lorenzofb

@lorenzofb@infosec.exchange

Real-time cyber historian of the late capitalist era @TechCrunch. Tweets about infosec, surveillance by day. 🍕, ⚽️, 🎸, 🎮 by night.

☎️ Signal: +1 917 257 1382
💻 Wire/Keybase/Telegram: @ lorenzofb
✉️ lorenzo@techcrunch.com

Previously: VICE Motherboard, Mashable, WIRED's Danger Room.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

lcamtuf, (edited ) to random

deleted_by_author

    •
    lorenzofb,

    @lcamtuf What is "the European practice of authorizing interviews"?

    lorenzofb, to random

    NEW: Google caught government hackers targeting iPhone owners with zero-days and spyware made by Variston, a Barcelona-based startup.

    According to former Variston staff, the startup has lost multiple employees last year and is struggling.

    The zero-days were used to target people in Indonesia, according to Google.

    https://techcrunch.com/2024/02/06/government-hackers-targeted-iphones-owners-with-zero-days-google-says/

    lorenzofb, to random

    NEW: Here is Apple’s official ‘jailbroken’ iPhone for security researchers.

    In its instructions, Apple explicitly refers to it as "a jailbroken device," which is wild given the company's years-long war against the jailbreakers more than a decade ago.

    https://techcrunch.com/2024/02/01/here-is-apples-official-jailbroken-iphone-for-security-researchers/

    lorenzofb, to random

    NEW: Car rental giant Europcar says someone likely used ChatGPT to create a cache of fake stolen customer data.

    The data does look weird, and when I asked ChatGPT to generate a set of fake stolen personal data, it refused to assist me.

    The person who advertised the data on a hacking forum says it's real, but of course they would. And they didn't offer any evidence it is actually real.

    https://techcrunch.com/2024/01/31/europcar-says-someone-likely-used-chatgpt-to-promote-a-fake-data-breach/

    lorenzofb, to random

    NEW: Hackers stole around $112 million from a Ripple cryptocurrency wallet.

    Ripple co-founder said it was his wallet, and company PR said "Ripple was not impacted.” But it's unclear who actually owns the hacked wallet.

    This is the biggest crypto hack of the year, and twentieth largest ever, according to an organization that tracks crypto hacks.

    https://techcrunch.com/2024/01/31/hackers-steal-112-million-of-xrp-ripple-cryptocurrency/

    lorenzofb, to random

    What are your favorite unresolved cyber mysteries?

    Think some outstanding espionage operation we know almost nothing about, the identity of a hacker who's had a series of spectacular hacks and never faced the consequences, or things of that sort.

    lorenzofb, to random

    NEW: An Indian state government had a bug on its website that exposed citizens' ID cards, birth and marriage certificates, electricity bills and income statements, date of birth, gender, and father’s name.

    Bug is now fixed thanks to TechCrunch and a security researcher alerting the Indian Computer Emergency Response Team, or CERT-In..

    Story by @jagmeets13

    https://techcrunch.com/2024/01/28/india-rajasthan-government-jan-aadhaar-bug-fix/

    lorenzofb, to random

    NEW: Microsoft revealed that the recent campaign by Russian government hackers, which resulted in the theft of emails from company executives and cybersecurity employees, was much broader.

    The hackers also targeted an unspecified number of other companies, according to Microsoft.

    But the company hasn't said how many yet.

    https://techcrunch.com/2024/01/26/microsoft-says-russian-hackers-also-targeted-other-organizations/

    lorenzofb, to random

    NEW: 23andMe admitted that hackers broke into customers' accounts from April through September of 2023, and the company didn't detect the attacks.

    It's unclear how many accounts were targeted, but hackers were successful breaking into 14,000 accounts, which in turn gave them access to personal data of 6.9 million customers.

    Remember, 23andMe previously said this about the breach: "Users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe [...] The incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures."

    https://techcrunch.com/2024/01/25/23andme-admits-it-didnt-detect-cyberattacks-for-months/

    lorenzofb, to random

    NEW: Microsoft disclosed that it got hacked by Russian government hackers.

    Curiously, the hackers' goal appears to be to find out what Microsoft knows about them. Company says they broke into "a very small [%] of Microsoft corporate email accounts.”

    https://techcrunch.com/2024/01/19/hackers-breached-microsoft-to-find-out-what-microsoft-knows-about-them/

    lorenzofb, to random

    NEW: Gaza is going through its seventh day of a near-complete internet shutdown, according to multiple internet monitoring firms.

    This is the longest internet shutdown in Gaza since the beginning of the war, making life for citizens, humanitarian aid workers, and journalists even harder.

    I tried to reach out a telecom technician in Gaza via chat app, the message could not be delivered.

    https://techcrunch.com/2024/01/18/web-monitors-say-gaza-week-long-internet-outage-is-longest-yet/

    lorenzofb,

    We updated the story with a comment from Nebal Farsekh, spokesperson for the Palestine Red Crescent.

    Farsekh explained how the internet shutdown is affecting humanitarian aid on the ground, making it harder for wounded to call ambulances.

    https://techcrunch.com/2024/01/18/web-monitors-say-gaza-week-long-internet-outage-is-longest-yet/

    lorenzofb, to random

    NEW: Anyone can see how many devices you are using WhatsApp on.

    While it's not the most private information, it can be used to better tailor attacks against targets, or infer where you are using WhatsApp, according to digital security experts.

    WhatsApp says this is just how the app is designed, and there's nothing to change or fix here.

    https://techcrunch.com/2024/01/17/psa-whatsapp-number-desktop-computer/

    lorenzofb, to random

    NEW: Hackers stole the customer information — full names, email addresses and balances owed — of customers of laptop maker Framework.

    The hack was against a Framework accounting partner, which was phished and sent over a spreadsheet with customer data.

    “On January 9th, at 4:27am PST, the attacker sent an email to the accountant impersonating our CEO asking for Accounts Receivable information pertaining to outstanding balances for Framework purchases,” Framework told customers.

    by @carlypage

    https://techcrunch.com/2024/01/12/framework-customer-data-stolen-phishing-keating-accounting/

    lorenzofb, to random

    NEW: 23andMe is blaming customers for the data breach that affected 6.9 million customers.

    We saw a letter 23andMe sent to a group of victims that is suing the company, which shows what strategy the company will use in these lawsuits: blame the victims.

    “Users negligently recycled and failed to update their passwords following these past security incidents, which are unrelated to 23andMe.”

    “Therefore, the incident was not a result of 23andMe’s alleged failure to maintain reasonable security measures,” the letter reads.

    https://techcrunch.com/2024/01/03/23andme-tells-victims-its-their-fault-that-their-data-was-breached/

    lorenzofb, to random

    This year we have resumed the tradition of highlighting our favorite cybersecurity stories written by our friendly competitors.

    Check them out to take a look back on the world of cyber in 2023.

    https://techcrunch.com/2023/12/22/techcrunch-security-desk-jealousy-list/

    lorenzofb, to random

    NEW: Hackers have compromised the software library created by crypto company Ledger in a supply chain attack.

    The malicious version of the library was pushed to all Ledger users, who would give hackers control of their crypto if they accepted the push.

    At this point it's unclear how many people fell for it. A crypto investigator found one victim who has around $600,000 in crypto compromised.

    https://techcrunch.com/2023/12/14/supply-chain-attack-targeting-ledger-crypto-wallet-leaves-users-hacked/

    lorenzofb,

    UPDATE: Ledger has shared more details of the attack.

    In short, according to Ledger:

    • Hackers compromised ex Ledger employer developer account.
    • Pushed out malicious update to "reroute funds to a hacker wallet."
    • Ledger has now pushed genuine update.

    https://techcrunch.com/2023/12/14/supply-chain-attack-targeting-ledger-crypto-wallet-leaves-users-hacked/

    lorenzofb, to random

    NEW: Microsoft has disrupted a Vietnam-based cybercrime operation that sold fake social media accounts to the Scattered Spider hacking group, responsible for the MGM and Okta hacks.

    Another data point that links Scattered Spider with the larger cybercrime ecosystem.

    Previous reporting by @404mediaco and others showed Scattered Spider has links to ALPHV.

    https://techcrunch.com/2023/12/14/microsoft-disrupts-cybercrime-operation-selling-fraudulent-accounts-to-notorious-hacking-gang/

    lorenzofb, to random

    NEW: Bitcoin ATM company Coin Cloud got hacked at some point in the last year, but the hack is shrouded in mystery.

    We spoke to the owner of the company that acquired Coin Cloud and he said the company "has been hacked multiple times in the past."

    "It’s impossible to really say when the data was compromised or who did it. So many vendors and internal employees had access to it that it could have happened at many different times over the years,” he said.

    https://techcrunch.com/2023/12/12/bitcoin-atm-company-coin-cloud-got-hacked/

    lorenzofb, to random

    NEW: 23andMe' changes to its terms of service after data breach are "cynical," "self-serving," and a "a desperate attempt" to protect itself from customers' legal actions.

    I spoke to three lawyers who broke down what these changes mean, and what customers can do.

    In short, 23andMe wants to deter customers from filing both class actions lawsuits as well as mass arbitration demands.

    https://techcrunch.com/2023/12/11/23andme-changes-to-terms-of-service-are-cynical-and-self-serving-lawyers-say/

    lorenzofb, to random

    NEW: The U.S. government indicted two Russian hackers accusing them of participating in a years-long cyber espionage campaigns against Western governments.

    Hackers allegedly carried out a hack-and-leak operation ahead of 2019 U.K. elections, per DOJ.

    Both U.K. and U.S. governments also announced sanctions against the two hackers.

    https://techcrunch.com/2023/12/07/us-indicts-alleged-russian-hackers-for-years-long-cyber-espionage-campaign-against-western-countries/

    lorenzofb, to random

    NEW: Apple says it's not aware of any cases where someone who uses Lockdown Mode got hacked.

    Lockdown Mode is designed to make it harder to compromise iPhones and other Apple devices. And the company believes nobody has been able to get around it yet.

    This suggests that “Lockdown Mode is the best defense we have today against Pegasus and Predator,” as a digital security expert said recently.

    https://techcrunch.com/2023/12/07/apple-says-it-is-not-aware-anyone-using-lockdown-mode-got-hacked/

    lorenzofb, to random

    NEW: CISA said a U.S. federal government agency got hacked because it was using end-of-life software.

    The damage was limited, as it appeared the hackers only did reconnaissance, and Windows Defender quarantined the hackers' activities.

    Still...earlier this year CISA asked all government agencies to patch the vulnerability exploited in this attack by April 5.

    https://techcrunch.com/2023/12/06/cisa-says-us-government-agency-was-hacked-thanks-to-end-of-life-software/

    lorenzofb, to random

    NEW: Today, we say goodbye to Facebook's PGP encrypted emails.

    In 2015, Facebook gave users the chance to use their public PGP key to get encrypted emails from the social network.

    Now the company is deprecating the feature.

    RIP.

    https://techcrunch.com/2023/12/05/used-by-only-a-few-nerds-facebook-kills-pgp-encrypted-emails/

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • everett
  • magazineikmin
  • osvaldo12
  • ethstaker
  • thenastyranch
  • rosin
  • Youngstown
  • GTA5RPClips
  • slotface
  • mdbf
  • kavyap
  • ngwrru68w68
  • DreamBathrooms
  • JUstTest
  • Durango
  • InstantRegret
  • tester
  • cisconetworking
  • cubers
  • tacticalgear
  • modclub
  • khanakhh
  • anitta
  • provamag3
  • Leos
  • normalnudes
  • lostlight
  • All magazines
    •