[ad_1]
Not a week goes by without cybersecurity making headlines. This week was not different. You have trouble keeping up? We have gathered some of the biggest news stories of the week on cybersecurity to keep you informed and keep you informed.
TechCrunch: This was the biggest iPhone security story of the year. Google researchers have discovered a number of websites that stealthily hacked thousands of iPhones every week. The operation was conducted by China to target Uighur Muslims, according to sources, as well as for Android and Windows users. Google said that it was a "blind" attack via the use of so-called undisclosed vulnerabilities up to here.
Hackers could steal a Tesla Model S by cloning his key – again
wired: For the second time in two years, researchers have discovered a serious defect in keychains used to unlock Tesla Model S cars. This is the second time in two years that hackers have been able to crack key encryption. . It turns out that the size of the encryption key has doubled since the first cracking. Using twice as many resources, researchers have again deciphered the key. The good news is that a software update can solve the problem.
The leading data monitoring agency of the EU, Microsoft, is investigating new privacy concerns for Windows 10
TechCrunch: Microsoft could be back in hot water with the Europeans after the Dutch Data Protection Authority has asked its Irish counterpart, who oversees the software giant, to open a Windows investigation 10 for allegedly violating EU data protection rules. A main complaint is that Windows 10 collects too much telemetry from its users. Microsoft made some changes after the issue was first raised in 2017, but the Irish regulator is questioning whether these changes go far enough – and if users are properly informed. Microsoft could be fined up to 4% of its annual global business turnover when it was proven that it had broken the law. On the basis of 2018 figures, Microsoft could be fined up to $ 4.4 billion.
The US cyber attack has undermined Iran's ability to target oil tankers, officials said
The New York Times: A secret cyber attack on Iran in June, but only reported this week, has severely degraded Tehran's ability to track down and target oil tankers in the region. This is one of many offensive operations recently conducted by the US government against a foreign target. The Iranian army seized a British tanker in July in retaliation for an American operation that shot down an Iranian drone. According to a senior official, the strike "has reduced Iran's ability to carry out secret attacks" against tankers, but it has raised fears that Iran will be able to recover quickly by correcting the vulnerability used by the Americans to put an end to Iranian operations in Iran. first place.
Apple by default disables the review of Siri audio clips and installs it internally
TechCrunch: After Apple was caught paying contractors to review Siri's queries without the user's permission, the tech giant announced this week that it will disable the human review of the company. Siri audio by default and that it will bring any opt-in review internally. This means that users must actively allow Apple staff to "classify" audio clips created with Siri. Apple has begun to calibrate the audio to improve the Siri voice assistant. Amazon, Facebook, Google and Microsoft have all been challenged by subcontractors to analyze the audio data generated by users.
Hackers are actively trying to steal the passwords of two widely used VPNs
Ars Technica: Hackers target and exploit vulnerabilities in two popular virtual private network (VPN) services. Fortigate and Pulse Secure allow remote employees to tunnel to their corporate networks from outside the firewall. But these VPN services contain flaws that, if exploited, could allow a skilled attacker to go into a corporate network without the need for an employee's username or password. This means that they can access all the internal resources of this network, which can lead to serious data breach. The news of the attacks came one month after the discovery of the vulnerabilities of widely used corporate virtual private networks. Thousands of vulnerable endpoints exist – months after bug fixes.
Grand jury accuses Capital One hacker of denouncing cryptojacking claims
TechCrunch: Finally, when you thought that the breach in Capital One could not be worse, that's the case. A federal grand jury said that the accused hacker, Paige Thompson, should be indicted for new charges. The alleged hacker would have created a tool to detect cloud instances hosted by Amazon Web Services with poorly configured web firewalls. Using this tool, she is accused of having penetrated these instances of the cloud and having installed a cryptocurrency extraction software. This is known as "cryptojacking" and relies on the use of computer resources to exploit cryptocurrency.
[ad_2]
Source link