The endless cybercriminal The cat-and-mouse game continued this week with an international collaborative law enforcement operation, Dark HunTor, which resulted in 150 arrests of alleged dark web vendors, as well as the seizure of 31 , $ 6 million in cash and cryptocurrency, and 230 kilograms of drugs. The action focused on sellers who had peddled their wares into the dark web DarkMarket, which German police closed in January. Meanwhile, the ransomware gangs continued their rampage. Russian group Grief, apparently a front for the Evil Corp ransomware gang, claimed to have hit the National Rifle Association this week. The apparent incident is the latest in a series of attacks in which victims must consider the potential ramifications of violating sanctions if they are to pay their way out.
UK digital identity company Yoti says its machine-learning-based image analysis tool can predict the ages of people between 6 and 60 years old. The tool could be used to enforce minimum ages on platforms and keep children safe online, but it raises questions how digital surveillance is too. Blind and visually impaired people have again won a DMCA exemption that allows them to break digital rights management protections on eBooks and create accessible versions. But the exemption is still temporary, and defenders will have to fight to win it back in three years. They say the measure should be permanent.
Google’s Pixel 6 and 6 Pro have advanced security features, thanks to their Tensor processors, Google’s first custom-designed Pixel-on-Chip system. If you’re more in need of Windows security tips, we’ve rounded up 11 of the most important settings to focus on. Plus, we have updated recommendations if you’re looking for a trustworthy VPN.
And there’s more ! Each week, we put together all the security news that WIRED hasn’t covered in depth. Click on the titles to read the full stories and stay safe.
The Russian foreign intelligence service SVR hacking group known as Nobelium and Cozy Bear has targeted a new wave of international IT companies integrated into the global supply chain, according to a warning from Microsoft this week. As it infamously did with network management services company SolarWinds in 2020, the group seeks to compromise key, but often relatively obscure, tech companies as a quiet springboard to attack the target company’s own customers. This time around, Tom Burt, vice president of customer security and customer trust at Microsoft, said Nobelium was targeting managed cloud service providers and technology resellers. Burt says Nobelium has been prolific all summer. Between July 1 and October 19, the company informed 609 customers that they had been attacked 22,868 times by the group, roughly the same number of attacks Microsoft saw from Cozy Bear during of the previous three years combined. Burt adds, however, that all of this recent targeting has had a “single-digit success rate.”
“This recent activity is another indicator that Russia is trying to gain systematic long-term access to various points in the technology supply chain and to establish a mechanism to monitor – now or in the future – targets of ‘interest in the Russian government, “Burt wrote. The spies will spy.
A hack on Tuesday targeting gas stations in Iran shut down virtually all subsidized payment terminals at the pump for days, leading to long queues and upheaval. “There should be serious preparation in the area of cyber warfare, and the agencies concerned should not allow the enemy to pursue their worrying objectives,” Iranian President Ebrahim Raisi said. No one claimed responsibility for the attack and Raisi did not attribute it, but said he believed anti-Iranian actors were behind the attack. During the attack, payment terminals reportedly read “cyberattack 64411”, a reference to a religious hotline run by the office of Supreme Leader Ayatollah Ali Khamenei. The number “64411” also appeared in a July attack on Iran’s National Railway.
Europol on Friday announced the arrest of 12 people suspected of links to ransomware attacks against businesses and critical infrastructure that have allegedly affected more than 1,800 people in 71 countries. Law enforcement in eight countries joined in the action and seized more than $ 52,000 in cash, five luxury vehicles and a multitude of electronic devices. The attacks used a range of ransomware, including LockerGoga, MegaCortex, and Dharma.
A bug in the Docket medical records application exposed data from residents of New Jersey and Utah vaccinated against Covid-19. Both states have specifically approved the app, which allows people to download a digitally signed version of their paper vaccination card. Like other “vaccine passports”, Docket allows users to access their vaccination record in the form of a visible card or scannable QR code. The vulnerability allows anyone to access other users’ QR codes and corresponding personal data. This included names, dates of birth and vaccination information such as date of vaccination and brand used. TechCrunch discovered the bug on Tuesday and notified the company that day. Docket said within hours that he fixed the bug by making changes at the server level. The company is reviewing its logs to see if anyone visibly abused the flaw before it was disclosed.
More great WIRED stories