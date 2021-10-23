drum and endless High-profile ransomware attacks continued this week, but Google Threat Analysis Group also raised awareness of the intricate cookie-switching attacks that hackers have used in recent years to hijack prominent YouTube channels. While this type of attack is not new, Google has taken important coordinated action to curb the trend. Compromised YouTube channels have been used to broadcast cryptocurrency scams and disseminate other misinformation.

Meanwhile, the International Organization for Standardization released the first set of guidelines for the production of sex toys last week in a major step towards establishing minimum safety standards across the industry. Named ISO 3533 or Sex Toys: Design and safety requirements for products in direct contact with the genitals, anus or both, the document, while important, does not set out clear guidelines for digital security or privacy, both areas where toys sexual have already had significant and influential stumbling blocks.

If you are thinking about account security and want a lightweight weekend project to help improve things, double check if you have two-factor authentication enabled wherever it is offered. And if you want to move between authentication apps, say from Google Authenticator to Twilio Authy, we have a guide to make it easy without losing access anywhere.

But wait, there is more. Every week we summarize all the WIRED security news not covered in depth. Click on the headlines to read the full stories and stay safe there.

The infamous Russia-based ransomware gang REvil, which was responsible for the JBS Meat attack in June and Kaseya managed the software compromise in July, was hacked and knocked offline by a consortium of government law enforcement groups. The FBI, the US Cyber ​​Command, and the Secret Service worked with partners in other governments on the REvil infrastructure sabotage project. Following the Kaseya breach and the final ransomware attacks in July, the FBI was able to obtain a universal decoder from REvil itself. But officials held the vehicle so that they would not disclose their access to REvil infrastructure. After some of the gang platforms went offline in July, members restored them from backups in September and accidentally restored access to the ongoing law enforcement system, opening the door for a removal. REvil’s Happy Blog website and data flow platform is now inaccessible.

The second-largest television station operator in the United States, Sinclair Broadcast Group, was hit by a ransomware attack earlier this week that affected the company’s operations and broadcasts. The worst encryption tool used in the attack is similar to the one used before by the Russian-sanctioned criminal gang Evil Corp. Malware has been attributed to the gang in the past. Sinclair struggled to stabilize its operations throughout the week and employees reported a chaotic situation as stations worked to maintain their broadcasts. “Our focus remains to continue to work closely with a third-party cyber security firm, other incident response professionals, law enforcement and government agencies as part of our investigation and response to this incident,” Sinclair said in a statement. statement Thursday.

A hacker apparently compromised Argentina’s Registro Nacional de las Personas, stealing personal information about all Argentines. The body is now circulating privately for sale in criminal circles. The breach occurred last month and targeted government IT networks to access the database, also known as RENAPER. The agency issues national identification cards and other government agencies may request its own database. Government officials said in a statements that attackers included a legitimate user account to access the database instead of hacking it exploiting a vulnerability. The first signs of the breach came in early October when a new Twitter account created ID card photos and other personal information about 44 prominent Argentines, including President Alberto Fernndndez and soccer stars Lionel Messi and Sergio Aguero.

On Thursday, the Federal Trade Commission summoned six major U.S.-based Internet service providers for their obscure data management practices and lack of meaningful privacy and security controls. The study focused on AT&T Mobility, Cellco Partnership (Verizon Wireless), Charter Communications Operating, Comcast (Xfinity), T-Mobile US and Google Fiber. ISPs do not make their privacy practices clear, the FTC found, and do not adequately disclose how they use customer data. The investigation also showed that the services make it challenging for their clients to give up data collection.

The issues have been known for years, but efforts by the government and the private sector to curb such abuses have not gone clearly enough. As consumers surely expect ISPs to collect certain information about the websites they visit as part of their web service delivery, they will surely be surprised by the extent to which the data is collected and combined for purposes that not related to the service they require, the FTC wrote in the report, in particular, browsing data, TV viewing history, email and search content, data from connected devices, location information, and data race and ethnicity.

