America’s Emergency Alert System Has Dangerous Flaws

Cryptocurrency tracing has become a key tool for law enforcement investigating everything from fraud and ransomware to child abuse. But its accuracy could soon be put to the test.

This week we reported on new court filings from the legal team representing Roman Sterlingov, who has been in jail for 15 months, accused of laundering $336 million in cryptocurrency as the alleged owner and operator of the mixer. bitcoin fog dark web cryptography. Sterlingov not only maintains that he is innocent, but his defense attorney claims that the blockchain analysis that served as evidence that Sterlingov set up Bitcoin Fog is flawed.

Elsewhere, we’ve highlighted Microsoft’s recently bolstered Morse bug-hunting team, which aims to catch flaws in the company’s software before they cause problems for the company’s billion users. . We dove into the spectacular failure of a new post-quantum encryption algorithm. We’ve listed all the big security updates you need from July, and we’ve detailed all the data Amazon’s Ring cameras collect about you.

Finally, a new report from cybersecurity firm Mandiant has revealed that an attack on the Albanian government bore the hallmarks of Iranian state-sponsored hacking – a notable moment of escalation in the history of cyber warfare, given that Albania is a member of NATO. And we ended up in the weeds of a Slack error that exposed hashed passwords for five years.

But that’s not all. Each week, we highlight news that we haven’t covered in depth ourselves. Click on the titles below to read the full stories. And stay safe there.

It’s not a test. The software used to transmit emergency alerts issued by the US government on television and radio contains flaws that could allow an attacker to broadcast false messages, according to the Federal Emergency Management Agency and researcher in security that discovered the vulnerabilities. The company that makes the software, Digital Alert Systems, has released patches, and FEMA has alerted television and radio networks that use the software to update their devices immediately. Of course, patches may not be universally adopted, putting the system at risk. There is no evidence that an attacker has exploited the flaws so far. But given the chaos false emergency alerts can cause, we’ll just have to hope it stays that way.

One major cryptocurrency theft in a week would be bad, and this week saw two. First, thanks to a flaw in the Nomad Bridge – a type of app that allows users to move digital tokens across blockchains that are prime targets for hackers –”hundreds“people were able to steal a total of $190 million in cryptocurrencies. nomad now said that anyone who returns 90% of the funds they swiped will be considered a “white hat” and can keep the remaining 10% as a bonus. Some $22 million of the stolen funds had been recovered so far.

The second crypto hack of the week came just a day later on Tuesday night, with hackers draining around 8,000 “hot” wallets (internet-connected cryptocurrency storage apps) connected to the Solana ecosystem, their stealing around $5 million. crypto value. Solana said in a Tweeter that the exploit was due to a bug in “a software used by several popular software wallets among network users”, not in the Solana network or its cryptography.

It’s one thing to be told what NSO Group spyware can do, but quite another to see for yourself. Reporters at Israel Ha’aretz have got their hands on never-before-seen screenshots of Syaphan, a prototype of NSO’s now infamous Pegasus spyware, which retained much of the look and functionality of its precursor. Screenshots show that operators have the ability to access call logs and messages and remotely activate cameras and microphones to turn an infected device into a real-time spy tool.

The government’s use of Pegasus and other spyware has led to a growing number of scandals, especially in Europe. Yesterday, Panagiotis Kontoleon, the head of the Greek intelligence service, and Grigoris Dimitriadis, secretary general of the prime minister’s office, resigned. Their departures follow a complaint by Nikos Androulakis, the leader of the socialist PASOK party, who alleged that his phone had been targeted by Predator spyware created by neighboring North Macedonia-based Cytrox. The Greek prime minister’s office, however, maintains that the resignations and the spyware allegations are unrelated. “In no way does this have anything to do with Predator (spyware), to which neither he nor the government are in any way connected, as has been categorically stated,” he said in a statement.

Remember a few months ago when everyone was mad at DuckDuckGo? Well, that thing that was making you angry has now been (mostly) fixed, according to the company. Last May, security researcher Zach Edwards discovered that DuckDuckGo’s privacy browsers, not its search engine, for which the company is best known, allowed certain third-party Microsoft tracking scripts. DuckDuckGo, which has a partnership with Microsoft, says it has expanded its third-party tracker upload protection to include 21 additional domains, blocking the bulk of Microsoft tracking scripts on websites accessed through its DuckDuckGo Privacy mobile browser or when browsing. using its Privacy Essentials extension, which can be used with all major browsers. However, DuckDuckGo will still allow advertisers to track DuckDuckGo clicks via scripts from the bat.bing.com domain. Is it perfect? No, even DuckDuckGo admits it. But it’s still a privacy improvement over traditional browsers and search engines.

Comments are closed.