As Russia continues On the brink of invading Ukraine, IT administrators and researchers in the troubled country have discovered devastating data-wiping malware masquerading as ransomware and Lurking in many Ukrainian networks. The situation is reminiscent of past devastating Russian malware campaigns against Ukraine — including the infamous The NotPetya attack in 2017.
Elsewhere in continental Europe, Austria’s data regulator recently ended Using Google Analytics violates EU GDPR privacy regulations. The decision could set the tone for other countries and other analytics services, and could have ripples across the cloud.
Two now-fixed flaws in Zoom could expose ubiquitous video conferencing service and its users Zero-click or no-interaction malware attack. One flaw in iOS 15 that Apple has known about since November is Expose the user’s web browsing Activity. But on the other hand, Apple’s new iCloud Private Relay feature protects your browsing activity from prying eyes, In beta, you can try it now.
there are more. Every week we round up all the security news that WIRED doesn’t cover in depth. Click on the title to read the full text.
Major international cryptocurrency exchange Crypto.com finally confirmed this week that a hacker stole $30 million worth of cryptocurrency from the digital wallets of 483 users. The company initially called the situation an “incident” and said “no customer funds were lost.” The hackers stole 4,836.26 ETH, or about $13 million, 443.93 BTC, or about $16 million, and about $66,200 worth of other currencies. In most cases, it “prevented unauthorized withdrawals,” the exchange said, adding that in other cases it compensated customers for losses. Crypto.com said it had implemented additional security protections and called on third-party auditors to further evaluate its security. The company did not provide specific details about the improvements.
Israeli business and technology news site Calcalist this week published an investigation accusing Israeli law enforcement of using NSO Group’s Pegasus spyware to spy on citizens, including prominent figures, former government figures, and protest movement against former Israeli Prime Minister Benjamin Netanyahu employees and mayor. Police have generally denied the report, but on Thursday Israel’s Attorney General Avichai Mandelblit told the police chief he was opening an investigation into the allegations. Mandelblit wrote to Israel’s police chief Kobi Shabtai that if Calcalist’s conclusions are found to be true, “it is difficult to overstate the magnitude of the alleged damage to fundamental rights.”
INTERPOL announced this week that Nigerian law enforcement had arrested 11 scammers in mid-December for allegedly leaking commercial emails. Some are said to be members of the notorious SilverTerrier BEC group. BEC is a major type of online scam where attackers use lookalike email accounts, fake personas, and phishing to trick businesses into sending money to the wrong place. Often this is done by sabotaging email accounts within the target organization to make the ruse look more legitimate. Interpol said this week that after assessing the devices of 11 suspects, it had linked them to a scam that victimized more than 50,000 targets. Interpol said that one suspect alone allegedly had more than 800,000 potential victim website credentials, as well as access to 16 companies that actively sent money to SilverTerrier-linked accounts.
President Joseph Biden signed a memorandum this week to expand the NSA’s responsibility for defending U.S. government computer networks. The directive specifically focuses on sensitive federal IT infrastructure between the Department of Defense, intelligence agencies, and their contractors. This measure requires security best practices such as implementing encryption, supporting two-factor authentication, adding network detection capabilities, and using other cloud defense mechanisms. The memo essentially synchronizes the national security agency’s request with an executive order in May that set security standards for civilian agencies.
More great Wired stories