Slack announces a hack in its Github code repository

Since then Elon Musk spent $44 billion on Twitter and fired most of the company’s employees, there were concerns about data leakage. Now it seems like a security incident that happened before Musk came to power is causing a headache. It emerged this week that hackers had published a treasure trove of 200 million email addresses and their links to Twitter handles that were likely collected between June 2021 and January 2022. The sale of data could compromise anonymous Twitter accounts and trigger additional scrutiny by regulators. to the company.

WhatsApp has launched a new anti-censorship tool that they hope will help people in Iran avoid forced blocks on the messaging platform by the government. The company has made it possible for people to use a proxy to access WhatsApp and avoid government filtering. The tool is available worldwide. We also explained what pig butchering scams are and how to avoid falling into their traps.

Also this week, cybersecurity firm Mandiant reported that it has seen Russian cyber-espionage group Turla use innovative new hacking tactics in Ukraine. This group, believed to be linked to the FSB intelligence services, has been seen using covert USB infections from other hacker groups. Turla registered years-old expired malware domains and managed to take over its command and control servers.

We have also reported on the ongoing effects of the EncroChat hack. In June 2020, police in Europe reported that they had hacked the EncroChat encrypted phone network and collected over 100 million messages from its users, many of whom are potentially serious criminals. Now, thousands of people have been imprisoned based on intelligence gathered, but the arrest raises broader questions related to law enforcement hacking and the future of encrypted phone networks.

But that’s not all. Every week we collect security stories that we ourselves have not reviewed in detail. Click on the headings to read all stories. And stay safe there.

December 31, when millions of people were preparing for the start of 2023, Slack published a new security update on their blog. In the post, the company says it has discovered “a security issue involving unauthorized access to a subset of Slack’s code repositories.” Beginning December 27, an unknown attacker was discovered to have stolen Slack employee tokens and used them to access his external GitHub repository and download part of the company’s code.

“Upon learning of the incident, we immediately invalidated the stolen tokens and began investigating the potential impact on our customers,” Slack said in the disclosure, adding that the attacker did not gain access to customer data and Slack users do not need to do anything.

The incident is similar to the Dec. 21 security incident disclosed by authentication firm Okta, a cybersecurity journalist. Catalin Chimpanu remarks. Shortly before Christmas Octa Revealed his code repositories were made available and copied.

Slack quickly discovered the incident and reported it. However, as noted Beeping Computer, Slack’s security disclosure did not appear on his regular news blog. And in some parts of the world, the company has included the code to prevent search engines from including it in their results. In August 2022, Slack forced a password reset after a bug that produced hashed passwords for five years.

A black man in Georgia spent almost a week in jail after police reportedly relied on a facial recognition mismatch. The Louisiana police used this technology to obtain an arrest warrant for Randal Reid in a theft case they were investigating. “I have never been in Louisiana for a day in my life. Then they told me it was theft. So not only was I not in Louisiana, but I didn’t steal,” Reid told a local news site. Nola.

The publication says the detective “took the algorithm at face value to get the warrant” and says little is known about police use of facial recognition technology in Louisiana. The names of the systems used were not disclosed. However, this is only the latest use of facial recognition technology in wrongful arrests. While police use of facial recognition technology has rapidly spread throughout the US, studies have repeatedly shown that it misidentifies people of color and women more often than white men.

On the first day of this year, Ukraine launched its deadliest ever missile strike against invading Russian troops. An attack on a temporary Russian barracks in Makiivka in the Russian-occupied Donetsk region killed 89 servicemen, according to the Russian Defense Ministry. Ukrainian officials say about 400 Russian soldiers were killed. Subsequently, the Russian Ministry of Defense stated that the troops were located because they were use of mobile phones without permission.

During the war, both sides declared that they the ability to intercept and locate phone calls. While Russia’s latest statement should be treated with caution, the conflict has shown how open source data can be used to target troops. Drones, satellite imagery and social media posts have been used to monitor people on the front lines.

A new law in Louisiana requires porn sites to verify the age of visitors from the state to prove they are over 18. The law states that age verification must be used when a website contains 33.3 percent or more of pornographic content. In response to the law, PornHub, the world’s largest porn site, is now giving people the ability to link your driver’s license or government ID through a third party service to prove they are of legal age. PornHub says it doesn’t collect user data, but the move has raised fears of surveillance.

Countries around the world are introducing laws requiring visitors to porn sites to prove they are old enough to view explicit material. Legislators in Germany and France have threatened to block porn sites if they don’t take action. Meanwhile, in February 2022, Twitter began blocking adult content creators in Germany due to a lack of age verification systems. The UK tried to introduce similar age verification measures between 2017 and 2019; However, the plans collapsed due to confusion of porn site administrators, design flaws and fears of data leakage.

The world of spies is, by its very nature, shrouded in mystery. Countries send agents to countries to gather intelligence, recruit other assets, and influence events. But sometimes these spies are caught. Since Russia’s full-scale invasion of Ukraine in February 2022, more Russian spies across Europe have been identified and expelled from countries. AND new database by open-source researcher @inteltakes has pieced together the famous cases of Russian spies in Europe since 2018. The database contains 41 records of exposed spies and, where possible, the nationality of each asset, the profession and service they were recruited to.