Apple Worldwide Developer This week’s conference includes a notification array about OS releases and of course the company’s much-anticipated mixed reality headset, the Vision Pro. Apple also announced that it is Expanded nudity detection on device for children’s accounts as part of efforts to combat the creation and distribution of child sexual abuse material. The company is also launching more flexible nudity detection for adults.
internal Documents obtained by WIRED reveal new details this week about how visual board platform 4chan does and doesn’t censor content—resulting in a violent and blind mess. Researchers as a team at the University of Texas, Austin, increasingly develop resources and clinics that organizations like local governments and small businesses can rely on for critical cybersecurity advice and support. Meanwhile, cybercriminals are expanding their use artificial intelligence tools to create deceptive contentbut defenders are also incorporating AI into their detection strategies.
New Insights from North Korean defectors illustrate the risky digital landscape in the reclusive country. Surveillance, censorship, and surveillance are rampant among North Koreans who can access it online and millions more without digital access. And research published this week from internet infrastructure company Cloudflare shed light on the digital threats faced by participants in the company’s Project Galileo programprovides free protection to civil society and human rights organizations around the world.
And there’s much more. Each week, we compile security stories that we don’t cover in depth ourselves. Click on the title to read the full story. And stay safe out there.
The US Department of Justice on Friday indicted two Russian men, Alexey Bilyuchenko and Aleksandr Verner, for the 650,000 bitcoin hack of Mt.Gox. The two appear to have been charged in absentia with evading arrest in Russia — unlike one of their alleged accomplices, Alexander Vinnik, who was previously convicted in 2020.
Bilyuchenko and Verner allegedly violated Mt. Gox in 2011, in the early days of that original bitcoin exchange. The DOJ said it gradually withdrew funds from the exchange for three years until Mt. Gox disclosed the theft and declared bankruptcy in February 2014. Meanwhile, Bilyuchenko and Vinnik allegedly created the whole thing. other exchange, BTC-e, to launder the proceeds of this massive hack. In the years that followed, BTC-e became a massive withdrawal point for every criminal cryptocurrency.
The new indictment against Bilyuchenko and Verner offers only a mixed solution to the case of one of the largest cybercrime thefts ever. By disclosing the new indictment, the DOJ could tacitly admit that they would never have had a chance to get their hands on the two men. In contrast, the indictment against Vinnik was kept secret for years until he made the mistake of vacationing in Greece in 2017. After spending years in prison in France, Vinnik has now been extradited to face charges. faces charges in the US, where he is lobbying to be swapped for imprisonment The Wall Street Journal reporter Evan Gershkovich.
Critics of end-to-end encryption tools and anonymous networks like the dark web often point to the creation and sharing of child sexual abuse material, or CSAM, as the worst consequence for privacy. of those tools. But a new study from The Wall Street Journal, the Stanford Internet Observatory and the University of Massachusetts at Amherst discovered a vast network of child exploitation images and videos being sold and even commissioned on Instagram’s open, public network. And in some cases, its automatic recommendation algorithms even advertise more CSAM documents to users looking for that awful content.
Researchers have found that certain hashtags on Instagram, such as #pedobait and #mnsfw (or “unsafe jobs for minors”) lead users to group of hundreds of hidden—but completely public—accounts where CSAM is ad-free and where users can post pictures and videos of sexual acts and self-harm. In some cases, the accounts even advertised face-to-face sexual encounters with children. And when users searched for such evil material, Instagram’s algorithms actively promoted them, the researchers found, even when it also posted interstitial warnings to users that such content is illegal and causes “serious harm” to children. In response to this research, Instagram changed those interstitial ads to block CSAM content instead of just warning users of its consequences, and Instagram’s parent company, Meta, said it created a special group new task to solve the problem.
The researchers found that Twitter also had 128 accounts selling CSAM documents. But that’s less than a third of Instagram’s 408 accounts selling CSAM on the much larger network.
The notorious Russian-linked ransomware gang known as the Clop claimed responsibility on Monday for stealing data from what they claim amounted to “hundreds of companies” through a vulnerability in the service. file transfer MOVEit Transfer. First Microsoft attributed to group activities on Sundays. Clop is known for exploit common vulnerabilities enterprise web services or devices to steal data and launch extortion campaigns against several organizations at the same time. The team started attacking the MOVEit Transfer vulnerability at the end of May.
Another week, another major crypto heist involving hackers from the Hermit Kingdom. Late last week, independent blockchain analytics investigator ZachXBT on Twitter posted evidence that $35 million had been siphoned off the address of cryptocurrency company Atomic Wallet. He found that just five users of the hosted crypto wallet service lost $17 million and one lost $8 million. “Unfortunately, with the arrival of this scary hack, my life has been interrupted,” said a Turkish user who lost his savings. Luck. Cryptocurrency tracing company Elliptic quickly found blockchain evidence linking the hack to North Korean state-sponsored hackers. Money has flowed into Sinbad.io, a cryptocurrency “mixing” service that can quickly becoming the Kim regime’s preferred crypto-launderer. If Atomic Wallet is indeed made by North Korea — as all indications suggest — it would be the biggest crypto heist the country’s hackers have committed since the 100 million heist. dollars of the Horizon Bridge a year ago.
