As stated With the far-reaching implications of the United States Supreme Court’s decision in June to strike down the constitutional right to abortion, WIRED examined the privacy risks posed by widely deployed automated license plate readers as the risk of prosecution for seeking abortions across the country. The researchers highlighted the value of digital self-defense end-to-end encryption anywhere in the world, as civil rights protections and law enforcement powers evolve.
Apple this week announced a new protection known as “Lockdown Mode” for iOS 16 that will allow users to choose to run their phone in a more restricted but secure mode if they are at risk of an invasive spyware attack. Researchers say new encryption algorithms announced by the National Institute of Standards and Technology, which are designed to be immune to quantum computers, will be difficult to test in any practical sense for years to come.
We’ve looked at how users can protect themselves from the worst Instagram scams and looked back at the worst hacks and data breaches of 2022 so far, with many more inevitably to come.
But that’s not all. Each week we round up news that we haven’t published or covered in detail. Click on the headlines to read the full stories. And stay safe out there!
In one of the most extensive and impactful personal data breaches of all time, attackers took information on nearly a billion Chinese citizens from a Shanghai police database and tried to extort the department for about $200,000. The database includes names, phone numbers, government ID numbers and police reports. The researchers found that the database itself was secure, but that the control panel was publicly available from the open internet, allowing anyone with basic technical skills to retrieve the information without needing a password. The scale of the breach is massive, and it’s the first of this magnitude to hit the Chinese government, which is known for amassing massive amounts of data, not just on its own citizens, but on people around the world. China was memorably responsible for the United States Office of Personnel Management breach and the Equifax credit bureau breach, among many others around the world.
FBI Director Christopher Wray and the head of Britain’s MI5 security agency, Ken McCallum, issued a joint warning this week that China is, as Wray said, “the greatest long-term threat to our economic and national security.” The two pointed out that China has conducted extensive espionage around the world and interfered in elections and other political processes. Wray noted that if China moved to seize Taiwan, it would “represent one of the most terrible disruptions of business the world has ever seen.” McCallum said that since 2019, MI5 has more than doubled its focus on China and is now conducting seven times as many investigations into the Chinese Community Party as it did in 2018. The China Threat Theory.” He added that MI5 should “dismiss imaginary demons”.
The HackerOne bug bounty program, which manages vulnerability submissions and bounty programs for companies, fired an employee this week for stealing vulnerability data submitted through the platform and submitting it to affected companies to recover the bounty for personal gain. HackerOne discovered the scheme when a client company flagged a vulnerability disclosure that was suspiciously similar to one it received in June from another researcher. The rogue employee, who was new to the company, had access to the HackerOne platform from April 4 to June 23 and made seven vulnerability disclosures using stolen research. “This is a clear violation of our values, our culture, our policies and our employment agreements,” HackerOne wrote in a report on the incident. “We have since terminated the employee and further strengthened our defenses to avoid similar situations in the future.”
The US Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the Treasury Department announced in a joint warning this week that North Korean hackers are targeting the healthcare and public health sectors with a little-known Maui ransomware strain. They warned that paying such ransoms could violate US sanctions. “North Korean state-sponsored cyber actors used the Maui ransomware in these incidents to encrypt servers responsible for healthcare services – including electronic health record services, diagnostic services, imaging services, and intranet services,” the warning said. “In some cases, these incidents have disrupted services provided by targeted HPH sector organizations for extended periods.”