Notices by Lorenzo Franceschi-Bicchierai (lorenzofb@infosec.exchange)

Wanna earn up to $100,000 a month? Perhaps doing crime? For obscure reasons? This is your opportunity.

Don't miss out on this bizarre hacking campaign, which is currently looking for recruits here on Twitter.

🤔 🤔 🤔

https://techcrunch.com/2025/04/01/someone-is-trying-to-recruit-security-researchers-in-bizarre-hacking-campaign/

The Ontario Public Police responded to our request for comment without denying being Paragon customers.

Instead a spokesperson said that "releasing information about specific investigative techniques and technology could jeopardize active investigations."

https://techcrunch.com/2025/03/19/researchers-name-several-countries-as-potential-paragon-spyware-customers/

NEW: Citizen Lab researchers mapped out the infrastructure of spyware maker Paragon Solutions, and say they were able to identify servers likely used by customers in several countries: Australia, Canada, Cyprus, Denmark, Israel, and Singapore.

Paragon’s executive chairman John Fleming said Citizen Lab shared in advance "very limited amount of information, some of which appears to be inaccurate."

He declined to say what was inaccurate exactly.

https://techcrunch.com/2025/03/19/researchers-name-several-countries-as-potential-paragon-spyware-customers/

I wish I was surprised by this.

Morgan Marquis-Boire, a well known hacker who has faced multiple credible accusations of sexual violence, was secretly running a crypto security company.

https://www.washingtonpost.com/technology/2025/03/14/cryptocurrency-unciphered-morgan-marquis-boire/

I am starting to think these Lockdown Mode notifications are even dumber and confusing than I thought.

I get them all the time while I chat with someone, for example, after their first message. Apparently, they don't do anything because the conversation keeps going. (This happens with people who are in my contact list btw)

But then, the other day I saw one one of these warnings, which named a person I wasn't messaging with at the time.

Should I assume this means they were messaging me and Lockdown Mode prevented them?

Does anyone know what these notifications actually mean? Or what they are supposed to tell a Lockdown Mode user?

NEW: As Skype is about to be shut down, I looked at its most important legacy: giving end-to-end encryption to the masses.

Today, end-to-end encryption is baked into our most used chat apps. In 2003, putting that technology into a popular chat and calling app was nothing short of revolutionary.

And ever since it launched in 2003, Skype freaked out authorities all over the world, from Italy’s cybercrime police, to the Egyptian intelligence service.

https://techcrunch.com/2025/03/03/as-skype-shuts-down-its-legacy-is-end-to-end-encryption-for-the-masses/

NEW: Cellebrite said it stopped authorities in Serbia from using of its cellphone forensic tools.

Decision comes after cases where Serbian police and intelligence used Cellebrite's tools to unlock an activist's and a journalist's phone to then install spyware on the devices.

https://techcrunch.com/2025/02/26/cellebrite-suspends-serbia-as-customer-after-claims-police-used-firms-tech-to-plant-spyware/

NEW: We spoke to the Italian journalist who was targeted on WhatsApp with government spyware made by Paragon. 

“I feel violated,” Francesco Cancellato told me. “It is actually quite strange for a journalist to be spied on in a Western democracy.”

Cancellato is the director of Fanpage.it, which last year published a damning investigation on the youth wing of the current far-right government in Italy. 

Full story, which includes the text of the notification he received from WhatsApp, here:

http://techcrunch.com/2025/02/03/journalist-targeted-on-whatsapp-by-paragon-spyware-i-feel-violated/

NEW: Yahoo laid off around 25% of its cybersecurity team, known internally and in the industry as "The Paranoids," in the last year.

Company let go ~40 people out of ~200, according to multiple current and former Yahoo employees.

https://techcrunch.com/2024/12/12/yahoo-cybersecurity-team-sees-layoffs-outsourcing-of-red-team-under-new-cto/

NEW: Doughnut giant Krispy Kreme disclosed a cyberattack that it says has caused “certain operational disruptions, including with online ordering in parts of the United States.”

It's unclear at this point if this is a ransomware attack.

https://techcrunch.com/2024/12/11/krispy-kreme-discloses-cyberattack-that-is-disrupting-online-orders/

NEW: Security researchers have confirmed that iPhones running iOS 18 now automatically reboot if they are not unlocked for 72 hours.

The feature, called "inactivity reboot," will make life harder for thieves, law enforcement, and forensic experts trying to extract data from iPhones.

https://techcrunch.com/2024/11/14/new-apple-security-feature-reboots-iphones-after-3-days-researchers-confirm/

NEW: Cybersecurity giant Fortinet confirms data breach affecting “less than 0.3%” of customers. Based on company's latest earnings, that should be around 1,500 customers.

https://techcrunch.com/2024/09/13/fortinet-confirms-customer-data-breach/

NEW: Security researchers say they found evidence that Chinese government-linked hacking group Volt Typhoon used a zero-day to target ISPs in the U.S. and India.

The goal was to steal the credentials of the ISPs downstream customers, to do more targeted hacking.

“This wasn’t limited to just telecoms, but managed service providers and internet service providers,” said Mike Horka, the Black Lotus Labs' researcher who found the hacking campaign. “These central locations that they can go after, which then provide additional access.” Horka said these internet and networking companies are targets themselves, “very likely because of the access that they could potentially provide to additional downstream customers.”

https://techcrunch.com/2024/08/27/chinese-government-hackers-targeted-u-s-internet-providers-with-zero-day-exploit-researchers-say/

NEW: Microsoft revealed that the recent campaign by Russian government hackers, which resulted in the theft of emails from company executives and cybersecurity employees, was much broader.

The hackers also targeted an unspecified number of other companies, according to Microsoft.

But the company hasn't said how many yet.

https://techcrunch.com/2024/01/26/microsoft-says-russian-hackers-also-targeted-other-organizations/

NEW: 23andMe admitted that hackers broke into customers' accounts from April through September of 2023, and the company didn't detect the attacks.

It's unclear how many accounts were targeted, but hackers were successful breaking into 14,000 accounts, which in turn gave them access to personal data of 6.9 million customers.

Remember, 23andMe previously said this about the breach: "Users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe [...] The incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures."

https://techcrunch.com/2024/01/25/23andme-admits-it-didnt-detect-cyberattacks-for-months/

NEW: 23andMe is blaming customers for the data breach that affected 6.9 million customers.

We saw a letter 23andMe sent to a group of victims that is suing the company, which shows what strategy the company will use in these lawsuits: blame the victims.

NEW: 23andMe is blaming customers for the data breach that affected 6.9 million customers.

We saw a letter 23andMe sent to a group of victims that is suing the company, which shows what strategy the company will use in these lawsuits: blame the victims.

“Users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe,” the letter reads. “Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures.”

https://techcrunch.com/2024/01/03/23andme-tells-victims-its-their-fault-that-their-data-was-breached/

NEW: Bitcoin ATM company Coin Cloud got hacked at some point in the last year, but the hack is shrouded in mystery.

We spoke to the owner of the company that acquired Coin Cloud and he said the company "has been hacked multiple times in the past."

"It’s impossible to really say when the data was compromised or who did it. So many vendors and internal employees had access to it that it could have happened at many different times over the years,” he said.

https://techcrunch.com/2023/12/12/bitcoin-atm-company-coin-cloud-got-hacked/

NEW: After the terrorist attacks on Oct. 7, there has been a significant increase in honeypots deployed in Israel.

It's unclear who is deploying them, but it makes sense to deploy honeypots to keep an eye on hackers who may get involved in the conflict.

“I suspect folks learned the only way to really see what's happening is to spin up infrastructure and look,” one expert told us.

https://techcrunch.com/2023/11/20/thousands-of-new-honeypots-deployed-across-israel-to-catch-hackers/

NEW: As the war in Gaza continues, internet connectivity is getting worse and worse.

“The evidence of the crippled internet in Gaza is not hard to find. By every metric of internet connectivity, things are in bad shape,” internet monitoring expert Doug Madory told us.

NetBlocks and IODA are reporting that NetStream, a Gaza ISP, has an almost complete outage, and other ISPs aren't doing much better.

https://techcrunch.com/2023/10/27/internet-access-in-gaza-is-collapsing-as-isps-fall-offline/

NEW: Hackers breached WebDetective, a Portuguese-language stalkerware app that was used to monitor 76,000 Android phones in recent years.

The hackers claimed they deleted the data of people spied with the app from the company's servers.

“Which we definitely did. Because we could. Because #fuckstalkerware,” the hackers wrote in a note.

https://techcrunch.com/2023/08/26/brazil-webdetetive-spyware-deleted/