As politicians should know by now, secure messaging apps such as Telegram can quickly become a double-edged sword.
On the one hand, a growing number of governments are so worried about its security capabilities, they try to ban the app. On the other, politicians who use the app themselves on the assumption of privacy can find their conversations exposed in the media.
The Brazilian Government’s Justice Minister Sergio Moro announced on 5 June 2019 that his smartphone had been hacked, four days before the politically compromising contents of his Telegram chats with a senior prosecutor started turning up as source material for articles in the media.
Since then, it has emerged that other Brazilian politicians, including President Jair Bolsonaro, and Economy Minister Paulo Guedes were also among a total of 1,000 other Telegram accounts targeted, which led to the arrest on 23 July 2019 of four suspects accused of being behind the attacks.
Network Attached Storage (NAS) company Synology has issued an urgent warning for owners to check their box’s security settings after it emerged cybercriminals are targeting numerous NAS vendors with a new wave of ransomware.
At first it was thought that recent attacks could be exploiting an unknown software vulnerability in Synology’s products, but according to the company it has since been established that the attackers’ method is a much simpler but still effective brute-forcing of admin credentials.
We believe this is an organised attack. After an intensive investigation into this matter, we found that the attacker used botnet addresses to hide the real source IP.
Synology’s Manager of Security Incident Response Team, Ken Lee
Spotted on 19 July 2019, the campaign involves trying lots of commonly used passwords on internet-connected NAS boxes. The attackers hope that eventually they’ll hit on a password that allows them the access necessary to encrypt the data on it.
In May 2017, a young hacker who goes by the sobriquet MalwareTech singlehandedly saved the world from the devastating WannaCry ransomware outbreak. Three months later, police arrested MalwareTech—real name Marcus Hutchins—over his involvement in creating a piece of malware that helped cybercriminals steal from banks. Hutchens had pleaded guilty to the charges in April. But at a sentencing hearing Tuesday, Judge J.P. Stadtmueller made clear that Hutchins’s WannaCry heroics far outweighed the crimes of his youth, letting him off with a sentence of time served. In other words, Hutchins is free to return to his home in the UK. For a fuller account, and some invaluable insights from Stadtmueller, read Marcy Wheeler’s thread on Twitter.
The Senate Committee on Intelligence has released the first volume of its investigative report on Russian manipulation and interference of the 2016 US Election, revealing that all 50 states were probably targeted for attempted vote manipulation.
According to the heavily redacted, 67-page report [PDF], the Russian government conducted various intelligence-related activities against US election infrastructure at both state and local level, which began as early as 2014 and continued until at least 2017.
Since academics and investigative journalists first reported last year that Facebook was using people’s two-factor authentication numbers and “shadow” contact information for targeted advertising, Facebook has shown little public interest in fixing this critical problem. Subsequent demands that Facebook stop all non-essential uses of these phone numbers, and public revelations that Facebook’s phone number abuse was even worse than initially reported, failed to move the company to action.
Yesterday, rather than face a lawsuit from FTC, Facebook agreed to stop the most egregious of these practices.
In its next release, Android plans to up its privacy game. But the operating system still caters to ad trackers at its users’ expense.
The newest release of Android, dubbed “Q,” is currently in late-stage beta testing and slated for a full release this summer. After a year defined by new privacy protections around the world and major privacy failures by Big Tech, this year, Google is trying to convince users that it is serious about “protecting their information.” The word “privacy” was mentioned 22 times during the 2019 Google I/O keynote. Keeping up that trend, Google has made—and marketed—a number of privacy-positive changes to Android for version Q.
Many of the changes in Q are significant improvements for user privacy, from giving users more granular control over location data to randomizing MAC addresses when connecting to WiFi networks by default. However, in at least one area, Q’s improvements are undermined by Android’s continued support of a feature that allows third-party advertisers, including Google itself, to track users across apps. Furthermore, Android still doesn’t let users control their apps’ access to the Internet, a basic permission that would address a wide range of privacy concerns.
Earlier this month, Mozilla announced the release of Firefox 68, which includes a curated “list of recommended extensions that have been thoroughly reviewed for security, usability and usefulness”. We are pleased to announce that both of our popular browser extensions, HTTPSEverywhere and PrivacyBadger, have been included as part of the program. Now, when you navigate to the built-in Firefox add-ons page (URL: about:addons), you’ll see a new tab: “Recommendations,” which includes HTTPS Everywhere and Privacy Badger among a list of other recommended extensions. In addition, they will be highlighted in Add-ons for Firefox and in add-on searches.
When Michael Terpin’s smartphone suddenly stopped working in June 2017, he knew it wasn’t a good sign. He called his cellular provider, AT&T, and learned that a hacker had gained control of his phone number.
The stakes were high because Terpin is a wealthy and prominent cryptocurrency investor. Terpin says the hackers gained control of his Skype account and tricked a client into sending a cryptocurrency payment to the hackers instead of to Terpin.