Zack Whittaker
With weeks to go before the bill expires at the end of Congress, this is the last chance for U.S. senators to vote on the PRESS Act, a bipartisan federal "shield" law that protects journalists from giving up their sources, and more.
It's the bill that the House *unanimously* passed in January, but yet it's been collecting dust in the Senate for a vote ever since.
More: https://techcrunch.com/2024/11/10/its-the-senates-last-chance-to-pass-the-press-act/
Zack Whittaker
The "internally screaming" edition of ~ this week in security ~ is out:
• Hacker behind Snowflake breaches arrested
• China Typhoon hacks 'more pervasive' than thought
• FBI says hacked police emails used to file fake subpoenas
• Android patches fix two zero-days under attack
• Plus: A look at the infostealer crime ecosystem
• A brand new bonus cyber cat + friend, and more.
Sign up/RSS: https://this.weekinsecurity.com
Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-november-10-2024-edition
Donate/support: https://ko-fi.com/thisweekinsecurity
Zack Whittaker
New, by me: The FBI is warning that hackers are gaining access to law enforcement and government email addresses to file fraudulent "emergency" data requests with U.S. companies to obtain user data — which is often then used for doxing and financial fraud.
The abuse of emergency data requests is not new, and has been widely reported in recent years; but this is a rare admission from the federal government about the threat from fraudulent emergency data requests.
Zack Whittaker
@GossiTheDog it wasn't already?!
Zack Whittaker
From me, last month, and still relevant today. I wrote about the 30-year-old internet backdoor law that came back to bite, after Chinese spies were found in the legally mandated wiretap systems of telecom and internet providers.
More: https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/
Zack Whittaker
Meet the “advanced persistent teenagers.” These are highly skilled, financially motivated hackers, like Lapsus$ and Scattered Spider, made up of mostly teenegers and young adults, and proven capable of digitally breaking into hotel chains, casinos, and tech giants.
MongoDB, which had a limited intrusion last year, said the incident matched tactics used by Scattered Spider, which broke in via phishing as if they were a legitimate employee.
More from TechCrunch Disrupt: https://techcrunch.com/2024/11/01/the-biggest-underestimated-security-threat-of-today-advanced-persistent-teenagers/
Zack Whittaker
2024 looks set to be another record-breaking year for ransomware. And the outcome of the upcoming U.S. election next week could have a major effect on the future of ransomware.
“I don’t think that’s something we’re prepared for — and we could see even more of an acceleration of ransomware attacks if law enforcement is less able to do their job,” said Allan Liska.
More by @carlypage: https://techcrunch.com/2024/10/31/2024-looks-set-to-be-another-record-breaking-year-for-ransomware-and-its-likely-going-to-get-worse/
Zack Whittaker
WSJ's @dustinvolz reports that DHS' Cyber Safety Review Board will investigate the Chinese "Typhoon" intrusions on several dozen U.S. telecom giants and others. The hacks have been linked to efforts to spy on prominent Americans, including a failed attempt to access an account belonging to a WSJ reporter after that reporter published articles about the group’s activities.
Zack Whittaker
New, by me: Apple will pay security researchers up to $1 million to hack into its private AI cloud, dubbed Private Cloud Compute.
Zack Whittaker
Well this data breach just got a lot worse.
Fidelity filed several other data breach notices, which confirm that the unauthorized third-party "accessed and retrieved certain documents related to Fidelity customers and other individuals by submitting fraudulent requests to an internal database that housed images of documents pertaining to Fidelity customers."
Fidelity also confirmed SSNs and driver's licenses were compromised in the data breach.
Zack Whittaker
Wow. Fidelity says at least 77,000 customers had personal data stolen in a recent cyberattack.
According to Fidelity, an unnamed third party accessed customers' personal data from its systems between August 17 and August 19 “using two customer accounts that they had recently established.” 👀
More from @carlypage: https://techcrunch.com/2024/10/10/fidelity-says-data-breach-exposed-personal-data-of-77000-customers/
Zack Whittaker
Indian health insurance giant Star Health has confirmed a data breach, weeks after hackers claimed access to 31 million customer records and made them accessible via Telegram bots.
@jagmeets13 has the story.
Zack Whittaker
News broke this weekend that China-backed hackers have compromised the wiretap systems of several U.S. telecom and internet providers, likely in an effort to gather intelligence on Americans.
Security professionals and technologists have for years been sounding the alarm about the security risks of backdoors, because there is no such thing as a "secure backdoor" that can't be abused by malicious actors.
More, by me: https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/
Zack Whittaker
There 👏 is 👏 no 👏 such 👏 thing 👏 as 👏 a 👏 secure 👏 backdoor.
https://techcrunch.com/2024/10/07/the-30-year-old-internet-backdoor-law-that-came-back-to-bite/
Zack Whittaker
You're probably thinking, "not another VPN guide!" But this one is different!
Introducing TechCrunch's skeptics' guide to VPNs. You probably don't need a VPN, and we'll tell you why. VPN providers are bad for privacy, and you should doubt their claims.
If you do need a VPN, the best one is an encrypted VPN you've set up and control yourself. We'll show you how to get started. And if you don't need one, we'll show you what can meaningfully improve your privacy online.
https://techcrunch.com/2024/09/30/think-you-need-a-vpn-guide-start-here/
Zack Whittaker
@GossiTheDog "We'll be right back" takes the piss a little bit.
Zack Whittaker
New, by me: Cisco has cut thousands of jobs following its second round of layoffs this year.
At the same time, Cisco said its 2024 financial year was its "second strongest year on record," and all the while its top executives made tens of millions of dollars in compensation.
More: https://techcrunch.com/2024/09/17/ciscos-second-layoff-of-2024-affect-thousands-of-employees/
Zack Whittaker
Transport for London now says that it has "identified that certain customer data has been accessed."
"This includes some customer names and contact details, including email addresses and home addresses where provided," said TfL on its update page.
TfL now says the data may include "bank account numbers and sort codes" for around 5,000 Oyster card customers.
I first reported two days ago that customer data was affected. A TfL spokesperson wouldn't comment. https://techcrunch.com/2024/09/10/londons-transit-agency-drops-claim-it-has-no-evidence-of-customer-data-theft-after-hack/
Zack Whittaker
New, by me: Car rental giant Avis is notifying hundreds of thousands of people that their personal information, driver’s license numbers, and credit card numbers were stolen in an August cyberattack.
According to a data breach filing, the breach affects around 300,000 customers.
It is not clear who at Avis oversees cybersecurity for the company, and a company spokesperson did not respond to a request for comment.
Zack Whittaker
Oh no, said literally nobody ever, about a huge fine that facial recognition startup Clearview AI absolutely deserves and then some.
Security editor, TechCrunchEmail: zack.whittaker@techcrunch.comSignal: +1 646.755.8849 / zackwhittaker.1337New York, NY
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.