Cybersecurity is the rickety scaffolding supporting everything you do online. For every new feature or app, there are a thousand different ways it can break – and a hundred of those can be exploited by criminals for data breaches, identity theft, or outright cyber heists. Staying ahead of those exploits is a full-time job, and one of the most lucrative and sought-after skills in the tech industry. All too often, it’s something up-and-coming companies decide to skip out on, only to pay the price later on.
Riot Games’ investment into its Vanguard system is paying off.
Nintendo’s buzzy new alarm clock has been jailbroken by a hacker named Gary who figured out the device’s boot sequence and found a way to exploit and run code through USB. It opens up the possibility for some interesting hacks, but to start we have cat pictures and plasma effects.
Gary previously created a Wii U DNS exploit and chimed in on dying Wii Us.
Reuters reports Delta filed a lawsuit Friday over the July 19th crash, blaming CrowdStrike for having “forced untested and faulty updates to its customers, causing more than 8.5 million Microsoft Windows-based computers around the world to crash.”
Delta’s CEO already called out Microsoft and CrowdStrike during a CNBC interview (included below), saying, “When was the last time you heard of a big outage at Apple?,” while Microsoft said Delta ignored offers to help recover faster.
The Wall Street Journal previously reported Chinese hackers “engaged in a vast collection of internet traffic” from ISPs, including Verizon, AT&T, and Lumen, that reached the system used for court-ordered wiretapping requests. The New York Times now says Donald Trump and JD Vance were targeted in the Verizon breach.
Later on Friday afternoon, the WSJ followed up with another report confirming that, while saying other targets included people affiliated with the Harris campaign and even a WSJ writer reporting on the investigation. The FBI and Verizon also acknowledged an investigation without adding additional details.
Update: Added details from WSJ.
Since the last report, according to Microsoft:
Russian actors continue to integrate generative AI into their content, Iranian groups ramp up their preparations to enable cyber-influence operations, while Chinese actors shift focus to several down-ballot candidates and members of Congress. Russian actors have notably attempted to target the Harris-Walz campaign by attacking the candidates’ characters.
[Microsoft On the Issues]
The alliance managing the passwordless login standard is working on a way to securely move passkeys between password managers offered by 1Password, Apple, Google, Microsoft, Okta, etc. The draft specifications for secure credential exchange are now in community review.
Hopefully this will get sorted soon as passkeys inch closer to going mainstream. The last thing users want is to have their passwords locked to a tech ecosystem.
The hackers worked their way into the networks of AT&T, Verizon, Lumen Technologies, and others, according to anonymous sources cited by The Wall Street Journal:
For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data, according to people familiar with the matter ... The attackers also had access to other tranches of more generic internet traffic, they said.
The US DHS recently said thwarting Chinese hackers was a top security priority.
An X post spotted by The Brick Fan flagged to the company yesterday that its online shop was displaying a “LEGO Coin” cryptocurrency banner.
Naturally, there is no such thing; Lego tells Engadget that the situation was quickly resolved and no user data was compromised.
Crypto businesses keep accidentally hiring IT workers from North Korea. This is a problem because it is, first of all, against US law but second, “CoinDesk encountered multiple examples of companies hiring DPRK IT workers and subsequently getting hacked.”
The Irish Data Protection Commission (DPC) announced the fine against Meta’s EU branch, saying the company “failed to notify”. the DPC that it “inadvertently” stored user passwords without encryption in 2019.
[Data Protection Commission]
The embattled New York City mayor allegedly attempted to use this excuse to keep the FBI from searching his phone. It didn’t help: he was indicted Wednesday on charges of fraud, bribery, and soliciting donations from foreign nationals.
Generally speaking, though, it’s a good idea not to give the cops your phone — even if you’re not under investigation for your relationship with the Turkish government.
The verification marks will now appear in Gmail’s mobile apps for senders who have adopted BIMI, Google’s Brand Indicators for Message Identification feature. They were previously only visible on the Gmail web client.
Gmail now also supports Common Mark Certificates (CMC) which will allow a “broader range of senders to utilize BIMI” according to Google.
