We also examine how a new data ruling in Europe prevents Meta from sending data from the EU to the US, potentially causing app outages across the continent. However, the decisions also had wider implications: reforming U.S. surveillance laws.
Also this week, a new phone carrier launched with a specific goal: protecting your privacy. Invisv’s Pretty Good Phone Privacy or PGPP service separates phone users from an identifier linked to your device, which means it can’t track your mobile browsing or link you to a location. The service helps with a host of privacy concerns. If you want to take your security even further, here’s how to use Apple’s new Lockdown Mode in iOS 16.
But that’s not all. Every week, we highlight stories that we don’t cover in depth ourselves. Click on the title below to read the full story. And stay safe outside.
The Federal Trade Commission announced this week that it has begun developing new rules on data privacy in the United States. In a statement, FTC Chair Lina Khan emphasized the need for strong privacy rules to rein in the “surveillance economy,” which she said was opaque, manipulative, and responsible for “exacerbating… power imbalances.” Anyone can submit rules for consideration by the agency between now and mid-October. The FTC will hold a public “virtual event” on the issue on September 8.
Communications company Twilio said this week that “sophisticated” attackers successfully launched a phishing campaign against its employees. The identity management platform itself was hacked by the Lapsus$ hacking group earlier this year, with attackers sending text messages with malicious links containing words like “Okta.” Twilio later said the scheme allowed attackers to access the data of 125 customers. But the campaign didn’t stop there: Cloudflare later revealed that it was also a target of attackers — although they were blocked by the company’s hardware-based multi-factor authentication tool. As always, be careful what you click.
Elsewhere, enterprise tech giant Cisco disclosed that it fell victim to a ransomware attack. According to Talos, the company’s cybersecurity arm, the attackers compromised employees’ credentials after accessing personal Google accounts, and they were able to access credentials synced from their browsers. The attackers, identified as part of the Yanluowang ransomware gang, then “performed a series of sophisticated voice phishing attacks” in an attempt to trick victims into accepting multi-factor authentication requests, which were ultimately successful. The attackers lost access to critical internal systems and were eventually removed, Cisco said. However, the attackers claim to have stolen more than 3,000 files totaling 2.75 GB of data.
Meta’s WhatsApp is the world’s largest end-to-end encrypted messaging service. While it may not be the best encrypted messenger — you’ll want to use Signal for maximum protection — the app keeps billions of texts, photos, and phone calls safe from prying eyes. WhatsApp is now introducing some extra features to help improve people’s privacy on its app.
Later this month, you can leave a WhatsApp group without notifying all members of your departure. (Only group admins will be alerted). WhatsApp also allows you to choose who can see your “online” status and who can’t see your “online” status. Finally, the company is also testing a feature that will allow you to block screenshots of photos or videos sent using its “view once” feature, which destroys the message when it sees it. Here are some other ways to improve your privacy on WhatsApp.
Finally, security researcher Troy Hunt is probably best known for his Have I Been Pwned website, which allows you to check if your email address or phone number was included in 622 website data breaches, totaling 11,895,990,533 accounts. (Spoiler: it probably has.) Hunter’s latest project is getting revenge on email spammers. He created a system called Password Purgatory, which encourages spammers who email him to create an account on his website so they can work together to “really enhance the real-time experience.”
capture? It is not possible to meet all password requirements. Every time a spammer tries to create an account, they are told to skip more steps to create a correct password. For example: “Password must end in dog” or “Password must not end in ‘!’” A spammer spent 14 minutes trying to create an account, tried 34 passwords, and gave up: catCatdog1dogPeterdogbobcatdoglisadog.
