out in error that included incorrect information. PayPal is not fining people for misinformation and this language was never intended to be inserted in our policy. Our teams are working to correct our policy pages...
Bloomberg
After criticism, PayPal says its policy update about a $2,500 penalty for “the sending, posting, or publication” of misinformation was “incorrect information”
Low De Wei / Bloomberg :
2022-08-12
Messenger is announcing one of its incremental E2EE rollouts today, which...good! But Meta says the timing is long-planned and unrelated to revelations that the company was compelled by law enforcement to hand over chat data in the Nebraska abortion case https://www.wired.com/...
Wired
After the Nebraska abortion case, Meta tests more E2EE chats and backups in Messenger, and says default E2EE messages and calls will roll out globally in 2023
Lily Hay Newman / Wired :
2022-08-11
Messenger is announcing one of its incremental E2EE rollouts today, which...good! But Meta says the timing is long-planned and unrelated to revelations that the company was compelled by law enforcement to hand over chat data in the Nebraska abortion case https://www.wired.com/...
Wired
Following the Nebraska abortion case, Meta tests expanded E2EE for Messenger, including backups, and promises a global rollout for messages and calls in 2023
The company says an expansion of privacy features in Messenger is unrelated to a high-profile Nebraska abortion case.
Rare example of people actually turning cool privacy research into a service you can use right now https://www.wired.com/...
Wired