Security
Headlines
HeadlinesLatestCVEs

Headline

You Pay More When Companies Get Hacked

Plus: Google delays the end of cookies (again), EU officials were targeted with Pegasus spyware, and more of the top security news.

Wired
#web#android#apple#google#microsoft#intel#asus#ibm#chrome#firefox

Russia’s full-scale invasion of Ukraine has been ongoing for more than 150 days, with no end to the conflict in sight. While Ukrainian troops are having some success with counteroffensives in the south of the country, the war is having long-lasting impacts on freedom of speech and online censorship.

This week, we documented how a flurry of more than half a dozen new Russian laws, all proposed or passed in recent months, will help to separate Russia from the global internet. The move, if successful, could damage the very idea of the free and open internet and have global ramifications. But it is not all bad news. Russia’s attempts to block and censor people’s online lives are hitting some stumbling blocks: Its long-held ambition to block anonymity service Tor is faltering.

Last month, Joe Biden signed the Bipartisan Safer Communities Act, the first major federal gun law passed in years. However, senators lacked any real government data on gun violence when they were drafting the law, in part because, until 2019, the Centers for Disease Control and Prevention was banned for decades from studying gun violence in America. As a result, much of the data used to inform the Act came from elsewhere. We also looked at whether states could legally block people seeking abortions from crossing state lines to do so following the fall of Roe v. Wade.

Elsewhere, we’ve also put together a guide to how you can safely lend your phone to someone else, whether to a friend who wants to look at your holiday photos or a stranger who needs to make an emergency phone call. A few simple tweaks to your iPhone or Android settings can quickly help to secure your data.

And there’s more. Each week we round up the news that we didn’t break or cover in depth. Click on the headlines to read the full stories. And stay safe out there!

Every year, the list of companies getting hacked or suffering data breaches continues to grow. These incidents are often the result of businesses’ technical misconfigurations or poor security practices. While each incident is different, it is undeniable that data breaches can have huge impacts on those impacted: individuals who have their data leaked, for example, and companies who have to deal with reputation and financial damage. This week, an IBM report revealed that the cost of a data breach in 2022 has reached an “all-time high,” averaging $4.35 million. That’s a 2.6 percent increase from last year.

Perhaps more salient, according to IBM’s data, is that companies are hitting their customers with the costs of data breaches. The company surveyed 550 organizations that had suffered a data breach between March 2021 and March 2022, and 60 percent of them said they had increased their prices as a result of the breach. No specific examples were given in the report. And it’s unclear whether companies passing on the costs of cybersecurity incidents are investing that extra income into better protecting their customer’s data in the future. However, according to IBM, only 17 percent of the 550 companies surveyed said it was the first data breach they had suffered.

Another week, another set of spyware bombshells. This week Reuters revealed that the European Union found evidence that phones belonging to its staff were targeted with Pegasus, the powerful hacking tool of Israeli firm NSO Group. EU Justice Commissioner Didier Reynders was apparently told by Apple that his iPhone may have been hacked in 2021. An ongoing EU investigation, according to Reuters, found indicators of compromise on some devices. It follows officials announcing that 14 EU member states have purchased Pegasus in the past.

That was not the only spyware revelation this week. The leader of Greece’s opposition political party launched a complaint alleging his phone had been targeted with Israeli-made Predator spyware, developed by Cytrox. Microsoft also linked spyware, dubbed Subzero, to European firm DSIRF. The details, published to coincide with a spyware hearing of the House Intelligence Committee, claimed Subzero had been used to target banks and consultancy firms in Austria, the UK, and Panama.

If technology companies want to operate in China and sell their products to a market of more than a billion people, they’re going to have to bend to the rules. Firms are required to store data locally and, as Apple learned, may have to compromise the security protections they put in place around people’s data. As the video game Roblox prepared to launch in China in 2017 and 2018, its developer was well aware of the potential consequences.

According to Roblox documents obtained by VICE, the company believed it could be hacked if it entered China and that rivals would create their own version of its game. “Expect that hacking has already started,” an internal presentation in 2017 said. The documents also show how Roblox applied Chinese censorship laws—“illegal content” included tampering with historical facts and misrepresenting Chinese territories on maps—and other local laws, such as collecting players’ real names. Roblox eventually launched its Chinese app LuoBuLesi in July 2021, but shut it down at the start of this year.

For years, Apple’s Safari and Mozilla’s Firefox browsers have limited how third-party cookies can track you across the web. These small snippets of code, which are saved to your device when you visit websites, are able to track your browsing history and show you ads based on what you’ve seen. They’re widely considered a privacy nightmare. So when Google announced, in January 2020, that Chrome would finally ditch creepy third-party cookies by 2022, the move was a big deal. However, in practice, Google has struggled to make the change. This week, Google announced its plan has been delayed for a second time. Third-party cookies have been given a stay of execution until at least the backend of 2024, when they will start to be phased out. So far, Google’s efforts to replace third-party cookies have been turbulent, with privacy advocates claiming the replacements are worse than cookies, and the advertising industry saying they’ll decrease competition.

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist