The top 30 cybersecurity vulnerabilities include a large number of common suspects


This week, wired Reported a shocking phenomenon The location of the real battleship is faked By an unknown gangster in the past few months, dozens of ships seem to have entered the disputed waters, but in reality they are hundreds of miles away. The error message appears in the form of simulated AIS tracking data, which appears on aggregated websites such as MarineTraffic and AISHub. It is unclear who is responsible or how they did it-but it played a dangerous game near gunpowder barrels in Crimea and elsewhere.

Speaking of controversy, this week two researchers released a tool to the world to capture low-hanging fruit vulnerabilities in every website—think SQL injection and cross-site scripting—and Make the results not only public but also searchable. This was actually the second iteration of the system, called Punkspider; after several complaints to their hosting provider, they closed the first one. This time, many of the same criticisms still exist, which makes Punkspider’s long-term fate become uncertain.

Apple bills itself as Large technology companies that pay the most attention to privacy There it’s done Have enough support for this reputation. But we took a look this week An important step towards consumer privacy that the company is determined not to take: Implement global privacy control, let Safari and iOS users automatically stop most tracking.

Our colleague in the UK also worked with a Cam girl from Coconut Kitty She has been using digital effects to make herself look younger in the live broadcast. In many ways, it may be the future of adult content, and its potential impact goes far beyond this fan-only account.

there are more. Every week we collect all safety news that WIRED has not covered in depth. Click on the title to read the full story and stay safe there.

This week, a joint consultation from law enforcement agencies in the United States, the United Kingdom, and Australia reported on the 30 most vulnerable vulnerabilities. Perhaps not surprisingly, this list contains a large number of defects that were publicly disclosed many years ago; everything on the list has a patch available for anyone who wants to install it.But as we have wrote Time and time again, many Slow company push updates Due to various reasons, whether it is a resource problem, a technical problem, or the downtime required to adapt to the software update. Considering how many of these vulnerabilities will lead to remote code execution-you don’t want it-hope that they will start making patching a priority.

An application called Doxcy presents itself as a dice game, but in fact, anyone who downloads it can access content from Netflix, Amazon Prime, etc., as long as the password is entered in the search bar.Apple removed the app from the App Store After Gizmodo inquired, But you probably shouldn’t install it anyway; it’s full of advertisements and may mishandle your data. All in all, you’d better pay for the subscription.

In early July, Iran’s train system suffered a cyber attack, which looked a lot like a well-designed troll; hackers posted information on the screen, suggesting that passengers call the office of Supreme Leader Khamenei for help. However, a close inspection by the security company SentinelOne revealed that the malware is actually an wiper designed to destroy data, not just take it as a hostage. The malware that researchers call Meteor appears to come from a new threat actor and lacks a certain degree of embellishment. For those who decide their next goal, this is lucky.

Last week, Amnesty International and more than a dozen other organizations released a report on how authoritarian governments abused the NSO Group’s spyware to monitor journalists and political opponents. Soon after, the Israeli government visited the country’s notorious surveillance vendor’s office. The NSO Group has repeatedly denied Amnesty International’s reports, but after French President Emmanuel Macron and other names appeared on the list of so-called potential spyware targets, domestic pressure seemed to intensify.

The Department of Justice disclosed on Friday that Cozy Bear, the hacker behind SolarWinds hacker And other complex espionage activities, last year also broke into at least one email account of 27 U.S. Attorney’s Offices. Eighty percent of the e-mail accounts used in the four U.S. Attorney’s Offices in New York were hacked. This campaign may have given them all kinds of sensitive information, and the Russian government will definitely use this information in a responsible way.

More exciting connection stories


Source link