On Wednesday, an unprecedented Twitter hack saw the accounts of Elon Musk, Barack Obama, Joe Biden, Jeff Bezos, Bill Gates, Apple, Uber, and more fall into the hands of attackers who used that access to… push a bitcoin scam? It was a very bad, no good day, but if anything Twitter is lucky wasn’t much, much worse.
Elsewhere, Iranian hackers did an oopsie. Researchers from IBM recovered five hours of video from APT35, also known as Charming Kitten, recording themselves swiping data from hacked email accounts and offering training tips on how to do so. And researchers found a 17-year-old bug in Windows DNS that is “wormable,” meaning it could spread through a network without any human interaction. Microsoft pushed out a patch, which hopefully you’ve implemented by now if it applies to you. We also took a look at “DDoS for hire” schemes that have fueled a new wave of attacks—and router turf wars—online.
A new map from the Electronic Frontier Foundation shows what kind of surveillance—drones, facial recognition, and more—law enforcement uses in your city. A new research from F-Secure shows how counterfeit Cisco equipment could cause serious mayhem by motivated attackers. And we took a fresh look at an old debate: whether TikTok actually poses a security threat to the US.
Russian hackers are targeting Covid-19 vaccine research. A clever new gadget will stop Alexa from spying on you. And if you somehow aren’t using two-factor authentication yet, here’s why and how you should.