your website Access can reveal (almost) everything about you. If you’re looking for health information, reading about unions, or researching the details of certain types of crimes, you’re potentially revealing a wealth of details about yourself that could be used by malicious actors against you. This week researchers detailed a new attack that uses the basic functionality of the web to expose anonymous users online. The hacker uses common web browser capabilities (included in every major browser) and CPU capabilities to analyze whether you are logged into services like Twitter or Facebook and subsequently identify you.
Elsewhere, we detailed how the Russian “hacktivist” group Killnet targeted countries that supported Ukraine but were not directly involved in the war. In recent months, Killnet has launched DDoS attacks against official government websites and businesses in Germany, the United States, Italy, Romania, Norway, and Lithuania. It’s just one of the pro-Russian hacking groups that are causing chaos.
We also examine India’s new privacy scandal in which donors to nonprofits handed over their details and information to the police without their consent. We also looked at new “Retbleed” attacks that can steal data from Intel and AMD chips. We took stock of the ongoing committee hearing on January 6 and predicted what to expect.
But that’s not all. Every week we gather news that we don’t break or cover in depth. Click on the title to read the full text. And stay safe outside!
Ring, the Amazon-owned security camera company, has been building relationships with law enforcement for years. By early 2021, Amazon had forged more than 2,000 partnerships with police and fire departments across the U.S., building a vast surveillance network that officials could request for video to help with investigations. In the UK, Ring has partnered with police to give away cameras to local residents.
This week, Amazon admitted to handing over police footage recorded with Ring cameras without the owner’s permission. Ring has provided footage to law enforcement officials at least 11 times this year, as first reported by Politico. This is the first time the company has admitted to passing on data without consent or authorization. The move will raise further concerns about Ring cameras, which campaign groups and lawmakers have criticized for violating people’s privacy and making surveillance technology ubiquitous. In response, Ring said it would not give anyone “unrestricted” access to customer data or video, but could hand over data without permission in an emergency where there is an imminent risk of death or damage to the company. Risk of serious injury to persons.
In 2017, the Vault 7 breach exposed the CIA’s most secretive and powerful hacking tools. Documents released by WikiLeaks show how the agency hacked Macs, your router, your TV and a whole bunch of other devices. Investigators quickly pointed the finger at Joshua Schulte, a hacker in the CIA’s Operational Support Branch (OSB), which looks for vulnerabilities that could be used for CIA missions. Schulte has now been found guilty of leaking the Vault 7 files to Wikileaks and could face decades in prison. Schulte was found guilty of all nine charges against him this week after a failed trial earlier in 2018. A few weeks before his second trial, The New Yorker Published this comprehensive feature exploring Schulte’s dark history and how the CIA’s OSB worked.
Hackers linked to China, Iran and North Korea have been targeting journalists and the media, according to new research from security firm Proofpoint. In addition to trying to compromise the official accounts of members of the media, multiple Iranian hacking groups are posing as journalists and trying to trick people into handing over their online account details, Proofpoint said. The Iran-linked group Charming Kitten has sent detailed interview requests to its potential hacking targets, and they have also attempted to impersonate several Western news outlets. “This social engineering strategy successfully exploits the human desire for recognition and is exploited by APT participants who wish to target academia and foreign policy experts around the world, possibly for sensitive information,” Proofpoint said.
In any company or organization, items get lost from time to time. Often these are misplaced phones, security passes, and the occasional document that has been mistakenly left at a bus stop. Losing any of these things can be a security risk if the device is unsecured or sensitive information is made public. A less common loss is a desktop computer — unless you’re the FBI.According to FBI records obtained by VICE motherboard, the agency lost 200 desktops between July 2021 and December 2021. Some body armor and night vision goggles were also lost, or in some cases stolen.
The scam doesn’t get more complicated than this. Indian police busted a fake ‘Indian Premier League’ cricket tournament this week. A group of alleged scammers have set up a fake league in the western Indian state of Gujarat and hired young people to play cricket matches, pretending to be professional teams, while streaming the games for people to place bets on. According to police, the group hired a fake commentator, created screen graphics showing live scores and played crowd noise downloaded from the internet. To hide the fact that the game was played on a farm rather than a large stadium, the video only shows close-ups of the game. Police said they captured the gang while the quarter-finals were in progress. Police believe the gang may operate multiple leagues and plans to expand to volleyball leagues.The game screen is worth seeing.