Security News This Week: A Dangerous Worm Is Eating Its Way Through Software Packages
New discoveries this The week has shown that an erroneous platform used by the Ministry of Internal Security has left sensitive national security information, in particular data related to American surveillance – exposed and accessible to thousands of people. Meanwhile, 15 New York officials were arrested by immigration and customs application and the New York police service this week in or around 26 Federal Plaza – where ice holds people in what the courts have deemed unhealthy conditions.
Russia has conducted remarkable military exercises testing hypersonic missiles near NATO borders, attaching tensions to the region after the Kremlin has already recently piloted drones in a Polish and Romanian airspace. Scammers have a new tool to send spam texts, called “SMS blasters”, which can send up to 100,000 texts per hour while eluding anti-spam measures from the telecommunications company. The crooks deploy cell tricks that encourage people’s phones to connect to malicious devices so that they can send SMS directly and get around the filters. And a pair of defects in the identification and access identification system of Microsoft, which was corrected, could have been used to access almost all Azure customer accounts – a potentially catastrophic disaster.
Wired has published a detailed guide this week to acquire and use a burner phone, as well as more private alternatives than an ordinary phone but not as a high intensity of labor as a real burner. And we have updated our guide for the best VPNs
But wait, there is more! Each week, we bring together the news of security and confidentiality that we have not covered in depth ourselves. Click on the titles to read full stories. And stay safe there.
The world of cybersecurity has seen, to its great dismay, many attacks of software supply chain, in which hackers hide their code in legitimate software so that it is in silence to each system that uses this code in the world. In recent years, pirates have even tried to link a software software supply chain attack, finding a second objective of software developer among their victims to compromise another software and launch a new series of infections. This week has seen a disturbing new evolution of these tactics: an attack worm of the self-reprocheed supply chain in its own right.
Malware, which was nicknamed Shai-Hulud after the name of Fremen for monstrous sandworms in the science fiction novel Dune (and the name of the GitHub page where malware has published stolen identification information from its victims) compromised hundreds of open source software packages on the management of code standard of code standard, or NPM, used by JavaScript developers. The green Shai-Hulud is designed to infect a system that uses one of these software packages, then hunt more PNP identification on this system so that it can corrupt another software package and continue its spread.
According to a chef, the worm has spread to more than 180 software packages, including 25 used by the cybersecurity company Crowdstrike, although Crowstrike has since removed from the NPM frame of reference. Another countdown of the reverse cybersecurity company has put the count much higher, more than 700 assigned code packages. This makes Shai-Hulud one of the greatest attacks of the history supply chain, although the intention of its mass identification flight remains far from clear.
Western privacy defenders have long indicated that Chinese surveillance systems are potential dystopias awaiting countries like the United States if the technological industry and the collection of government data is not controlled. However, an Associated Press survey underlines underline the China surveillance systems would have been largely built on American technologies. The Ap ‘Reporters Found Evidence that China’s Surveillance Network – Fox the “Golden Shield” Policing System That Beijing Officials have used to censor the internet and crack down on alleged terrorrists to the tools used to target, track and often destain uyghurs and the country REGION – APPPEAR TO HAVE BEEN BUILT With the Help of American Companies, Including IBM, Dell, Cisco, Intel, Nvidia, Oracle, Microsoft, Thermo Fisher, Motorola, Amazon Web Services, Western Digital and HP. In many cases, the PA has found marketing supports in Chinese in which Western companies specifically offer surveillance requests and tools to Chinese domestic police and intelligence services.
Sporseed Spider, a cybercriminal piracy and rare extortion gang largely based in Western countries, has a trace of chaos on the Internet for years, reaching targets of MGM Resorts and the Caesar Palace to the Marks & Spencer grocery chain in the United Kingdom. Now, two alleged members of this notorious group have been arrested in the United Kingdom: Thalha Jubair, 19, and Owen Flowers, 18, both accused of hacking for London Transit System – said more than $ 50 million damage – among many other targets. Jubair alone is accused of intrusions targeting 47 organizations. The arrests are only the last in a series of busts targeting Spotted Spider, which nevertheless continued an almost uninterrupted chain of violations. Noah Urban, who was convicted of accusations related to dispersed spider activity, spoke from prison to Bloomberg Businessweek for a long profile of his cybercriminal career. Urban, 21, was sentenced to a decade of prison.
