Pro IQRA News Updates.
In December 2020, security giant Mandiant revealed that it had been hacked. Its disclosure was the first public sign of the SolarWinds hack, an attack on a Russian organization’s supply chain widely seen as one of the largest espionage breaches ever. Among its victims were the US Departments of Homeland Security, Energy and Justice. This explosive account of the historic SolarWinds attack, from Kim Zetter, charts the ways the hackers carried out the attack — and how they were eventually caught.
Anti-abortion group the American College of Pediatricians (ACPeds) suffered a major data breach this week. The Doctors’ Organization, which sued the US government to ban the abortion drug mifepristone, left Google Drive unsecured on its website, exposing decades of email exchanges, financial and tax records and more sensitive data. The details give an unprecedented view of the organization, which has been described as a “hate group” because of its views on LGBT people. While ACPeds — which is not a school at all — describes itself as a “scientific organization,” the leaked records show its strongly evangelical Christian message.
Security experts have promised a future where passwords will cease to exist in the better part of a decade. However, reality took a huge step forward this week — really! — as Google launched passkey logins for billions of people. This technology uses encryption keys stored on your devices to replace old, insecure passwords.
Elsewhere, police in the United States, Europe and nine other countries have arrested 288 people for their involvement in drug markets on the dark web, including the Monopoly Market, which was quietly shut down in 2021. Facebook Meta owner has added new tools to his site. Business accounts in an effort to thwart their abuse by bad actors, including who could become an account administrator and access lines of credit.
but that is not all. Each week, we collect news that we haven’t reported in depth. Click on the titles to read the full stories. And stay safe there.
Russian ships with underwater operations equipment were identified as being close to the sites of the Nord Stream gas pipeline explosions in the days leading up to the explosions, according to a joint investigation from national broadcasters in Denmark, Norway, Sweden and Finland. Journalists at the publication combined intercepted radio transmissions from the ships with satellite imagery to determine their locations and track their paths. This is the latest example of investigators assembling various sources of data, from various unconnected sources, to uncover new details about real-world events.
According to the investigation, three ships sailed from naval bases in Russia near the blast sites in June and September 2022. All of the ships had turned off AIS services to track their locations, an action often described as “darkness” and commonly used for disguising activity. Among the ships were the naval research vessel Siberiakov and a tugboat called the SB-123, which is said to be capable of launching mini-submarines. (In November 2022, Wired reported “ghost ships” around the time of the eruptions, but had no information on their identity.)
Separately, another Russian ship, the SS-750, was near pipelines four days before it was blown up. In response to a public records request, the Danish Defense Command confirmed to the information site, Danish News, that it had 26 photos of the SS-750 near the sites.
Since the explosions at Nord Stream 1 and 2 pipelines in September, there has been no official confirmation, with supporting evidence, of who might be behind the explosions. The investigation by Northern Journalists says the ships’ behavior was unusual, but does not conclude what they were doing near the Nord Stream sites. Russia denied involvement in the attacks, pointing fingers at both the United Kingdom and the United States. Other reports claimed that a pro-Ukrainian group may have carried out the attack, which Ukraine denied. Official investigations into the blasts are still underway in several European countries and the exact cause of the blasts is still unclear.
The US Federal Trade Commission plans a “blanket ban” on Meta and its companies — Instagram, Messenger, Facebook, WhatsApp and VR company Horizon Worlds — from making money off the data of people under the age of 18. The Company will not be able to use the data received from these users to show them targeted advertisements and can only use the information it collects to provide its services or for security purposes. The FTC also says that Meta will not be able to begin using data collected before people turn 18 for commercial purposes.
The proposal comes as the Federal Trade Commission alleged that Meta did not comply with a prior 2020 privacy order it agreed to as part of a $5 billion settlement. In a statement, the FTC said Meta “misled parents about their ability to control who their children communicate with through the Messenger Kids app, and misrepresented the access it provided some app developers to private user data.” The proposed changes would be an adjustment to a previous FTC request, and it says it could also limit how Meta uses facial recognition technology and require it to provide additional protections for users. Mark Zuckerberg’s company has 30 days to respond to the Federal Trade Commission, which may then change its plans.
How do you know if you are being followed using an AirTag? If you have an iPhone running a new version of iOS, you should get instant notifications if an AirTag that doesn’t belong to you is following you. However, if you own an Android device, you have to go through the extra step of downloading an app to detect if you’re being tracked — a heavy burden for people in potentially abusive situations. Apple and Google said this week that they are now working together to create a common standard for all phones to detect Bluetooth trackers that are being used to stalk or harass people. The proposal is also supported by Samsung and Bluetooth tracker manufacturers. This plan comes years after Apple’s cheap devices were first released without the additional privacy protections Apple added after launching AirTags.
In 2017, the NotPetya cyberattack — the most destructive in history — caused more than $10 billion in damages to the businesses and organizations it affected. Among them was pharmaceutical giant Merck, which lost hundreds of millions of dollars as a result of the malware. This week, a New Jersey court ruled that Merck’s insurers must cover losses caused by the cyberattack. Insurers argued that the use of malware, which has been linked to Russia, should be considered a warlike act and, as a result, would not fall under insurance policies.
The judges did not agree. “The exclusion of damages caused by hostile or warlike actions by a government or sovereign authority in times of war or peace requires intervention in military action,” they wrote in the resolution. Coverage here cannot be ruled out unless we extend the meaning of the word ‘hostile’ to its outer limits. The decision comes as US President Joe Biden’s administration looks to shift responsibility for security issues to affected companies.
Whether you know it or not, your car is a data gold mine. Within a few minutes it is possible to ‘fingerprint’ you based on the data your car collects. Some consider the amount of data exposed to vehicles a threat to national security. A new free tool, from vehicle privacy company Privacy4Cars, aims to reveal how much data your car and its manufacturer can collect about you. Entering your vehicle identification number (VIN) into the tool will tell you whether your vehicle is collecting “identifiers, location data, biometrics, and data synced from cell phones,” as well as what data manufacturers sell to third parties, such as data brokers.
.