Cryptocurrency tracking has becoming a key tool for police investigating everything from fraud and ransomware to child abuse. But its accuracy may soon be put to the test.
This week, we reported on new court filings by the legal team representing Roman Sterlingov, who has been in prison for 15 months, accused of laundering $336 million in cryptocurrency as the alleged owner and operator of the crypto mixer dark web Bitcoin Fog. Not only does Sterlingov maintain that he is innocent, but his defense attorney claims that the blockchain analysis that served as proof that Sterlingov established Bitcoin Fog is flawed.
Elsewhere, we highlighted Microsoft’s newly beefed-up Morse bug research team, which aims to catch flaws in the company’s software before they cause problems for the company’s billion users. We delved into the spectacular failure of a new post-quantum encryption algorithm. We listed all the big security updates you’ll need starting in July and detailed all the data Amazon’s Ring cameras collect about you.
Finally, a new report from cybersecurity firm Mandiant found that an attack on the government of Albania bears the hallmarks of state-sponsored Iranian hacking, a remarkable moment of escalation in the history of cyberwarfare, given that Albania is a member of NATO. And we ran into a Slack bug that exposed hashed passwords for five years.
But this is not all. Each week, we highlight the news we didn’t cover in depth. Click on the headlines below to read the full stories. And stay safe out there.
This is not a test. According to the Federal Emergency Management Agency and the security researcher who found the vulnerabilities, the software used to broadcast emergency alerts issued by the US government on television and radio contains flaws that could allow to an attacker to issue fake messages. The company that makes the software, Digital Alert Systems, has issued patches, and FEMA has alerted television and radio networks that use the software to update their devices immediately. Of course, patches may not be universally adopted, leaving the system at risk. There is no evidence that an attacker has exploited the flaws so far. But given the chaos that false emergency alerts can cause, we’ll just have to hope it stays that way.
A major cryptocurrency heist in one week would be bad, and there have been two this week. First, thanks to a flaw in the Nomad bridge, a type of application that allows users to move digital tokens across blockchains that are prime targets for hackers.hundreds” of people were able to steal a collective $190 million in cryptocurrencies. Now a nomad he says that anyone who returns 90 percent of the funds they swiped will be considered a “white hat” and can keep the remaining 10 percent as a reward. About $22 million of the stolen funds had been recovered so far.
The second crypto hack of the week came just a day later on Tuesday night, with hackers draining around 8,000 “hot” wallets (cryptocurrency storage applications connected to the Internet) connected to Solana ecosystem, which allowed them to steal about 5 million dollars. crypto value Solana said in a tweet that the exploit was due to a bug in “software used by various software wallets popular among network users,” not the Solana network or its cryptography.
It’s one thing to know what the NSO group spyware can do, but it’s quite another to see it for yourself. Reporters in Israel Haaretz obtained previously unreleased screenshots of Syaphan, a prototype of NSO’s now-famous Pegasus spyware, which has retained much of the look and functionality of its predecessor. The screenshots show that operators have the ability to access call and message logs and remotely enable cameras and microphones to turn an infected device into a real-time spying tool.
The government’s use of Pegasus and other spyware has led to a growing number of scandals, especially in Europe. Yesterday, Panagiotis Kontoleon, head of Greece’s intelligence service, and Grigoris Dimitriadis, secretary general of the prime minister’s office, resigned. Their departures follow a complaint filed by Nikos Androulakis, the head of the socialist PASOK party, who alleged that his phone had been targeted by Predator spyware created by Cytrox, based in neighboring North Macedonia. Greece’s prime minister’s office maintains, however, that the resignations and spyware allegations are unrelated. “He has absolutely nothing to do with Predator (spyware), to which neither he nor the government is connected in any way, as has been categorically stated,” he said in a statement.
Remember a few months ago when everyone was mad about DuckDuckGo? Well, that thing you were mad about is now (mostly) fixed, according to the company. In May, security researcher Zach Edwards found that DuckDuckGo’s privacy browsers, not its search engine, which the company is best known for, allowed some third-party Microsoft tracking scripts. DuckDuckGo, which has a partnership with Microsoft, says it has expanded its third-party tracking upload protection to include 21 more domains, blocking most of Microsoft’s tracking scripts on websites accessed through its DuckDuckGo mobile privacy browser or while using its Privacy Essentials extension. , which can be used with all major browsers. However, DuckDuckGo will still allow advertisers to track DuckDuckGo clicks using scripts from the bat.bing.com domain. Is perfect? No, even DuckDuckGo supports it. But it’s still a privacy improvement over mainstream browsers and search engines.
