Hackers Threaten to Leak Planned Parenthood Data
Plus: Kaspersky’s US business sold, Nigerian sextortion scammers jailed, and Europe’s controversial encryption plans return.
Even those of you who do everything you can to secure those secrets can find yourself vulnerable—especially if you’re using a YubiKey 5 authentication token. The multifactor authentication devices can be hacked thanks to design flaws discovered by researchers at the University of Birmingham.
The researchers found that they could bypass the key’s security features and extract its cryptographic keys by using a custom-built tool that costs about $500 to construct. Once attackers have those keys, they can clone the YubiKey and use it to impersonate the victim.
Yubico, the company that makes the YubiKey, has released a security advisory and is urging users to update their devices’ firmware. But even with the update, the researchers say that the YubiKey 5 is still vulnerable to some attacks.
So, what should you do if you’re using a YubiKey 5? First, update your firmware to the latest version. Second, consider using a different type of multifactor authentication device, such as a hardware security key that doesn’t have the same vulnerabilities as the YubiKey 5. And finally, be sure to keep your devices and software up to date, and be aware of the latest security threats.
Kaspersky’s US business sold
Kaspersky Lab, the Russian cybersecurity company, has sold its US business to a consortium led by General Atlantic, a private equity firm. The deal is reportedly worth around $1 billion.
The sale comes amid heightened scrutiny of Kaspersky’s ties to the Russian government. In 2017, the US government banned Kaspersky products from being used on government computers, citing concerns that the company could be used to spy on the US.
Kaspersky has denied any wrongdoing, but the sale of its US business is a sign that the company is facing increasing pressure from the West.
Nigerian sextortion scammers jailed
A group of Nigerian sextortion scammers have been sentenced to prison in the US. The scammers targeted victims on social media, posing as young women and tricking them into sending nude photos and videos. The scammers would then blackmail the victims, threatening to release the photos and videos if they didn’t pay up.
The seven scammers were sentenced to prison terms ranging from 18 months to six years. They were also ordered to pay restitution to their victims.
This case is a reminder of the dangers of sextortion scams. If you are ever contacted by someone who is asking you to send nude photos or videos, do not do it. Report the scammer to the authorities.
Europe’s controversial encryption plans return
The European Union is once again considering plans to require encryption companies to provide law enforcement with access to their users’ encrypted messages. The plans have been met with opposition from privacy advocates, who argue that they would undermine encryption and make it easier for governments to spy on their citizens.
The EU is considering the plans as part of its efforts to combat terrorism and organized crime. But privacy advocates say that the plans would do little to stop criminals, who will simply find other ways to communicate securely.
The debate over encryption is likely to continue for some time. But for now, it is important to remember that encryption is a vital tool for protecting our privacy and security online.
Be First to Comment