New: A New York-based 'stalkerware' maker has agreed to notify individuals whose phones were compromised by its mobile surveillance software, including PhoneSpector and Highster, following a deal with the New York attorney general's office.

techcrunch.com

New York attorney general orders stalkerware maker to notify hacked victims

The New York-based stalkerware operator also agreed to pay more than $400,000 in civil penalties for facilitating phone surveillance.

Zack Whittaker Retweeted

Lorenzo FB / @lorenzofb@infosec.exchange

@lorenzofb

Feb 2

NEW: We obtained a private intelligence report on the hackers known as "0ktapus" or "Scattered Spider." After hitting 130 companies last year, the hackers are still active as of January, targeting Riot Games, Roblox, Salesforce, and Mailchimp and others.

techcrunch.com

‘0ktapus’ hackers are back and targeting tech and gaming companies, says leaked report

A leaked report obtained by TechCrunch says the hackers behind the massive "0ktapus" campaign is back and targeting companies like Riot Games and Mailchimp.

Show this thread

Zack Whittaker Retweeted

TechCrunch

@TechCrunch

Feb 2

New: The U.S. Treasury says it's aware of a ransomware attack targeting Ion Group, a financial tech giant whose software is used by banks around the world. tcrn.ch/3WWHau7 by

@carlypage_

techcrunch.com

Financial software firm Ion Group battles LockBit ransomware attack

The ransomware attack forced a number of European and U.S. banks to revert to manual processes, while the U.S. Treasury says it's monitoring.

Zack Whittaker Retweeted

Lorenzo FB / @lorenzofb@infosec.exchange

@lorenzofb

Feb 1

NEW: Hackers hijacked the Coinbase account of a Google Fi customer. An interesting attack that's hard to explain right now. The hackers didn't take control of the Google account tied to the Fi account, but somehow took control of the phone number.

techcrunch.com

Google Fi hack victim had Coinbase, 2FA app hijacked by hackers

A Google Fi customer was targeted by hackers, who were able to SIM swap him and then hijack his Coinbase account.

New: FTC has slapped GoodRx with a $1.5M penalty for sharing consumers' sensitive health information — including medications and health conditions — with advertisers like Facebook and Google, and ordered GoodRx to stop. w/

@ingridlunden

techcrunch.com

FTC slaps $1.5M fine on GoodRx for sharing users' health data with Facebook and Google

The federal consumer watchdog said GoodRx shared sensitive details about people's medications and health conditions with advertisers.

Zack Whittaker Retweeted

amanda silberling

@asilbwrites

Jan 31

After twenty years, the ubiquitous, storied Stripperweb forum is shutting down on February 1. No one knows why. I wrote about how the community has come together to archive their collective history and attempt to track down the forum's elusive owner.

techcrunch.com

Stripperweb, a twenty-year-old forum for sex workers, is shutting down. No one knows why.

“Losing Stripperweb is losing our communal memory [...] It was that ubiquitous, that everybody kind of knew what it was."

160

Show this thread

Zack Whittaker Retweeted

Carly Page

@CarlyPage_

Jan 31

Google Fi says hackers accessed customer data, including phone numbers and SIM details, during data breach that's likely related to the recent T-Mobile hack

techcrunch.com

Google Fi says hackers accessed customers' information

The virtual cell service said customers' data was exposed following "suspicious activity" relating to its primary network provider.

Zack Whittaker

@zackwhittaker

Jan 31

New: Taiwanese auto giant Hotai Motor exposed a massive database of iRent customer data for months, including thousands of ID documents. There was no password on the database. w/

@RebeccaBellan

techcrunch.com

Hotai Motor exposed thousands of iRent customer documents

The passwordless database — exposed for months — was only taken offline after intervention by the Taiwanese government.

Zack Whittaker Retweeted

Lorenzo FB / @lorenzofb@infosec.exchange

@lorenzofb

Jan 30

NEW: Russia is blocking Skiff, an encrypted email and cloud services provider. The blocking is done by Internet Service Providers following an order of a (so far) unknown Russian government agency.

techcrunch.com

Russia is blocking encrypted email startup Skiff

The encrypted email service said it has seen a significant drop in traffic from Russia in the past week.

Zack Whittaker Retweeted

Runa Sandvik

@runasand

Jan 27

I looked at a bunch of court records to learn more about how police in the U.S. use digital data to prosecute abortions. Here’s what I found.

techcrunch.com

How US police use digital data to prosecute abortions

Court records reveal how police in the U.S. use text messages, emails, search history to prosecute people seeking abortions.

Show this thread

Zack Whittaker Retweeted

Carly Page

@CarlyPage_

Jan 26

US announces it seized Hive ransomware gang’s leak sites and decryption keys

techcrunch.com

US announces it seized Hive ransomware gang's leak sites and decryption keys

U.S. federal agents seized the Hive ransomware operation in July 2022, allowing the capture of Hive’s decryption keys.

Zack Whittaker Retweeted

TechCrunch

@TechCrunch

Jan 26

Have you recently made a purchase through one of these knockoff apparel online stores? Your credit card may have been exposed.

techcrunch.com

A network of knockoff apparel stores exposed 330,000 customer credit cards

The credit card numbers belong to customers who made purchases through a network of online stores claiming to sell designer goods and apparel

Zack Whittaker

@zackwhittaker

Jan 25

New: If you bought knock-off designer goods or apparel from these online stores, you might want to get yourself a new credit card. A database of 330,000 unencrypted customer credit card numbers and cardholder information exposed, thanks to no password.

techcrunch.com

A network of knockoff apparel stores exposed 330,000 customer credit cards

The credit card numbers belong to customers who made purchases through a network of online stores claiming to sell designer goods and apparel

Zack Whittaker Retweeted

Lorenzo FB / @lorenzofb@infosec.exchange

@lorenzofb

Jan 24

NEW: The FBI accused North Korean government hackers Lazarus Group and APT38 of being behind last year's hack of blockchain bridge Horizon, which netted the hackers $100 million.

techcrunch.com

FBI accuses North Korean government hackers of stealing $100M in Harmony bridge theft

North Korea is accused of using — and stealing — crypto to evade sanctions and fund its nuclear weapons program.

Zack Whittaker Retweeted

Carly Page

@CarlyPage_

Jan 24

LastPass owner GoTo says hackers stole customers’ encrypted backups during a recent breach of its systems

techcrunch.com

LastPass owner GoTo says hackers stole customers' backups

LastPass' parent company says intruders stole the company's encryption key for securing its customers' backed up data.

Zack Whittaker Retweeted

Zack Whittaker

@zackwhittaker

Jan 21

New: A hack at ODIN Intelligence, which provides tech and apps — like SweepWizard — to police departments, has exposed a huge trove of police files, including tactical plans of police raids, surveillance, and use of facial recognition.

techcrunch.com

A hack at ODIN Intelligence exposes a huge trove of police raid files

The breach exposes the police tech firm's own systems but also confidential law enforcement data uploaded by ODIN's police customers.

131

A hack at ODIN Intelligence exposes a huge trove of police raid files

The breach exposes the police tech firm's own systems but also confidential law enforcement data uploaded by ODIN's police customers.

131

Zack Whittaker Retweeted

Lorenzo FB / @lorenzofb@infosec.exchange

@lorenzofb

Jan 19

NEW: T-Mobile got hacked, again. It's the eight time since 2018. techcrunch.com/2023/01/19/t-m

GIF

read image description

ALT

Zack Whittaker Retweeted

TechCrunch

@TechCrunch

Jan 18

Mailchimp was hacked — again, its second breach in six months.

techcrunch.com

Mailchimp says it was hacked — again

This is the second breach to hit Mailchimp in six months. It also appears to be almost identical to a previous incident.

Zack Whittaker Retweeted

Carly Page

@CarlyPage_

Jan 17

Royal Mail has confirmed that a "cyberattack" is responsible for disruption to overseas post, which continues into a second week

techcrunch.com

Royal Mail CEO confirms cyberattack downed UK postal service

CEO Simon Thompson told U.K. lawmakers that the postal service's ongoing outage was caused by a "cyberattack."

Zack Whittaker Retweeted

TechCrunch

@TechCrunch

Jan 10

New: A government watchdog spent $15,000 building a password-cracking rig capable of unscrambling thousands of government employee passwords in a matter of minutes.

techcrunch.com

A government watchdog spent $15,000 to crack a federal agency's passwords in minutes

According to the watchdog, some 5% of the government agency's passwords contained some variation of the word "password."

Zack Whittaker Retweeted

Lorenzo FB / @lorenzofb@infosec.exchange

@lorenzofb

Jan 5

~ Personal news ~ I am joining TechCrunch to work with

@zackwhittaker

and the rest of the team covering the usual beats of cybersecurity, hacking, surveillance and privacy. I'm really excited and look forward to being back on the beat starting Jan. 17.

126

1,129

A file on SpyTrac's server contained AWS keys linked to cloud storage associated with Support King and GovAssist, both run by CEO Scott Zuckerman. Zuckerman denied links to SpyTrac, but couldn't explain how his AWS keys were found on SpyTrac's servers.

techcrunch.com

Support King, banned by FTC, linked to new phone spying operation

Leaked data shows SpyTrac is one of the biggest known active stalkerware operations, with over a million users.

After the FTC's ban in 2021, Support King shut down its stalkerware app SpyFone. A year on, the app is back in all but name only, according to internal data we've seen. Shortly after we contacted its CEO for comment, SpyTrac's website went offline. More: tcrn.ch/3uWE2CO

a redacted screenshot from a recnet SpyTrac video, which references the now-defunct SpyFone, a Support King surveillance app banned by the FTC in 2021

read image description

ALT

New: In 2021, the FTC banned SpyFone and its parent company Support King from the surveillance industry. But new data seen by TechCrunch links Support King to a new phone spying operation called SpyTrac, which has compromised over 1.3 million devices.

techcrunch.com

Support King, banned by FTC, linked to new phone spying operation

Leaked data shows SpyTrac is one of the biggest known active stalkerware operations, with over a million users.

Twitter suspends Mastodon's account and bans links to Mastodon servers

Twitter suspended Mastodon's account Thursday after the social platform shared a link to someone who tracks Elon Musk's private jet.

Zack Whittaker Retweeted

Eliot Higgins

@EliotHiggins

Dec 15, 2022

Bellingcat Discord member Sepulco geolocated the video Elon Musk posted overnight, claiming to show a stalker, which he used to justify the banning of accounts that tracked flights. It's at 34.116175,-118.160635, not close to any airports. google.com/maps/@34.11613

476

5,799

27.3K

Speaking of which:

Zack Whittaker (@zackwhittaker@mastodon.social)

156 Posts, 169 Following, 7.46K Followers · Security editor, TechCrunch zack.whittaker@techcrunch.com Signal: +1 646.755.8849 New York, NY

The last thing that

tweeted was a link to ElonJet on Mastodon, so go figure.

Quote Tweet

Steve Herman

@W7VOA

Dec 15, 2022

The official @joinmastodon account suspended by #Twitter.

Show this thread

Zack Whittaker Retweeted

TechCrunch

@TechCrunch

Dec 15, 2022

Two weeks ago, LastPass confirmed it was hacked for the second time this year and that customers' information was accessed. TechCrunch has analyzed and marked-up LastPass' data breach notice to explain what LastPass is, and isn't telling customers.

techcrunch.com

Parsing LastPass' data breach notice

Decoding what LastPass said — and hasn't said — about its second breach this year, in which hackers accessed customers' information.

Zack Whittaker

@zackwhittaker

Dec 15, 2022

Case in point: DOJ charged Joshua Laing, 32, of running the alleged booter service "TrueSecurityServices[.]io" between 2014 and November 2022. However, that domain — and several others — are still active and operational and have no seizure notices. More: tcrn.ch/3ByyQZN

a screenshot of TrueSecurityServices, a booter site allegedly seized by the DOJ, but remains active and operational

read image description

ALT

another screenshot of TrueSecurityServices, a booter site allegedly seized by the DOJ, but remains active and operational. this screenshot lists the prices of the illegal service.

read image description

ALT

Well this is embarrassing. Several of the illegal DDoS-for-hire websites seized by the FBI are still loading and appear operational, a day after the DOJ filed charges against six defendants accused of running the services.

techcrunch.com

US claims major DDoS-for-hire takedown, but some 'seized' sites still load

Several of the illegal DDoS booter domains seized by U.S. law enforcement are still online, a DOJ spokesperson confirmed.

If you really want to geek out, you can follow along with the 🖍️ links in the story, which correspond with my marked up notes.

documentcloud.org

LastPass data breach notice

New: Two weeks ago, LastPass said it was hacked for a second time this year. This time an intruder gained access to customers' information. I parsed LastPass' data breach notice to explain what LastPass is and isn't saying, and how it impacts users.

techcrunch.com

Parsing LastPass' data breach notice

Decoding what LastPass said — and hasn't said — about its second breach this year, in which hackers accessed customers' information.

141

Apple says it's aware of exploitation targeting iPhone users running "versions of iOS released before iOS 15.1." But by who? Google TAG, which investigates nation state spyware and hacking, discovered the flaw. That's a big clue as to who's exploiting it.

techcrunch.com

Apple fixes 'actively exploited' zero-day security vulnerability affecting most iPhones

The iPhone security flaw was discovered by a Google unit that uncovers nation-state spyware, hacking and cyberattacks.

New: Apple says an iPhone software update it released two weeks ago, iOS 16.1.2, contains a security fix for a WebKit zero-day flaw that is being "actively exploited." Apple also released the security fix for those still running iOS 15.

techcrunch.com

Apple fixes 'actively exploited' zero-day security vulnerability affecting most iPhones

The iPhone security flaw was discovered by a Google unit that uncovers nation-state spyware, hacking and cyberattacks.

Show this thread

Zack Whittaker Retweeted

TechCrunch

@TechCrunch

Dec 12, 2022

#Xnspy is one of many so-called #stalkerware apps sold under the guise of allowing a parent to monitor their child’s activities, but are explicitly marketed for spying on a spouse or domestic partner’s devices without their permission

techcrunch.com

Xnspy stalkerware spied on thousands of iPhones and Android devices

Meet the Pakistan-based startup, whose spyware has compromised at least 66,000 devices.

Zack Whittaker

@zackwhittaker

Dec 12, 2022

Xnspy, like a lot of stalkerware, is a hot mess of security flaws. It's not really a surprise that TechCrunch was sent a cache of internal Xnspy data — data that exposed its developers, who had made a concerted efforts to conceal their involvement.

techcrunch.com

Xnspy stalkerware spied on thousands of iPhones and Android devices

Meet the Pakistan-based startup, whose spyware has compromised at least 66,000 devices.

Xnspy spied on 60,000+ devices globally — mostly Android devices, but data we've seen also contained over 10,000 iCloud account passwords for accessing iCloud backups. Given the possibility of ongoing risk to victims, TechCrunch provided the list of compromised accounts to Apple.

Show this thread