Wired investigation This week it was discovered that the SweepWizard app, used by some US law enforcement agencies to coordinate sweeps, was publicly disclosed sensitive data about hundreds of police operations until WIRED exposed the flaw. The exposed data included personally identifiable information on hundreds of officers and thousands of suspects, including the geographic coordinates of the suspects’ homes and the time and place of the raids, demographic and contact information, and Social Security numbers for some of the suspects.
Meanwhile, Indian police in Telangana state Using grassroots educational initiatives to help people avoid digital scams and other online exploitation. and a giant of industrial control Siemens has disclosed a major security vulnerability in one of its most popular lines of programmable logic controllers this week. The company has no plans to fix the vulnerability because, on its own, it is exploitable only through physical access. Researchers say, though, that it creates exposure to industrial control and critical infrastructure environments that include any of the 120 models of vulnerable S7-1500 PLCs.
And there are more. Each week, we highlight security news that we haven’t covered in depth. Click on the titles below to read the full stories.
The United Kingdom’s Royal Mail Service said on Wednesday that it had been hit by a ransomware attack and, as a result, was unable to process parcels and letters for shipment internationally. The company asked customers not to attempt to ship international mail until the attack is fixed. Royal Mail officials blamed the LockBit ransomware group, believed to be based in Russia, for the attack. Royal Mail did not provide an extensive comment on the situation but described it as a “cyber incident” and warned that there would be “extreme disruption” as a result of the attack.
In November, aides to President Joe Biden found classified materials dating from his tenure as vice president in a desk he used before the start of his 2020 presidential campaign and at his home in Wilmington, Delaware. Now, after combing through the president’s papers and desks, they find more classified documents at an additional location. NBC News, which first reported the new details on Wednesday, wrote, “It was not immediately clear the classification level, number, and exact location of the additional documents. It was also not immediately clear when the additional documents were discovered and whether a search for any other classified material may have been carried out.” The Biden administration of the Obama administration is complete.”
Microsoft said in March 2019 that it would shut down Windows 7 and that customers should move to newer versions of the operating system. As of January 2020, the company continued to offer security updates only to enterprise customers who have paid for Extended Support. Microsoft said that, too, will run out at the end of 2022. On Tuesday, the company confirmed that security updates for Windows 7 are out and that all users should upgrade if they haven’t already. PCs that continue to run Windows 7 will not receive updates and will be vulnerable to hacking. The operating system was first launched in 2009 and was ubiquitous at its peak. As with many versions of Windows, it likely has a long tail. TechCrunch reports that some market share data analysts estimate that 10 percent of Windows PCs worldwide are still running Windows 10. Apparently due to low adoption rates, Microsoft ended support for Windows 8 in January 2016 and ended support for Windows 8.1 is also on Tuesday. The company will not offer extended support for Windows 8.1.
Cybercriminals looking to carry out identity theft exploit a very basic security vulnerability in the Experian credit bureau website. Experian designed its systems so that people who want a copy of their credit report need to correctly answer a number of multiple-choice questions about their financial history to verify their identity. Until the end of 2022, though, the Experian website allowed anyone to work around the requirements simply by entering a person’s name, date of birth, social security number, and address. This collection of information is often easily accessible to cybercriminals due to past data breaches and the combination of many breaches.
Investigated in September 2022 by New York times It included candid commentary from Russian soldiers about their criticism of the Russian invasion of Ukraine and the ongoing war in the country. But the story appears to have accidentally revealed phone numbers and other metadata about some of the sources, and the information persisted in the story’s publicly available source code until Motherboard notified the publication in January. Although unintentional, this outage has real potential implications for the physical safety of the sources, who may face repercussions from the Russian government or other entities.