Data breaches have been a worry ever since Elon Musk invested $44 billion in Twitter and fired a sizable portion of the workforce. Now it appears that a security incident from before Musk's takeover is giving people trouble. This month, information about the release by hackers of a database containing 200 million email addresses and links to Twitter handles that was most likely gathered between June 2021 and January 2022. The sale of the data could put anonymous Twitter accounts at risk and subject the company to more regulatory scrutiny.
With the launch of a new anti-censorship tool, WhatsApp hopes to assist Iranians in getting around restrictions placed on the messaging app by their government. The business has made it possible for users to access WhatsApp through proxies and get around government censorship. The tool is offered everywhere.
Another cybersecurity company this month disclosed that it had observed the Russian cyberespionage group Turla using cutting-edge new hacking techniques in Ukraine. The group, which is thought to be affiliated with the FSB intelligence agency, was observed riding other hacker groups' dormant USB infections. The command-and-control servers of outdated malware were taken over by Turla after they registered their expired domains.
But that’s not all.
Here is the latest security news that you may have missed.
Slack suffers a new year data breach
Slack published a fresh security update to its blog on December 31 as millions of people were getting ready for the start of 2023. The organisation claims in the post that it discovered a "security issue involving unauthorised access to a subset of Slack's code repositories." It discovered that an unidentified threat actor had started stealing Slack employee tokens on December 27 and using them to access the company's external GitHub repository and download some of its code.
Slack's disclosure states that the hacker did not access customer data and that there is no need for action on the part of users. "When we were made aware of the incident, we immediately invalidated the stolen tokens and started investigating the potential impact to our customers," it adds.
According to cybersecurity journalist Catalin Cimpanu, the incident is similar to a security incident that occurred on December 21 and was disclosed by the authentication company Okta. Okta disclosed that its code repositories had been accessed and copied just before Christmas.
The incident was quickly found and reported by Slack. Slack's security disclosure didn't appear on its regular news blog, as noted by Bleeping Computer.
Additionally, the company added code to prevent search engines from including it in their results in some regions of the world. After a bug exposed hashed passwords for five years in August 2022, Slack compelled password resets.
Police Face Recognition Used Once More to Arrest the Wrong Man
A Black man in Georgia was imprisoned for nearly a week after police allegedly used a face recognition match that wasn't accurate. In a theft case they were looking into, Louisiana police used technology to obtain an arrest warrant for Randal Reid. "I've never spent a day in Louisiana in my life. I was then informed that it was for theft. Reid told the local news outlet Nola, "I don't steal, so I haven't been to Louisiana either.
A detective "took the algorithm at face value to secure a warrant," according to the publication, and little is known about how Louisiana police use face recognition technology. None of the systems' names have been made public. But this is merely the most recent instance of face recognition technology being misused to make erroneous arrests. While the use of face recognition technology by the police has rapidly expanded across US states, studies have repeatedly shown that it more frequently misidentifies women and people of colour than white men.
User ID mandatory for pornographic websites in Louisiana
A recent Louisiana law requires pornographic websites to confirm the ages of users from the state to confirm they are older than 18. A website must use age verification, according to the law, if there is 33.3 percent or more pornographic content there. The largest pornographic website in the world, PornHub, now offers users the chance to link their government-issued ID, such as a driver's licence, through a third-party service to demonstrate that they are of legal age. Although PornHub claims that it does not gather user data, the move has sparked concerns about surveillance.
Countries all over the world are passing laws requiring visitors to porn sites to show they are old enough to view the explicit content. If the measures are not implemented, lawmakers in France and Germany have threatened to block pornographic websites. Because age verification systems were lacking, Twitter began to censor German producers of adult content in February 2022. Similar age-checking initiatives were attempted in the UK between 2017 and 2019, but failed due to admins' confusion, design flaws, and concerns over data breaches.
Russian spies expelled from Europe
By its very nature, the world of spies is shrouded in secrecy. Nations send agents into other nations to collect intelligence, find other resources, and sway events. However, sometimes these spies are discovered. More Russian spies in Europe have been found and expelled from countries since Russia's full-scale invasion of Ukraine in February 2022. Since 2018, known instances of Russian spies operating in Europe have been compiled in a new database from open-source researcher @inteltakes. The database includes information on 41 exposed spies, including their nationality, occupation, and the service they were recruited by, whenever available.