US The House of Representatives this week did little to clarify the specific concerns of lawmakers about the social media app TikTok over potential national security risks associated with the popular app, but it did highlight the shortcomings of the country’s federal data privacy laws. WIRED also reported that TikTok paid prominent influencers on the platform to attend a D.C. rally to support the service ahead of the hearing.
Meanwhile, as the impeachment of former US President Donald Trump in New York State is building, internet users have started creating AI images of Trump being arrested, but there are ways to tell if they are fake. WIRED investigates the brutal and desperate tactics of Iran’s government-backed hackers amid public protests and violence in the country. Citizens around the world are using open source data to separate fact from fiction in the mystery of who sabotaged the Nord Stream pipeline. And vulnerabilities continue to appear in the most popular photo cropping tools, exposing cropped images that can be traced back to some or all of the original image all over the world.
Plus, if you want to know what it’s like to be investigated by the US Secret Service and how to avoid that particular thrill, we have a full account.
And there is more. Each week, we round up security news that we haven’t covered in depth ourselves. Click on headlines to read full stories and stay safe there.
People in India’s Punjab state faced an internet blackout for days after police cut off communications as they searched for Sikh activist Amritpal Singh. Singh is a member of the Sikh Waris Punjab de Movement and recently absconded from arrest. More than 100 of his supporters were arrested. Punjab’s 27 million residents faced mobile data and SMS bans, as well as traffic filtering on some websites and services. For example, the government appears to have blocked prominent Sikh Twitter accounts, including that of poet Rupi Kaur and the non-profit United Sikhs. “Punjab Police India has continued its action against those wanted on criminal charges in Waris Punjab de bodies,” the Punjab government said on its Facebook page on Monday. “Amritpal Singh is still absconding, and efforts are on to nab him.” Protests erupted in Punjab and around the world following the treatment of Sikh Waris in Punjab by law enforcement and the internet shutdown.
A vulnerability in Fortra’s file transfer software, known as GoAnywhere, has been used repeatedly by the notorious Russia-based Klopp ransomware group to target dozens or possibly more than a hundred victims in recent days. A group of cybercriminals have added entries on many organizations to the dark web. TechCrunch confirmed on Thursday that the city of Toronto is one of the victims of the problem. “Today, the City of Toronto confirmed that unauthorized access to city data occurred through a third-party provider. Access is limited to files that cannot be processed by a third-party secure file transfer system,” officials said in a statement. TechCrush also obtained details of the problems with Fortra’s response to the vulnerability.
The company that runs Washington, D.C.’s health insurance marketplace DC HealthLink suffered a breach earlier this month that exposed confidential and personal information of tens of thousands of customers, including some U.S. lawmakers and congressional staffers. The information includes names, email addresses, dates of birth, mailing addresses, social security numbers and contact details. The D.C. Health Benefits Exchange Authority acknowledged the breach on March 7. The party claiming credit for the breach, which goes by the handle “Denfur”, posted samples from the attack on BreachForums. Danfur then shouted, “Glory to Russia!” He posted. And “the intended targets were US politicians and members of the US government.” In an interview with Cyberscope on an encrypted chat service, Denfur said he was not worried about harm from law enforcement. My country is trying to do a favor for America and myself or a team,” Denfur said. “The present brings uncertainty.
The “Pompompurin” administrator of the famous cybercriminal public forum BreachForums – Denfur used on DC Health Link was arrested in New York state earlier this month, but a new leader known as “Baphomet” was presented, planning to continue the platform. But on Tuesday, Baphomet reversed course, saying that someone had managed to get BreachForums support and that law enforcement could now monitor Pompompurin’s unique admin accounts. “This will be my last update on Breach as I have decided to close it,” Baphomet wrote. “I know this news won’t make anyone happy, but it’s the only safe decision right now if I can make sure the flies have a chance to use the apple machine.”
