We also looked at how a new data ruling in Europe prevents Meta from sending data from the EU to the US, potentially causing app outages across the continent. However, the decisions also had wider implications: reforming U.S. surveillance laws.
This week, a new phone carrier launched with a specific goal: protecting your privacy. Invisv’s Pretty Good Phone Privacy or PGPP service separates phone users from an identifier linked to your device, which means it can’t track your mobile browsing or link you to a location. The service helps with a lot of privacy concerns. If you want to take your security even further, here’s how to use Apple’s new Lockdown Mode in iOS 16.
But that’s not all. Every week, we highlight stories that we ourselves haven’t covered in depth. Click the title below to read the full story. And stay safe outside.
The Federal Trade Commission announced this week that it has begun developing new rules on data privacy in the United States. In a statement, FTC Chair Lina Khan emphasized the need for strong privacy rules to rein in the “surveillance economy,” which she said was opaque, manipulative, and responsible for “exacerbating… power imbalances.” Anyone can submit rules for consideration by the agency between now and mid-October. The FTC will hold a public “virtual event” on the issue on September 8.
Communications company Twilio said this week that “sophisticated” attackers have successfully launched a phishing campaign targeting its employees. The identity management platform itself was hacked by the Lapsus$ hacking group earlier this year, with attackers sending text messages with malicious links containing words like “Okta.” Twilio later said the scheme allowed attackers to access the data of 125 customers. But the campaign didn’t stop there: Cloudflare later revealed that it was also a target of attackers — although they were blocked by the company’s hardware-based multi-factor authentication tool. As always, be careful what you click.
Elsewhere, enterprise tech giant Cisco disclosed that it fell victim to a ransomware attack. According to Talos, the company’s cybersecurity arm, attackers compromised employees’ credentials after accessing personal Google accounts, which gave them access to credentials synced from their browsers. The attackers, identified as part of the Yanluowang ransomware gang, then “performed a series of sophisticated voice phishing attacks” in an attempt to trick victims into accepting multi-factor authentication requests, which were ultimately successful. The attackers lost access to critical internal systems and were eventually removed, Cisco said. However, the attackers claim to have stolen more than 3,000 files totaling 2.75 GB of data.
Meta’s WhatsApp is the world’s largest end-to-end encrypted messaging service. While it may not be the best encrypted messenger — you’ll want to use Signal for maximum protection — the app keeps billions of texts, photos, and phone calls safe from prying eyes. WhatsApp is now introducing some extra features to help improve people’s privacy on its app.
Later this month, you will be able to leave a WhatsApp group without notifying every member that you have left. (Only group admins will be alerted). WhatsApp also allows you to choose who can see your “online” status and who can’t see your “online” status. Finally, the company is also testing a feature that allows you to block screenshots of photos or videos sent using its “view once” feature, which destroys the message when it sees it. Here are some other ways to improve your privacy on WhatsApp.
Finally, security researcher Troy Hunt is probably best known for his Have I Been Pwned website, which lets you check your email for any of the 622 website data breaches One all contained addresses or phone numbers for a total of 11,895,990,533 accounts. (Spoiler: It probably has.) Hunter’s latest project is getting revenge on email spammers. He created a system called Password Purgatory, which encourages spammers who email him to create an account on his website so they can together “really enhance the real-time experience.”
question? It is not possible to meet all password requirements. Every time a spammer tries to create an account, they are told to skip more steps to create a correct password. Example: “Password must end in dog” or “Password must not end in ‘!'” A spammer spent 14 minutes trying to create an account, tried 34 passwords, and gave up: catCatdog1dogPeterdogbobcatdoglisadog.
