Tuesday Newsday Jan 9 - Jan 15 : FTC Bans, Airdrop Vulnerabilities, & Crypto Drainers-as-a-Service (DAAS), and More!
Tuesday Newsday

Tuesday Newsday Jan 9 - Jan 15 : FTC Bans, Airdrop Vulnerabilities, & Crypto Drainers-as-a-Service (DAAS), and More!

Graham C
Graham C

As we enter the 3rd week of this fine year, the internet chefs are back to usual speed with their output. This week we'll be looking at good things, bad things, and dumb things. Let's start with the good!

💡
FTC Bans Data Broker From Selling US Citizen's Location Data

The data broker in question is Outlogic, formerly known as X-Mode Social. Per the ruling, they must now delete all unlawfully collected sensitive location data, including models and algorithms that were developed using this data. This ruling is the first of its existence and represents a positive step forward in regulating how and when consumer data can be collected, manipulated, and sold to similar brokerages.

💡
China Claims to Have Cracked AirDrop

The Chinese government is not a fan of AirDrop, mainly due to the fact that they can't spy on the peer-to-peer network it forms. This past week, a group of Chinese state-sponsored researchers made an audacious claim: They've found a way to extract sensitive information from people using Apple’s AirDrop feature. The research began when someone allegedly used AirDrop to share "inappropriate" comments in the Beijing subway.

After the incident, the government announced the following: "Due to the anonymity and difficulty of tracking AirDrop, some netizens have begun to imitate this behavior. Therefore, it is necessary to find the sending source and determine its identity as soon as possible to avoid negative impacts." The researchers claim to have de-anonymized the iOS logs by use of rainbow tables, and later sharing the data with authorities who used the data to identify "suspects involved."

💡
Cybersecurity Firm Mandiant Has Their Twitter Hacked, Promotes Crypto Drainer

This one is kind of funny considering that they were part of Google Cloud. Guess how their Twitter got hacked? This multi-million (if not billion) dollar CYBERSECURITY firm didn't have 2FA enabled 🤦. The culprits were able to successfully take over the official Twitter account and promote a fake link, pretending to be affiliated with Phantom Cryptocurrency wallet. The threat actors then used "drainers-as-a-service" to steal funds and tokens from unsuspecting users of the fake wallet.

💡
Bonus: Liveblogging While Breaching an AI Hiring Company

Outsourcing highly subjective tasks like hiring is objectively fucking stupid. To demonstrate why this is a stupid idea, one brave hacker took it upon themself to show that in practice. The alleged story in bullets:

  • Multiple US fast food chains use Chattr.ai hiring systems
  • A hacker by the name of MrBruh searches for exposed Firebase creds
  • MrBruh is able to read various data points and gain access to the full admin dashboard
  • MrBruh flexes on Chatrr even harder by refunding payments made to them

So there you have it, a quick peak at hacking for good (?). The blog claims that as of the 11th of January, their support ticket was closed without any thanks or further contact. Maybe tell your boss to think twice about implementing software from some brand-new AI start-up for important things like staffing.

TL;DR

We're not even 3 weeks into January and the chefs are serving up absolute bangers already. If I were you I'd keep a weary eye on this here blog, things are bound to get wild in 2024.

If it wasn't crystal clear already: it's absolutely essential to protect yourself online. The best way to do that is with an informed, proactive, and comprehensive privacy strategy. Using a VPN like Windscribe puts you one step in the right direction toward total digital protection.


Graham C
Graham C