Passengers couldn’t fly after NHS vaccine passport went offline

0 0
Read Time:45 Second
Passengers couldn’t fly after NHS vaccine passport went offline

Enlarge (credit: VOO QQQ)

England’s COVID Pass system went offline for hours on Wednesday, causing British travelers to remain stranded at airports. Some passengers couldn’t board their flights, while others suffered delays as both the National Health Service (NHS) website and app experienced issues.

Delays and missed flights

An NHS system outage lasting approximately four hours left many British travelers unable to access their vaccination records and present their COVID Pass to the airlines. Prior to letting passengers board, most airlines in the UK require proof of vaccination in printed or digital form. But those without a paper copy were left in limbo as the NHS smartphone app kept throwing up errors.

Journalist Caroline Frost, who is vaccinated, is one of the many passengers who had a hard time getting by at the airport:

Read 5 remaining paragraphs | Comments

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Verizon’s Visible cell customers hacked, leading to unauthorized purchases

0 0
Read Time:28 Second
Verizon’s Visible cell customers hacked, leading to unauthorized purchases

Enlarge (credit: Steve Halama)

Numerous Visible Wireless subscribers are reporting that their accounts were hacked this week. Visible runs on Verizon’s 5G and 4G LTE networks and is owned by Verizon.

Suspicions of a data breach at Visible started Monday when some customers saw unauthorized purchases on their accounts:

On the Visible subreddit, users reported seeing unauthorized orders placed from their accounts:

Read 10 remaining paragraphs | Comments

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

“Hacker X”—the American who built a pro-Trump fake news empire—unmasks himself

0 0
Read Time:40 Second
A shadowy figure holds a mask of Donald Trump.

Enlarge (credit: Aurich Lawson | Getty Images)

This is the story of the mastermind behind one of the largest “fake news” operations in the US.

For two years, he ran websites and Facebook groups that spread bogus stories, conspiracy theories, and propaganda. Under him was a dedicated team of writers and editors paid to produce deceptive content—from outright hoaxes to political propaganda—with the supreme goal of tipping the 2016 election to Donald Trump.

Through extensive efforts, he built a secret network of self-reinforcing sites from the ground up. He devised a strategy that got prominent personalities—including Trump—to retweet misleading claims to their followers. And he fooled unwary American citizens, including the hacker’s own father, into regarding fake news sources more highly than the mainstream media.

Read 74 remaining paragraphs | Comments

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

US gov’t will slap contractors with civil lawsuits for hiding breaches

0 0
Read Time:1 Minute, 18 Second
US gov’t will slap contractors with civil lawsuits for hiding breaches

(credit: Stephen Melkisethian)

In a groundbreaking initiative announced by the Department of Justice this week, federal contractors will be sued if they fail to report a cyber attack or data breaches. The newly introduced “Civil Cyber-Fraud Initiative” will leverage the existing False Claims Act to pursue contractors and grant recipients involved in what the DoJ calls “cybersecurity fraud.” Usually, the False Claims Act is used by the government to tackle civil lawsuits over false claims made in relation to federal funds and property connected with government programs.

Cyber contractors chose silence “for too long”

“For too long, companies have chosen silence under the mistaken belief that it is less risky to hide a breach than to bring it forward and to report it,” states Deputy Attorney General Lisa O. Monaco, who is pioneering the initiative. “Well, that changes today. We are announcing today that we will use our civil enforcement tools to pursue companies, those who are government contractors who receive federal funds, when they fail to follow required cybersecurity standards—because we know that puts all of us at risk. This is a tool that we have to ensure that taxpayer dollars are used appropriately and guard the public fisc and public trust.”

The introduction of the Civil Cyber-Fraud Initiative is the “direct result” of the department’s ongoing thorough review of the cybersecurity landscape ordered by the deputy attorney general in May. The goal behind these review activities is to develop actionable recommendations that enhance and expand the DoJ’s efforts for combating cyber threats.

Read 9 remaining paragraphs | Comments

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Twitch source code, creator earnings exposed in 125GB leak

0 0
Read Time:49 Second
Twitch source code, creator earnings exposed in 125GB leak

Enlarge (credit: Aurich Lawson / Getty Images)

Live video broadcasting service Twitch has been hit by a massive hack that exposed 125GB of the company’s data. In a 4chan thread posted (and removed) Wednesday, an anonymous user posted a torrent file of the data dump. The dump contains the company’s source code and details of money earned by Twitch creators.

Twitch admits to breach but is unsure of the “extent”

In a 4chan post seen by Ars today, an anonymous user claimed to leak 125GB of data lifted from 6,000 internal Twitch Git repositories. The forum poster mocked Amazon’s acquisition of Twitch, writing, “Jeff Bezos paid $970 million for this, we’re giving it away FOR FREE.”

The hacker wrote that the purpose of the leak was to cause disruption and promote competition among video streaming platforms. The hacker further said that Twitch’s “community is a disgusting, toxic cesspool.”

Read 13 remaining paragraphs | Comments

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Company that routes SMS for all major US carriers was hacked for five years

0 0
Read Time:56 Second
A woman's hand holding a smartphone.

Enlarge (credit: Getty Images | d3sign)

Syniverse, a company that routes hundreds of billions of text messages every year for hundreds of carriers including Verizon, T-Mobile, and AT&T, revealed to government regulators that a hacker gained unauthorized access to its databases for five years. Syniverse and carriers have not said whether the hacker had access to customers’ text messages.

A filing with the Securities and Exchange Commission last week said that “in May 2021, Syniverse became aware of unauthorized access to its operational and information technology systems by an unknown individual or organization. Promptly upon Syniverse’s detection of the unauthorized access, Syniverse launched an internal investigation, notified law enforcement, commenced remedial actions and engaged the services of specialized legal counsel and other incident response professionals.”

Syniverse said that its “investigation revealed that the unauthorized access began in May 2016” and “that the individual or organization gained unauthorized access to databases within its network on several occasions, and that login information allowing access to or from its Electronic Data Transfer (‘EDT’) environment was compromised for approximately 235 of its customers.”

Read 12 remaining paragraphs | Comments

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Facebook’s outage likely cost the company over $60 million

0 0
Read Time:55 Second
Facebook’s outage likely cost the company over $60 million

Enlarge (credit: Getty Images)

In a major outage yesterday, Facebook, along with its sibling sites, WhatsApp and Instagram, became unreachable for hours. Real-time website status tracker DownDetector received over 14 million reports from users who couldn’t use the social media giant’s apps and services.

But beyond the obvious inconvenience to those cut off from these services, yesterday’s outage has had financial repercussions not only for Facebook, but many small businesses that rely on the platform.

Downtime estimated to cost Facebook over $60 million

Facebook’s 2020 revenue was $86 billion. Experts have used this number to approximate the average loss incurred by the company yesterday at $163,565 for every minute of the outage. Over the six-hour period, this sums up to roughly $60 million in lost revenue. Another report by Fortune pinned the loss at $100 million, stating that “for many companies, a $100 million drop in revenue over any time period would be a financial event of significant concern. For Facebook, it is (for now) a drop in the bucket that investors will likely shrug off.”

Read 9 remaining paragraphs | Comments

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Facebook, Instagram, WhatsApp, and Oculus are down. Here’s what we know

0 0
Read Time:1 Minute, 11 Second
Today's global Facebook and Facebook-owned-services outage appears to be the result of a flubbed BGP configuration change pushed by a Facebook engineer this morning.

Enlarge / Today’s global Facebook and Facebook-owned-services outage appears to be the result of a flubbed BGP configuration change pushed by a Facebook engineer this morning. (credit: Sean Gladwell via Getty Images / Jim Salter)

Facebook—and apparently all the major services Facebook owns—are down today. We first noticed the problem at about 11:30 am Eastern time, when some Facebook links stopped working. Investigating a bit further showed major DNS failures at Facebook:

The problem goes deeper than Facebook’s obvious DNS failures, though. Facebook-owned Instagram was also down, and its DNS services—which are hosted on Amazon rather than being internal to Facebook’s own network—were functional. Instagram and WhatsApp were reachable but showed HTTP 503 (no server is available for the request) failures instead, an indication that while DNS worked and the services’ load balancers were reachable, the application servers that should be feeding the load balancers were not.

A bit later, Cloudflare VP Dane Knecht reported that all BGP routes for Facebook had been pulled. With no BGP routes into Facebook’s network, Facebook’s own DNS servers would be unreachable—as would the missing application servers for Facebook-owned Instagram, WhatsApp, and Oculus VR.

Read 2 remaining paragraphs | Comments

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Researcher refuses Telegram’s bounty award, discloses auto-delete bug

0 0
Read Time:41 Second
Researcher refuses Telegram’s bounty award, discloses auto-delete bug

Enlarge (credit: Joshua Sortino)

Telegram patched another image self-destruction bug in its app earlier this year. This flaw was a different issue from the one reported in 2019. But the researcher who reported the bug isn’t pleased with Telegram’s months-long turnaround time—and an offered $1,159 (€1,000) bounty award in exchange for his silence.

Self-destructed images remained on the device

Like other messaging apps, Telegram allows senders to set communications to “self-destruct,” such that messages and any media attachments are automatically deleted from the device after a set period of time. Such a feature offers extended privacy to both the senders and the recipients intending to communicate discreetly.

In February 2021, Telegram introduced a set of such auto-deletion features in its 2.6 release:

Read 12 remaining paragraphs | Comments

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %

Hundreds of scam apps hit over 10 million Android devices

0 0
Read Time:1 Minute, 29 Second
Never put a GriftHorse on your phone.

Enlarge / Never put a GriftHorse on your phone. (credit: John Lamparsky | Getty Images)

Google has taken increasingly sophisticated steps to keep malicious apps out of Google Play. But a new round of takedowns involving about 200 apps and more than 10 million potential victims shows that this longtime problem remains far from solved—and in this case, potentially cost users hundreds of millions of dollars.

Researchers from the mobile security firm Zimperium say the massive scamming campaign has plagued Android since November 2020. As is often the case, the attackers were able to sneak benign-looking apps like “Handy Translator Pro,” “Heart Rate and Pulse Tracker,” and “Bus – Metrolis 2021” into Google Play as fronts for something more sinister. After downloading one of the malicious apps, a victim would receive a flood of notifications, five an hour, that prompted them to “confirm” their phone number to claim a prize. The “prize” claim page loaded through an in-app browser, a common technique for keeping malicious indicators out of the code of the app itself. Once a user entered their digits, the attackers signed them up for a monthly recurring charge of about $42 through the premium SMS services feature of wireless bills. It’s a mechanism that normally lets you pay for digital services or, say, send money to a charity via text message. In this case, it went directly to crooks.

The techniques are common in malicious Play Store apps, and premium SMS fraud in particular is a notorious issue. But the researchers say it’s significant that attackers were able to string these known approaches together in a way that was still extremely effective—and in staggering numbers—even as Google has continuously improved its Android security and Play Store defenses.

Read 7 remaining paragraphs | Comments

Happy
Happy
0 %
Sad
Sad
0 %
Excited
Excited
0 %
Sleepy
Sleepy
0 %
Angry
Angry
0 %
Surprise
Surprise
0 %