Someone Took a Card Skimmer To Costco to Steal Shopper Data
This week, security Researchers from Google have discovered a so -called watering hole attack there is no choice but to target Apple devices in Hong Kong. Hackers have compromised media and pro-democracy websites in the region to distribute malware to any visitor from an iPhone or Mac, setting up a backdoor that allows them to steal data, download file, and so on. Google did not blame the campaign on any specific actor, but noted that “activity and targeting are consistent with a government-sponsored actor.” The incident echoed the 2019 revelation that China is targeting thousands of iPhones in the same way—At the time, it was a wake-up call that iOS security wasn’t as infallible as it turned out.
The Justice Department also announced the most important ransomware enforcement actions, arrests an alleged hacker associated with the infamous REvil group and seizing $ 6.1 million in cryptocurrency from another. There is still a long way to go to prevent the broader threat of ransomware, but showing that law enforcement can get the result is an important start.
If you are aware of that TikTok pushes you to connect more with friends and family—Instead of limiting your feed to talent and attractive strangers — you are not alone. The platform has taken some unprecedented steps in recent months to find out who your friends are in real life, raising concerns about privacy and whether TikTok’s changes could be disruptive. what attracted the social network in the first place.
Finally, at this week’s RE: WIRED conference we spoke with Jen Easterly, director of the Cybersecurity and Information Security Agency, about the challenges she faces and the U.S. government as a whole from more complex enemies. Reaching the ranks through the NSA and Pentagon, Easterly is used in offensive cyber operations. His job now? Play defense. Best, he says, with the help of the wider hacker community.
And many more! Every week we gather all the security news that is not covered by WIRED. Click on the titles to read the full stories, and stay safe there.
You can usually get along card-skimmer attacks— Pretending to be credit card readers to steal your payment information — with ATMs and gas bombs, to the extent that you think they are. But recently someone has put a card-skimming device in Costco’s warehouse, everywhere. An employee discovered interloping equipment during a “routine check,” according to a report from BleepingComputer. The company notifies people whose credit card information could be stolen. This is a good reminder to double check where you put your plastic — or put NFC charges.
Earlier this week, Robinhood revealed a “security incident” in which a hacker used social engineering to access the email list of 5 million people, the full names of 2 million people , and the name, date of birth, and zip codes of 310 people. . Motherboard goes on to report that the attackers actually accessed internal tools that could allow them to disable two-factor authentication for users, log them out of their accounts, and view their balance and trading information. Robinhood says customer accounts aren’t compromised, but that doesn’t help much with the fact that it can be done so quickly.
Spyware maker NSO Group is no stranger to recent controversies, and was recently placed on the U.S. Entity List because it allegedly “develops and supplies spyware to foreign governments that use these malicious tools. targeting government officials, journalists, businessmen, activists, academics, and embassy workers. ” Now, researchers at nonprofit Frontline Defenders say they found the company’s Pegasus malware on the phones of six Palestinian activists.They cannot completely tie the origin of the malware to a specific country or organization , but the incident is only the latest in a long line of spyware malware being used where it is clearly unnecessary.
More Great WIRED Stories