As a whole Impact Texas’ SB 8 abortion law comes into view, Internet infrastructure companies have become an unlikely focus.Multiple hosting and domain registration providers own Refusal to provide services to abortion “whistleblower” website Violation of the terms of service related to the collection of third-party data. The site is designed to collect tips about people who have undergone, performed, or facilitated abortions in Texas. The site has been closed for more than a week.
At the same time, as Apple Fight controversy Exceeded its proposal-but Pause now–plan Scan iPhone for child sexual abuse material, WhatsApp moved to this week Plug its biggest end-to-end encryption loopholeThe ubiquitous secure communication platform cannot view your messages at any time during their digital journey, but if you back up your chat history on a third-party cloud service (such as iCloud or Google Cloud), the messages are no longer end-to-end End of encryption. With some clever cryptography, the service was finally able to devise a way to encrypt the backup before sending it to cloud storage.
After handing over the IP addresses of the militants to law enforcement, the secure email service ProtonMail said this week Update policy Make it clearer what customer metadata can be collected legally. However, the service emphasizes that the actual content of emails sent on the platform is always end-to-end encrypted and unreadable, even ProtonMail itself.
Twenty years after the September 11, 2001 attack, privacy researchers are still considering the continuation of the tragedy Impact on surveillance attitude In the U.S.
But wait, there is more! Every week we collect all safety news that WIRED has not covered in depth. Click on the title to read the full story and stay safe there.
Russian technology giant Yandex said this week that in August and September, it suffered the largest distributed denial of service or DDoS attack in the history of the Internet. A torrent of garbage, designed to overwhelm the systems and destroy them, reached its peak on September 5, but Yandex successfully fended off even the largest barrage. The company said in a statement: “Our experts have indeed successfully repelled a record attack of nearly 22 million requests per second.” “This is the largest known attack in the history of the Internet.”
Last week, a Russian national who worked with the notorious malware gang TrickBot was arrested at Seoul International Airport. The man was only referred to as Mr. A in the local media. After staying in South Korea for more than a year and a half, he tried to fly to Russia. After arriving in February 2020, Mr. A was trapped in Seoul due to international travel restrictions related to the COVID-19 pandemic. During this period, his passport had expired, and Mr. A had to find an apartment in Seoul and cooperated with the Russian Embassy to replace it. At the same time, US law enforcement officials launched an investigation into TrickBot’s activities, especially related to the botnet developed by the organization and used to assist in a series of ransomware attacks in 2020. During the investigation, officials collected evidence that Mr. A was suspected of cooperating with TrickBot, including the possible development of malicious browser tools in 2016.
An error in the British version of McDonald’s Monopoly VIP game exposed the user name and password of the game database to all winners. This defect caused data about game production servers and temporary servers to appear in prize redemption emails. The disclosed information includes Microsoft Azure SQL database details and credentials. Due to the firewall, the winner who receives the credentials may not be able to log in to the production server, but can access the temporary server and may obtain a winning code to redeem more prizes.
The hackers released 500,000 Fortinet VPN credentials, usernames and passwords, apparently collected from vulnerable devices last summer.The vulnerabilities they used to collect data since then Patched, But some stolen credentials may still be valid. This will allow bad actors to log into the organization’s Fortinet VPN and access their network to install malware, steal data, or launch other attacks. Data dumps released by a branch of a known ransomware gang named “Orange” are released for free. “CVE-2018-13379 is an old vulnerability that was resolved in May 2019,” Fortinet said in a statement Beep computer“If customers have not done so, we urge them to immediately implement upgrades and mitigation measures.”
More exciting connection stories