For those following the apparent U.S. cellular outages: DownDetector is not an accurate measure for outages and shouldn't be relied on for news reporting. DownDetector largely relies on crowdsourcing complaints, and folks often complain about the wrong thing and blame it on something upstream or something entirely unrelated.
For that absolute chef's kiss detail, the filenames of the screenshots posted by U.K. authorities on LockBit's dark web leak site read "oh dear.png", "doesnt_look_good.png" and "this_is_really_bad.png."
New, by me: Notorious stalkerware operation TheTruthSpy was hacked — again.
Two hacking groups independently found a security flaw in TheTruthSpy that allows the mass access of victims’ stolen mobile device data directly from TheTruthSpy’s servers.
The hack reveals TheTruthSpy continues to spy on tens of thousands of new victims.
TechCrunch added the new data to our spyware lookup tool, which lets you check if your Android device was compromised by TheTruthSpy.
New, by me: The startup that develops the phone app for WinStar, dubbed the "world's biggest casino," has secured an exposed database that was left on the internet without a password.
The app maker, Dexiga, took the database offline after a security researcher found the leaking database.
Dexiga's CEO claimed the database contained "publicly available information." But it wasn't — the database contained customer names, phone numbers, and email and home addresses.
New, by @Sarahp: A fake app that was masquerading as password manager LastPass on the App Store has been removed, whether by Apple or the fake app’s developer is yet unclear — Apple has not commented.
"That such an obviously fake app got through Apple’s App Review process is a bad look for the tech giant, which has been arguing against new regulations, like the EU’s Digital Markets Act, by claiming these laws would compromise customer safety and privacy."
@GossiTheDog@howelloneill for me, the issue i have with this story blowing up is that i worry it desensitizes the reader to actual harms and threats out there. sometimes saying nothing at all (by not writing about it) is the best thing (in my view/opinion). but there's no incentive for media outlets to do that.
@GossiTheDog@howelloneill right, i feel that this was largely a failure of the media outlets that chase clicks and views and the authors that are incentivized as such. but on the occasion misinfo spins like this and big outlets consider covering, if not least to "dispel rumors" or under the guise of disinfo watch, it can amplify it even more. we need better media literacy (unlikely) and many outlets to be less click-driven — even if that means publishing less (not holding my breath either).
New, by me: A year after settling New York state allegations of 'illegally promoting' phone spyware, the companies behind the phone monitoring (read: stalkerware) apps PhoneSpector and Highster appear to have shuttered.
New, by @carlypage: U.S. cybersecurity agency CISA gives federal agencies just two days to disconnect flawed Ivanti VPN products under mass-exploitation.
Volexity founder Steven Adair told TechCrunch that at least 2,200 Ivanti devices have been compromised to date, though the "total number is likely much higher."
New, by me: LoanDepot said 16.6 million customers had "sensitive personal information" stolen in its recent cyberattack, which it described as ransomware.
When reached by email, LoanDepot spokesperson Jonathan Fine declined to say what specific kinds of data was stolen.
New: Sen. Ron Wyden is warning that governments are spying on Apple and Google phone users through their push notifications.
Wyden says Apple and Google can be “secretly compelled by governments to hand over this information.”
An Apple spokesperson told TechCrunch that it was prohibited from disclosing the surveillance, but will add to its upcoming transparency report "now that this method has become public."