Headline
The Feds Gear Up for a Privacy Crackdown
Plus: Cisco gets hit by ransomware, Twilio gets phished, a new way to fight email spammers, and much more.
We’ve also looked at how new data rulings in Europe could stop Meta from sending data from the EU to the US, potentially prompting app blackouts across the continent. However, the decisions also have a wider impact: reforming US surveillance laws.
Also this week, a new phone carrier launched and it has a specific goal: protecting your privacy. The Pretty Good Phone Privacy or PGPP service, by Invisv, separates phone users from the identifiers linked to your device, meaning it can’t track your mobile browsing or link you to a location. The service helps to deal with a huge number of privacy problems. And if you want to enhance your security even more, here’s how to use Apple’s new Lockdown Mode in iOS 16.
But that’s not all. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.
The Federal Trade Commission this week announced it has begun the process for writing new rules around data privacy in the United States. In a statement, FTC chair Lina Khan pressed the need for strong privacy rules that rein in the “surveillance economy” that she says is opaque, manipulative, and responsible for “exacerbating … inbalances of power.” Anyone can submit rules for the agency to consider between now and mid-October. And the FTC will hold a public “virtual event” on the issue on September 8.
Communications company Twilio said this week that “sophisticated” attackers successfully waged a phishing campaign that targeted its employees. The attackers sent text messages with malicious links and included words like “Okta,” the identity management platform that itself suffered a hack by the Lapsus$ hacker group earlier this year. Twilio later said that the scheme allowed the attackers to access the data of 125 customers. But the campaign didn’t stop there: Cloudflare later disclosed that it, too, was targeted by the attackers—although they were stopped by the company’s hardware-based multifactor authentication tools. As always, be careful what you click.
Elsewhere, enterprise technology giant Cisco disclosed that it became the victim of a ransomware attack. According to Talos, the company’s cybersecurity division, an attacker compromised an employee’s credentials after gaining access to a personal Google account, where they were able to access credentials synced from the browser. The attacker, identified as part of the Yanluowang ransomware gang, then “conducted a series of sophisticated voice phishing attacks” in an attempt to trick the victim into accepting a multifactor authentication request, which was ultimately successful. Cisco says the attacker was unable to gain access to critical internal systems and was eventually removed. However, the attacker claims to have stolen more than 3,000 files totaling 2.75 GB of data.
Meta’s WhatsApp is the world’s biggest end-to-end encrypted messaging service. While it may not be the best encrypted messenger—you’ll want to use Signal for the most protection—the app prevents billions of texts, photos, and calls from being snooped on. WhatsApp is now introducing some extra features to help improve people’s privacy on its app.
Later this month, you’ll be able to leave a WhatsApp group without notifying every member that you’ve left. (Only the group admins will be alerted). WhatsApp will also allow you to select who can and can’t see your “online” status. And finally, the company is also testing a feature that allows you to block screenshots on photos or videos sent using its “view once” feature, which destroys messages when they’ve been seen. Here are some other ways to boost your privacy on WhatsApp.
And finally, security researcher Troy Hunt is perhaps best known for his Have I Been Pwned website, which allows you to check whether your email address or phone number has been included in any of 622 website data breaches, totaling 11,895,990,533 accounts. (Spoiler: It probably has.) Hunt’s latest project is taking revenge on email spammers. He’s created a system, dubbed Password Purgatory, that encourages spammers emailing him to create an account on his website so they can work together to “truly empower real-time experiences.”
The catch? It’s not possible to meet all the password requirements. Each time a spammer tries to create an account, they’re told to jump through more hoops to create a proper password. For instance: “Password must end with dog” or “Password must not end in ‘!’” One spammer spent 14 minutes trying to create an account, attempting 34 passwords, before finally giving up with: catCatdog1dogPeterdogbobcatdoglisadog.