A US House of Representatives hearing this week about social media app TikTok has done little to clarify lawmakers’ specific concerns about potential national security risks associated with the hugely popular app, but it has strongly point out the lack of federal data privacy legislation in the country. WIRED also discovered that TikTok was paying popular influencers on its platform to attend a DC rally in support of the service before the hearing.
Meanwhile, as a possible indictment of former US President Donald Trump looms in New York state, netizens have begun generate AI footage of Trump’s arrest, but there are ways to tell they’re fake. WIRED reviewed the increasingly aggressive and desperate tactics by Iranian government-backed hackers amid mass protests and unrest in the country. Citizen detectives around the world use open source intelligence to separate fact from fiction into the mystery of who sabotaged the Nord Stream pipeline. And vulnerabilities continue to appear in ultra-popular photo cropping toolsexposing a host of cropped images all over the world where part or all of the original image can be recovered.
Also, if you want know what it’s like to be investigated by the US Secret Service and how to avoid this particular pleasure— we have a full account.
And there’s more. Each week, we round up security news that we haven’t covered in depth ourselves. Click on the titles to read the full stories and stay safe there.
Residents of India’s Punjab state have been grappling with an internet blackout for days after police imposed a connectivity blackout while searching for Sikh activist Amritpal Singh. Singh is a member of the Sikh Waris Punjab De movement and recently escaped arrest. More than 100 of his supporters have been arrested. Punjab’s 27 million people faced blocking of mobile data and text messages as well as traffic filtering on some websites and services. For example, the government appears to have blocked access to prominent Sikh Twitter accounts, including that of poet Rupi Kaur and the non-profit organization United Sikhs. “Indian Punjab Police have continued their crackdown on Waris Punjab De elements wanted on criminal charges,” the Punjab government said in a Facebook post. job Monday. “Amritpal Singh remains a fugitive and efforts are being made to arrest him.” Protests have erupted in Punjab and around the world against law enforcement’s treatment of Sikh Waris Punjab De and the shutdown of the internet.
A vulnerability in Fortra’s file transfer software known as GoAnywhere has been repeatedly exploited by the notorious Russia-based Clop ransomware group to target dozens or even more than a hundred victims in recent days. The cybercrime group has added entries about numerous organizations to its dark website, where Clop tries to extort money from victims by posting samples of data they stole and threatening to disclose more if the targets don’t. not pay. TechCrunch confirmed Thursday that the city of Toronto is one of the victims of the frenzy. “Today, the City of Toronto confirmed that an unauthorized access to City data has occurred through a third-party vendor. Access is limited to files that could not be processed through the third-party secure file transfer system,” officials said in a statement. TechCrunch also details discovered on the issues with Fortra’s response to the discovery of the vulnerability.
The company that operates the Washington DC Health Insurance Marketplace DC Health Link suffered an offense at the beginning of the month which exposed sensitive and personal data of tens of thousands of customers in the region, including some US lawmakers and congressional staff. The information included names, email addresses, dates of birth, email addresses, social security numbers and policy details. The DC Health Benefit Exchange Authority acknowledged the breach on March 7. The entity that claimed the breach, which calls itself “Denfur”, posted sample data from the attack on BreachForums. Denfur then released “Glory to Russia!” and that “the intended target was American politicians and members of the American government”. In an interview with CyberScoop on an encrypted chat service, Denfur said he was not concerned about repercussions from law enforcement. my country is trying to do the United States a favor and I or my group are becoming a kind of bargaining chip,” Denfur said. “The current period brings uncertainty.”
The “pompompurin” alleged administrator of popular cybercrime public square BreachForums – the same site Denfur used against DC Health Link – was arrested in New York state earlier this month, but a new boss known as of “Baphomet” had come forward, claiming to have a plan to keep the platform running. On Tuesday, however, Baphomet reversed course, claiming that someone had gained access to the BreachForums backend and that law enforcement could now control pompompurin’s privileged administrator accounts. “This will be my last update on Breached, as I have decided to close it down,” Baphomet wrote. “I’m aware this news won’t sit well with anyone, but it’s the only safe decision now that I’ve confirmed the glowies likely have access to the Poms machine.”