Proton, the company behind Proton Mail, has launched an end-to-end encrypted alternative to Google Docs, seeking to compete with the cloud giant on privacy. We look at how Apple is taking a similar approach with its AI deployment, using a system it calls Private Cloud Compute in its new Apple Intelligence features.
In other news, we take an in-depth look at how US bans on TikTok and Kaspersky software, despite their national security justifications, pose a threat to internet freedom. We attend a crash course for US diplomats on cybersecurity, privacy, surveillance and other digital threats. And we publish a comprehensive investigation into the origins of the world’s most popular 3D-printed gun, which revealed its creator was a self-described “incel” with right-wing terrorism fantasies.
But that’s not all. Every week, we round up the security news we didn’t cover in depth. Click on the headlines to read the full stories and stay safe.
The massive Ticketmaster hack may have taken another turn. In June, hackers claimed to have stolen the information of 560 million people from the Live Nation-owned ticketing company. The company has since confirmed the security breach, saying their information was stolen from their Snowflake account. (More than 165 Snowflake customers were affected by attacks on the cloud storage company that exploited a lack of multi-factor authentication and stolen login data.)
Now, in a post on the cybercrime marketplace BreachForums, a hacker calling himself Sp1d3rHunters is threatening to publish more Ticketmaster data. The account claims to be sharing 170,000 ticket barcodes for Taylor Swift’s upcoming US concerts in October and November. The hacker demanded Ticketmaster “pay us $2 million” or he will leak the information of “680 million” users and publish millions more event barcodes, including concerts by artists such as Pink and Sting, and sporting events such as NFL games and F1 races.
However, the claims appear to be dubious, as Ticketmaster’s barcodes are not static, according to the company. “Ticketmaster’s SafeTix technology protects tickets by automatically updating a new, unique barcode every few seconds so that it cannot be stolen or copied,” a Ticketmaster spokesperson told WIRED in a statement. The spokesperson adds that the company has not paid any ransom or responded to the hackers’ demands.
Hacking groups are known to lie, exaggerate, and inflate their claims when trying to get victims to pay up. The 680 million customers that Sp1d3rHunters claimed to have data for is more than the original figure provided when the Ticketmaster breach was first announced, and neither figure has been confirmed. Even if victims decide to pay up, hackers can keep the data and attempt to extort companies a second time.
Although the Ticketmaster security breach was originally made public in June, the company has since… only recently began sending emails to customers to alert them about the incident, which occurred between April 2 and May 18 of this year. The company says The database accessed may include email addresses, phone numbers, encrypted credit card information, and other personal information.
In recent years, there has been a marked increase in the use of information-stealing malware by cybercriminals. This malware can obtain all the login and financial data someone enters on their computer, which hackers then sell to others who want to profit from that information.
Cybersecurity researchers at Recorded Future have published Proof of concept results Show that these stolen login details can be used to potentially track people who visit the dark web Child sexual abuse material (CSAM) sites. Investigators say they were able to find thousands of login details for known CSAM websites in the data thieves’ records, which they were then able to cross-check with other data and identify possible real names linked to the abusive website logins. Investigators reported the individuals’ details to authorities.