The week in security news began much as you’d expect: still trying to make sense of the redacted Mueller report, which was released to congress late last week. Garrett M. Graff’s takeaways? The report makes clear that Trump was worse than a “useful stupid, ” along with 14 other revelations you may have missed.
After a terrifying string of bombings left more than 300 people dead in Sri Lanka over the weekend, the government there obstructed US tech platforms in order to quell the dissemination of misinformation. Civil rights experts informed that despite the damaging character social media has played in spreading savagery and propaganda, this was the incorrect move.
Things speedily veered away from the geopolitical and towards the familiar province of terrifying hackers, including 2 that almost sound like hackers are actually reading subconscious( they &# x27; re not ). First, a blockchain bandit is guessing people’s private keys and constituting off with the funds; and next, hackers can tell exactly which Netflix Bandersnatch selects you see. Intruders have also sneaked malware into videogames via their render chain, which ain’t good. But GoDaddy took down 15, 000 spammy domains, which is good. And in even better information, there’s a pretty good set for the ever-escalating SIM card swap attack–but why isn’t the US utilizing it ?
If you haven’t already, do yourself a kindnes and read the jaw-dropping narrative of bitcoins and murder.
But that’s not all! Every Saturday we round up security information we didn’t break or reporting under in depth. As usual, click on the headlines to speak the full sections. And be safe out there.
Motherboard reports that a intruder travelling by the name L& M claims to have hacked into 7,000 iTrack and 20,000 ProTrack accounts–GPS tracking tools–and from there gained access to some vehicles &# x27; internal structures. The intruder says he could turn off autoes &# x27; engines as they drove under 12 miles an hour or were stopped. On all the vehicles, he was able to trail the cars as they drove. He got in by realizing that all users of those apps had been given the same default password. After brute-forcing millions of usernames, “hes in”. Motherboard proved the breach with four people whose message L& M listed in a test of the breached data he shared with the website. L& M says he did this to show the companies how compromised its own security is and that he has never remotely turned off a vehicle engine. So I guess that’s some convenience?
A brand-new report suggests yet another reason to worry about filling your residence with internet-of-things devices that listen, watch, and just waiting get hacked: Their peer-to-peer technology isn’t always fasten. According to security writer Brian Krebs, the iLnkP2P software made by Shenzhen Yunni Technology is inside thousands of IoT machines, like bells, cameras, and child monitors. It’s got a weakness that security researcher Paul Marrapese received and associates itself with Krebs. The software is supposed to make it easier for people to log in remotely to their IoT machines employing only a barcode to log in. Marrapese found that the software offers no encryption or authentication and constructs it very easy for hackers to connect directly with these devices. He told Krebs he found more than 2 million machines vulnerable to this kind of attempt. He intimates people can protect themselves by setting up a firewall that blocks traffic to the peer-to-peer port, but Krebs has an easier suggestion: “Avoid buy or applying IoT machines that advertise any P2P capabilities. ”
Despite backlash from privacy proponents across the world, the EU this week voted to do the damned thing. That thing being to merge a bunch of various types of biometric tracking databases for immigration, felony, and border patrol into a single shared database that borderline and law enforcement agencies agents can use to access biometric info for people. Once assembled, the database is part of the biggest “people-tracking databases in the nations of the world, ” according to ZDNet, containing the records of more than 350 million people. Those records will include both biometrics such, as fingerprints and facial scans, and identification information, like passport multitudes, names, and appointments of birth.