Subject: Crypto Hackers Stole More Than $370 Million In April Alone
Source: Motherboard Tech by Vice
The total amount of crypto stolen since the beginning of the year is more than $1.6 billion. In April alone, hackers stole more than $370 million in crypto from several web3 projects, according to a cybersecurity firm, with nearly $100 million being stolen over the weekend.In the last month, there were 31 hacks affecting crypto or web3 projects, including Beanstalk, Fei Protocol, Deus Finance, and Bored Ape Yacht Club, according to a tally by CertiK, a company that specializes in cybersecurity in the crypto space. These hacks were of different kinds, from exploiting protocols to phishing users directly.Just over the last weekend, decentralized finance (DeFi) platforms Saddle Finance and FEI Protocol (which merged with Rari Capital last year) were hacked and lost $10 million and $80 million, respectively. Saddle’s hack could have been worse, as cybersecurity company BlockSec took advantage of the same vulnerability the hackers used to secure almost $4 million in crypto, according to Saddle….
Source: Mozilla via beSpacific
“Welcome to Mozilla’s *Privacy Not Included buyer’s guide. Our goal is to help you shop smart—and safe—for products that connect to the internet. In 2017, when we first started *Privacy Not Included, we didn’t know if people would be interested in a guide about the privacy and security of connected toys, gadgets, and smart home products. Turns out, they were. And it wasn’t just people who were interested. We discovered some companies were too. We’re happy to see both consumers and companies increasingly value connected products that are safe, secure, and private. Unfortunately, It is often difficult for consumers to get clear, concrete information from companies about the security and privacy of their connected products. Is your personal data shared or sold in ways you may not have expected? What is the company’s known track record for protecting the personal information they collect on you? How does the company regularly test for and fix security vulnerabilities? With this guide, we hope to help you navigate this landscape by understanding what questions you should ask and what answers you should expect before buying a connected tech product. …
(CNN) Chinese government-linked hackers have tried to steal sensitive data from some three dozen manufacturing and technology firms in the US, Europe and Asia, security researchers said Wednesday, in findings that shed new light on Beijing’s alleged use of hacking to buttress its powerhouse economy.
The hackers targeted blueprints for producing materials with broad applications to the pharmaceutical and aerospace sectors, according to Boston-based security firm Cybereason. The firm discovered the activity last year but said the hacking campaign dates to at least 2019, and it suggested that reams of data could have been stolen in the interim.
“It’s clearly industrial espionage, IP [intellectual property] theft at the highest level,” Assaf Dahan, Cybereason’s research lead, told CNN.
Asked to respond to the Cybereason report, Liu Pengyu, a spokesperson at the Chinese Embassy in Washington, claimed that China “will never encourage, support or condone cyber attacks.”
A data location broker company called SafeGraph says it will no longer sell the location data of groups of people visiting Planned Parenthood and other clinics that provide abortions following a recent Vice report. Purchasers of that data previously could reportedly tell where visitors to those clinics came from, how long they stayed at the clinic and where they went after.SafeGraph on Tuesday said it decided to reverse course in part due to news of a leaked initial draft majority opinion which shows the U.S. Supreme Court’s apparent interest in striking down Roe v Wade, a titanic move that would effectively make abortion illegal in many states.
“In light of potential federal changes in family planning access, we’re removing Patterns data for locations classified as NAICS code 621410 (‘Family Planning Centers’) from our self-serve “shop” and API to curtail any potential misuse of its data,” SafeGraph wrote on its website.
Source: Digital Defense Fund via beSpacific
Digital Defense Fund: “This page is organized into different security-related threats. You can jump to the ones that most concern you. Along with each scenario is a list of digital security tips to neutralize the threat. These are possible concerns you might have:…
Source: Bleeping Computer
The National Institute of Standards and Technology (NIST) has released updated guidance on securing the supply chain against cyberattacks.Since 2020, NIST has released two draft documents on how the enterprise can better defend itself from supply-chain attacks.
Today, in response to Executive Order 14028: Improving the Nation’s Cybersecurity, NIST has published ‘Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations‘ to provide guidance on identifying and responding to supply chain cybersecurity risks.
“Managing the cybersecurity of the supply chain is a need that is here to stay,” said NIST’s Jon Boyens, one of the publication’s authors. “If your agency or organization hasn’t started on it, this is a comprehensive tool that can take you from crawl to walk to run, and it can help you do so immediately.”
The document is a long read, weighing in at 326 pages, but includes valuable information on supply chain risks, from evaluating foreign control over a software/product’s development to risks associated with using external IT service providers.
Supply-chain attacks are becoming increasingly popular targets for threat actors, as it allows them to compromise a single product and have it impact numerous downstream companies who utilize it.
The severity of supply-chain attacks was demonstrated in real-world scenarios when threat actors compromised SolarWinds to infect downstream customers, Kaseya’s MSP software was used to encrypt over a thousand companies, and how npm modules were used to execute remote commands.
These attacks had widespread consequences for many organizations simply by compromising a single source, illustrating the need for the enterprise to add safeguards against supply-chain attacks.
Subject: Supreme Court privacy vs. your right to privacy
Source: CNN Politics
There is some weird irony in the case of the Supreme Court and privacy:
- The leaked draft opinion that would overturn Roe v. Wade would jeopardize Americans’ constitutional right to privacy.
- The leaking of the draft is a violation of Supreme Court justices’ ability to deliberate in private.