Endless drumbeat High-profile ransomware attacks continued this week, but Google’s Threat Analysis Group has also raised awareness of cunning “pass-the-cookie” attacks used by hackers in recent years. To hijack prominent YouTube channels. While such attacks are not new, Google has taken significant concerted action to curb the trend. Compromised YouTube channels have been used to broadcast cryptocurrency scams and other misinformation.
Meanwhile, the International Organization for Standardization last week released its first set of sex toy manufacturing guidelines, a major step towards establishing minimum safety standards across the industry. Although the document ISO 3533 or “Sex toys: design and safety requirements for products in direct contact with the genitals, anus or both” is significant, Does not set clear guidelines for digital security or privacy, Both areas where there are already sex toys Significant and influential stumbling block.
If you’re thinking about account security and want a simple weekend project to get things right, double check if you have Enables two-factor authentication It is given everywhere. And if you want to go into authentication apps, say Twilio Authy from Google Authenticator, we got one Guide to doing it easily without losing access anywhere.
But wait, there’s more. Every week we collect all the security news that Wired has not covered deeply. Click the title to read the full story, and stay safe there.
The notorious Russia-based Ransomware gang Reveal was responsible for this JBS meat attack in June And Kosaya compromises the software In July, it was hacked by a consortium of government law enforcement groups and dropped offline. The FBI, U.S. Cyber Command, and the Secret Service have worked with other government partners on a project to destroy REvil’s infrastructure. After the Cassia breach and the resulting ransomware attack in July, the FBI itself was able to seize a public decryption from REVIL. But officials have blocked the tool so they do not disclose their access to REvil’s infrastructure. After some of the gang’s platforms went offline in July, members recovered from their backups in September and inadvertently restored law enforcement system access in the process, opening the door to a takedown. REvil’s website and data leaking platform “Happy Blog” are no longer accessible.
The Sinclair Broadcast Group, the second-largest television station operator in the United States, suffered a ransomware attack earlier this week that affected the company’s operations and broadcasts. Malicious encryption tool used in attacks A similar one used earlier By Authorized Russian criminal gang Evil Corp.. Malware has been blamed on gangs in the past. Sinclair struggled to stabilize its operations throughout the week, and employees reported a chaotic situation as stations worked to maintain their broadcasts. “Our focus is on a third-party cybersecurity firm, other incident response professionals, law enforcement and as part of our investigation into this incident, and continue to work closely with government agencies,” Sinclair said in a statement on Thursday.
A hacker apparently compromised with Argentine Registro Nacional de las Personas, stealing all Argentine personal information. The trove is now personally promoting for sale in the criminal cycle. The breach occurred last month and targeted government IT networks, also known as RENAPER, to access the database. The agency issues national identity cards, and other government agencies may ask for its database. Government officials said, a Statement Attackers that exploit a vulnerability consist of a legitimate user account to access the database instead of hacking it. The first signs of the breach came in early October when a newly created Twitter account posted pictures and other personal information of 44 prominent Argentine ID cards, including President Alberto Fernandez and football stars Lionel Messi and Sergio Aguero.
On Thursday, the Federal Trade Commission called on six major U.S.-based Internet service providers to practice their shady data management and lack meaningful privacy and security controls. The study focuses on AT&T Mobility, Celco Partnership (Verizon Wireless), Charter Communications Operating, Comcast (Exfinity), T-Mobile US and Google Fiber. ISPs do not clear their privacy practices, the FTC is available and do not adequately disclose how they use customer data. The investigation further indicated that making it challenging for services to opt out of their customers ’data collection.
Things have happened Well known for years, But the efforts of the public and private sectors to prevent such abuses have clearly not gone far enough. “While consumers must expect that ISPs will collect specific information about the websites they visit as part of the provision of Internet services, they will probably be surprised at the amount of data collected and aggregated for purposes not related to the provision of the services they request.” “In particular, browsing data, television viewing history, email and search content, data from connected devices, location information and race and ethnic data,” the FTC report wrote.
More great cable stories