The latest Pro-Trump Twitter clone leaked user data on day 1

Security Question Social media sites supporting Trump have become the theme of 2021: First, The absurd basic error in Parler allows all its posts to be scraped A few hours before it was deleted by the hosting provider and went offline.then Gab was compromised by hackers He stole and leaked 40 million public and private posts.Now, a website called Gettr was launched by former Trump staff and has become the third strongest contender for the worst security competition on pro-Trump social media sites because hackers managed to Hijack well-known accounts and grab private data of tens of thousands of users, Including email addresses and birthdays-all of this is done within a few hours of publishing.

Fortunately for Gettr, there is worse news to report in the security field this week, the latest crash in the ongoing global ransomware epidemic. Lily Hay Newman of WIRED watching New details exposed The hacking of Kaseya, a remote IT management tool, resulted in thousands of companies being attacked by ransomware and vulnerabilities reported to Kaseya nearly three months before the attack. We also reported on the ongoing quarrel surrounding a critical Microsoft print spooler error, which the company has tried–Failed!——Fixed this week.

In other news, we studied Amazon’s Echo Store user data invisibly even after reset, How European regulators and privacy regulators Promote a total ban on biometric surveillance, with How hard is it to get rid of the password habit Supports more secure authentication methods.

there are more. Every week we collect all safety news that WIRED has not covered in depth. Click on the title to read the full story and stay safe there.

Given Parler and Gab’s security lapses, it’s no surprise that the latest startup seeking to collect Trump’s Twitter refugees also entered the attention of hackers: on the day of its release on July 4, the hackers immediately captured the site and leaked the -Public personal information of at least 85,000 users, including email addresses, usernames, names, and dates of birth, was first discovered by the network security company Hudson Rock. The crawling of private data seems to be caused by a leaked API-security experts pointed out this problem even before the website was launched. In fact, many well-known users of the site have also been hacked more directly, in an unknown manner: the official accounts of far-right congresswoman Marjorie Taylor-Green, former Secretary of State Mike Pompeo, and Steve Bannon. , Even Jason Miller, the founder of the website and former Trump staffer, was hijacked by someone named “@JubaBaghdad”.So far, Trump has refused to join the service-perhaps partly because of its security issues, or because it has also been Flooded with Sonic the Hedgehog porn.

MIT Technology Review Patrick Howell O’Neill has produced a fascinating long reading from the archives of the cybercrime cat and mouse game: about how the joint operation between the FBI, the Ukrainian SBU intelligence agency, and the Russian Federal Security Agency has united to ban some of Russia’s largest Cybercriminals-but failed. The three agencies have worked together for months to monitor and track their investigative targets, including notorious figures such as Evgeniy Bogachev, the mastermind of the botnet operation called Game Over Zeus, and Maksim Yakubets Corp, the head of the organization called Evil Responsible for more than 100 million US dollars in digital theft and ransomware business. At the moment when the various agencies coordinated the ban, the Ukrainian SBU repeatedly postponed operations—perhaps due to corruption in its ranks—and the Russian FSB completely stopped responding to the FBI, leaving its former allies in trouble. As Howell O’Neill writes, one of the largest hacker hunts in history — and a rare attempt to cooperate between law enforcement agencies in the United States and Russia — has been “didden by corruption, competition, and obstruction.” The crazy hybrid” frustrated.

Last month, the FBI and law enforcement agencies in Australia and Europe revealed that they secretly took over and operated an encrypted phone company called Anom. They used the company to sell allegedly privacy-protected phones to investigating suspects around the world. These phones contained a secret backdoor, which they then used to crack more than 800 suspected criminals. Now, Motherboard has obtained and conducted a hands-on analysis of one of the phones used in the sting operation. They detailed how it hides the encrypted message function in a fake calculator application, runs a custom operating system called ArcaneOS, and provides an emergency wipe function. It is also an interesting souvenir of one of the largest law enforcement agencies in the history of the global agency-as long as you are not one of the many owners who will end up in jail.

In the impact of Kaseya this week, Bloomberg reported on another apparently different type of Russian hacking incident: the hacker known as Cozy Bear had past connections with Russia’s foreign intelligence agency SVR and violated the Republican National Committee. Two people familiar with the matter Tell Bloomberg. RNC itself denied that it was hacked or any information was stolen, but then admitted that Synnex, the RNC technology provider, was hacked last weekend. It is not clear whether the incident is related to Kaseya’s ransomware-focused hacking, which is related to the Russian cybercrime operator REvil. But given that SVR’s mission is to conduct secret intelligence gathering on various political and government targets, it is not surprising that it targets RNC, just as it targeted the famous DNC in 2016.

More exciting connection stories