All Stories Tagged:

Security

Skip to main content

Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.

R
Twitter
A security exploit for a file transfer tool is behind data breaches at the BBC, British Airways, and more.

Attackers using an unpatched exploit for Progress Software’s MOVEit Transfer product breached a number of large companies. TechCrunch lists BBC, BA, and Nova Scotia’s government as known victims already.

Microsoft Threat Intelligence linked these to an affiliate of the Clop ransomware group, which TechCrunch notes has previously attacked exploits in other file transfer tools like GoAnywhere, and typically demands payment to not post the stolen records online.


R
Twitter
Triangulating.

Moscow-based security firm Kaspersky said it uncovered a new cyberattack delivered via iMessage. Dubbed Operation Triangulation, it apparently infected “dozens” of employees’ iPhones and was detected due to some anomalous traffic on the company’s network.

But, as TechCrunch reports, Russia’s FSB claimed the attack is the work of US intelligence, using vulnerabilities “provided by the manufacturer,” without providing any evidence to back that up. In a statement to the outlet, Apple spokesperson Scott Radcliffe said, “We have never worked with any government to insert a backdoor into any Apple product and never will.”


S
The Verge
I just got rid of 1,000 photos from my iPhone in less than a minute.

My phone just ran out of storage, which is perfect timing as I’ll be flying out on vacation tomorrow. Thankfully, I was able to quickly free up storage by backing up my photos to iCloud and removing them from my phone. You might want to learn how to do this, too, if you’re planning on traveling this summer!


E
External Link
A security breach has exposed the personal info of almost 9 million dental patients.

Managed Care of North America Dental — a benefits provider for people enrolled in state Medicaid and CHIP — has disclosed a data breach that revealed the SSNs, driver’s licenses, insurance details, and other private information of 8.9 million people (via Engadget).

The MCNA says “a criminal accessed our computer system without our permission” between February 26th and March 7th, 2023, allowing them to “see and take copies” of the information in its database.


J
Youtube
Spy belugas sound way cooler than spy balloons.

Hvaldimir — a belgua whale (and alleged former Russian spy) — has been spotted in Sweden this week, reheating international concern regarding how best to deal with the free-roaming former intelligence asset.

Hvaldimir was first seen in 2019 by Norwegian fishermen who removed his Russian-made harness. He’s since become a local celebrity around the Norwegian coast, seeking human interaction and retrieving fallen mobile phones from the ocean floor.


W
External Link
Microsoft says suspicious code coursing through our old routers is linked to Chinese state surveillance of the US.

The company says a group called Volt Typhoon has been targeting critical US infrastructure, notably in Guam, since 2021 with information-gathering code. The group’s traffic has been routed through ordinary routers and other edge networking gear, which often never get updated.

Microsoft says its access could be leveraged for attacks on utilities and that shutting it down could be difficult. The New York Times has a good write-up. As always, update your tech, folks.


E
External Link
Proton takes on Google One with its new $20 / month family plan.

The plan supports up to six users and includes up to 3TB of storage space (along with 20GB of bonus storage every year) across Proton’s Mail, Drive, and Calendar apps.

It will eventually include Proton Pass as well, the company’s new end-to-end encrypted password manager. To compare, Google One’s highest plan costs $9.99 per month for 2TB of storage and other perks.


S
Twitter
Tell your grandma, tell your employees: AI means they can’t trust their ears anymore.

That’s the takeaway from this 60 Minutes report. And if your son/daughter/favorite nephew calls asking for emergency cash, definitely ask them a question that only they can answer.


R
Twitter
Google isn’t waiting to get the May Pixel / Android security updates out.

For anyone keeping their Android phone current with the latest patches, Google has two new patch levels, dated for the first and the fifth of this month, to address security issues discovered on the platform; you can get all the info on those right here.

And for Google Pixel owners, here are the details on the May update, which is supposed to improve touch screen response on the Pixel 7 Pro and address a glitch that could make lock screen elements overlap with the home screen launcher UI.


A
External Link
Airport USB chargers probably won’t hack your phone.

I’ve been hearing this as received wisdom for years: never plug your phone into the USB charging ports at hotels or airports, because hackers will hijack it. But an Ars Technica deep dive concludes that while this is possible, it’s very complicated — and for the average person, not much of a threat.

“At a high level, if nobody can point to a real-world example of it actually happening in public spaces, then it’s not something that is worth stressing about for the general public,” Mike Grover, a researcher who designs offensive hacking tools and does offensive hacking research for large companies, said.


B
The Verge
Google’s 2FA app now syncs with your account — but what if you don’t want it to?

Authenticator, which enables you to protect your apps with 2FA, now syncs with your Google account so that it’s a lot easier to switch phones. But what if you don’t want it to? And what if you change your mind later? Here’s how to enable or disable the new sync feature, and how to move your Authenticator codes to a new phone if you chose not to sync.