zackwhittaker - Network

If you're a fan of cyber news but don't know where to begin, my free newsletter ~ this week in security ~ is a weekly roundup of all...

If you're a fan of cyber news but don't know where to begin, my free newsletter ~ this week in security ~ is a weekly roundup of all the cyber news you need to know, plus the happy corner and a weekly featured cyber cat. No email open or link tracking.

Out Sundays. Sign up now to get this week's edition.

https://this.weekinsecurity.com/

A long, brilliant weekend read: @lorenzofb chatted with the head of Riot Games' anti-cheat team about how the video game maker is...

A long, brilliant weekend read: @lorenzofb chatted with the head of Riot Games' anti-cheat team about how the video game maker is fighting its war against cheaters and cheat makers, including infiltrating cheat communities and using psychological tricks to discredit cheaters.

https://techcrunch.com/2025/05/03/how-riot-games-is-fighting-the-war-against-video-game-hackers

Excellent @lhn headline. https://www.wired.com/story/mike-waltz-has-somehow-gotten-even-worse-at-using-signal/

Excellent @lhn headline. https://www.wired.com/story/mike-waltz-has-somehow-gotten-even-worse-at-using-signal/

After hearing about Raw's planned wearable (which sounds rife for abuse), I tested the Raw dating app using dummy data and a network...

After hearing about Raw's planned wearable (which sounds rife for abuse), I tested the Raw dating app using dummy data and a network traffic analysis tool (Burp Suite, ftw). Within a few minutes, I found Raw's servers were publicly exposing users' profile data — and granular location — to the web.

After contacting the Raw's co-founder, the bug was fixed. When I asked, the company confirmed it hadn't asked for a third-party security audit of its app.

https://techcrunch.com/2025/05/02/dating-app-raw-exposed-users-location-data-personal-information

New, by me: Dating app Raw (which this week said it's planning to release a hardware wearable for tracking partners' emotions)...

New, by me: Dating app Raw (which this week said it's planning to release a hardware wearable for tracking partners' emotions) claims to use end-to-end encryption.

But when we tried the app this week, I found it was exposing users' location data and personal information to the web — no password needed.

https://techcrunch.com/2025/05/02/dating-app-raw-exposed-users-location-data-personal-information

Not clear on who the partners are, but Bleeping Computer reported earlier this week that Scattered Spider, the English-language hackers...

Not clear on who the partners are, but Bleeping Computer reported earlier this week that Scattered Spider, the English-language hackers known for their social engineering skills for gaining initial access to companies (aka advanced persistent teenagers) were involved in the hacks.

https://www.bleepingcomputer.com/news/security/marks-and-spencer-breach-linked-to-scattered-spider-ransomware-attack/

Bloomberg reporting that DragonForce ransomware gang "and its partners" were behind cyberattacks targeting U.K. retail giants...

Bloomberg reporting that DragonForce ransomware gang "and its partners" were behind cyberattacks targeting U.K. retail giants Marks & Spencer, Co-op and Harrods.

The gang also claimed to have stolen customer data.

https://www.bloomberg.com/news/articles/2025-05-02/-dragonforce-hacking-gang-takes-credit-for-uk-retail-attacks

If there's one thing I've learned about covering cybersecurity over the past decade or so, is that the cybersecurity community (the...

If there's one thing I've learned about covering cybersecurity over the past decade or so, is that the cybersecurity community (the fixers and breakers) and the cybersecurity industry (profits above all else) are two very, very different things.

The letter reads in part: "An independent infosec community is fundamental to protecting our democracy, and to the profession itself....

The letter reads in part: "An independent infosec community is fundamental to protecting our democracy, and to the profession itself. It is only by allowing us to do our jobs and report truthfully on systems in an impartial and factual way without fear of political retribution that we can hope to secure those systems."

https://www.eff.org/document/chris-krebs-support-letter-april-28-2025

Electronic Frontier Foundation and dozens of leading cyber and election security experts have signed an open letter saying they...

Electronic Frontier Foundation and dozens of leading cyber and election security experts have signed an open letter saying they "unequivocally condemn" the Trump order targeting former CISA director Chris Krebs, and demand the order is rescinded.

https://www.eff.org/press/releases/eff-leads-prominent-security-experts-urging-trump-administration-leave-chris-krebs

The federal case is 2:24-cr-00232. Here's our previous reporting from February on Wagenius pleading guilty, via @lorenzofb:...

The federal case is 2:24-cr-00232. Here's our previous reporting from February on Wagenius pleading guilty, via @lorenzofb: https://techcrunch.com/2025/02/19/us-army-soldier-pleads-guilty-to-att-and-verizon-hacks/

New: The sentencing of Cameron Wagenius, the U.S. Army soldier who pleaded guilty in February to hacking AT&T and Verizon and stealing a...

New: The sentencing of Cameron Wagenius, the U.S. Army soldier who pleaded guilty in February to hacking AT&T and Verizon and stealing a huge trove of customer phone records, will likely be delayed until September "in anticipation of additional charges being filed." No word on what new charges yet.

My weekly newsletter ~ this week in security ~ is out, with stories on Signalgate 2.0, ex-CISA chief Easterly's warning on politicizing...

My weekly newsletter ~ this week in security ~ is out, with stories on Signalgate 2.0, ex-CISA chief Easterly's warning on politicizing cyber, two major health-related breaches, Recall returns, an employee snooptech leak, and much more. Plus, the happy corner (because we all need it) and a brand new cyber cat.

Sign up/RSS: https://this.weekinsecurity.com

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-april-27-2025-edition

Donate/support appreciated: https://ko-fi.com/thisweekinsecurity

More details here on the DOJ revoking media protections, plus the...

More details here on the DOJ revoking media protections, plus the memo.

https://www.nbcnews.com/politics/trump-administration/live-blog/trump-administration-tariffs-china-immigration-doge-live-updates-rcna202928#rcrd77914

The Biden administration said as a result it (largely) wouldn't go after journalists' records, but we only had its pinky-promise....

The Biden administration said as a result it (largely) wouldn't go after journalists' records, but we only had its pinky-promise. The Senate had an opportunity to codify this into law with the PRESS Act — the House passed it with unanimous bipartisan support(!!) — but it failed, reportedly with only one or two senators holding out.

My story from last year:

https://techcrunch.com/2024/12/04/last-chance-for-the-senate-to-pass-the-press-act/

Folks seem to forget that the first Trump administration secretly obtained the phone records of journalists at the NYT, CNN and WaPo in an...

Folks seem to forget that the first Trump administration secretly obtained the phone records of journalists at the NYT, CNN and WaPo in an effort to identify their sources, and we only found out about it after the Biden administration took office, disclosed it, and stopped the practice.

https://www.axios.com/2025/04/25/bondi-doj-garland-subpoena-journalists

We've updated our TechCrunch security glossary with new cybersecurity terms that we frequently use and how/why we use them. Now includes...

We've updated our TechCrunch security glossary with new cybersecurity terms that we frequently use and how/why we use them.

Now includes crypto, sandbox, the dark web — and, for whoever needs to see this, operational security aka OPSEC.

https://techcrunch.com/2025/04/25/techcrunch-reference-guide-to-security-terminology/

Alarming to see news of the FBI arresting a serving judge for allegedly obstructing an ICE arrest, and then the FBI director tweeting about...

Alarming to see news of the FBI arresting a serving judge for allegedly obstructing an ICE arrest, and then the FBI director tweeting about it — only to delete it shortly after. Very unclear situation.

https://www.jsonline.com/story/news/breaking/2025/04/25/milwaukee-county-judge-hannah-dugan-arrested-by-feds-at-courthouse/83270885007/

New: Connecticut's largest healthcare system, Yale New Haven Health, says a data breach affects at least 5.5 million people. When I...

New: Connecticut's largest healthcare system, Yale New Haven Health, says a data breach affects at least 5.5 million people.

When I asked about the nature of the incident, a spokesperson said the hack tracks as ransomware and that law enforcement are investigating.

https://techcrunch.com/2025/04/25/data-breach-at-connecticut-yale-new-haven-health-affects-over-5-million/

Powerful words from former CISA director Jen Easterly in a post on LinkedIn, warning of the "targeting and removal of nonpartisan...

Powerful words from former CISA director Jen Easterly in a post on LinkedIn, warning of the "targeting and removal of nonpartisan public servants and the normalization of loyalty oaths."

"If we — who aim to protect critical systems — can’t defend the humans who manage and maintain them, what exactly are we securing?"

Full read: https://www.linkedin.com/pulse/what-we-really-securing-jen-easterly-auyae