After a few months of absence, the weekly new recap is back, and will now be published every Monday morning. As usual, it will go through the security, privacy, and darknet news of the past week.
I also published a new article on the blog last week, going through how you can configure a pfSense device to ensure better security and privacy in your home network. You can read more here.
APT#
** Russia warns of a “military clash” if it’s hit by US cyberattacks ** (The Record)
Shortly after the US Chief of Cyber Command announced that the US “conducted a series of operations to support Ukraine,” Russia’s foreign ministry warned that “The militarization of the information space by the West […] has greatly increased the threat of a direct military clash.”
Cryptocurrencies#
** How crypto giant Binance became a hub for hackers, fraudsters and drug traffickers ** (Reuters)
A recent Reuters investigation claims that Binance was used by criminals linked to Lazarus, Hydra, and others to launder more than USD 2.35 billion between 2017 and 2021. Binance claims that these numbers are not accurate.
Darknet#
AlphaBay Is Taking Over the Dark Web—Again (Wired)
Wired reports that Alphabay is or is close to becoming the number 1 dark market again. As of now, it is said to have more than 1,300 vendors listing a total of 30,000 products. While the numbers are allegedly growing fast, this is still a fraction of the 350,000 listings on the original Alphabay that closed in 2017.
General Security#
Apple’s Rapid Security Response will push faster updates that install on Macs without a reboot (The Verge)
If you have an Apple device, you probably hate updates because the installation takes ages, and you can’t use it meanwhile. It seems that most (?) updates will not require that anymore, and will be installable like a standard software update.
DOJ, FBI shut down marketplace for stolen Social Security numbers (The Record)
SSNOB, a marketplace selling American social security numbers was shut down by the FBI, IRS, and Justice Department, in cooperation with Cyprus and Latvia law enforcement agencies. The website is said to have generated more than USD 19M in sales revenues, and might have had some link with Jocker’s Stash, a carding website that was closed down in January 2021.
MIT researchers uncover ‘unpatchable’ flaw in Apple M1 chips (Tech Crunch)
Researchers found a vulnerability in Apple’s M1 processor chip that they named PACMAN. It can be used to corrupt the content of a memory location, and gain control of the system. The flaw works by guessing the pointer authentication code used by ARM pointer authentication, a last-line-of-defence mechanism used to protect memory pointers with cryptographic hashes. The flaw is not patchable but may not be an immediate cause of concern because it is not exploitable alone. Full paper here.
Privacy#
Firefox 102: Query Parameter Stripping improves privacy (GHacks)
Firefox will ship a new feature called “Query Parameter Stripping” in its next version (which will be released on the 28th of this month). It will allow removing tracking parameters from URLs.
** Bitwarden introduces integrations with email alias services ** (Reclaim the Net)
Bitwarden, a password manager, now integrates AnonAddy, Firefox Relay, and SimpleLogin to allow generating unique email addresses when creating a new entry.
** Google Photos face grouping has a new retention policy, thanks to $100 million lawsuit ** (9To5Google)
Google change the retention policy of facial recognition models in Google Photos after settling a USD 100M class-action lawsuit in Illinois. It now says that all the face models will be deleted from Google Photos if you delete pictures used to generate them, or if your account is inactive for more than two years.
Der Spiegel Says Telegram Gave User Data to German Police in Fight against Terrorism, Child Abuse (BitDefender)
Despite claiming that “to this day, [Telegram] has disclosed 0 bytes of user data to third parties, including governments,” the company reportedly released data of users accused of child abuse and terrorism to the German Federal Criminal Police office. A German investigator reported that getting data from Telegram for other kinds of offences is “still difficult.”
Makers of ad blockers and browser privacy extensions fear the end is near (The Register)
As of January 2023, Google Chrome will stop supporting extensions using Manifest v2. Google claims that forcing extensions to use Manifest v3 (first proposed by the company in 2018) is a move to protect users and their privacy, despite depreciating APIs used by developers of ad-blocking and privacy apps, sparking concerns.
** Bluetooth signals can be used to identify and track smartphones ** (UC San Diego)
A team of engineers at the University of California San Diego found that it might be possible to track individuals using their mobile phone Bluetooth fingerprint computed by using the defects of the hardware. According to an experiment with 647 devices, 47% of them had a unique fingerprint. Full paper here.
Interesting Reads#
- Anatomy of a DDoS amplification attack (Microsoft Security)
- Use of Cryptocurrency in Ransomware Attacks, Available Data, and National Security Concerns (US Senate Committee)
- UNREDACTED Magazine Issue 002
- Hacking a powered-off iPhone: vulnerabilities never sleep (Kaspersky)
- Geofence Warrants and Reverse Keyword Warrants are So Invasive, Even Big Tech Wants to Ban Them (EFF)
- Router security in 2021 (SecureList)
- The Surreal Case of a C.I.A. Hacker’s Revenge (The New Yorker)