Researchers uncovered a security flaw in a Kia web portal that enabled them to track millions of vehicles, unlock doors, signal horns, and even start engines within seconds, simply by reading the vehicle’s license plate. This discovery adds to a series of web vulnerabilities that have affected multiple car manufacturers. In a related situation, a few Tesla Cybertrucks have been modified for combat and are currently undergoing battlefield tests by Chechen forces in Ukraine amid Russia’s ongoing offensive.
Civilian populations are facing significant tension as Israel intensifies its operations in Lebanon. Both sides have begun receiving disturbing text messages which have led authorities to accuse one another of engaging in psychological warfare. Meanwhile, the US government has been increasingly critical of media outlets supported by Russia, like RT, for their close ties to Russian intelligence, with many digital platforms opting to remove or ban their content. Despite this, these outlets remain influential and trusted sources of information in several regions globally.
Moreover, we provide a weekly recap of privacy and security news that we haven’t explored in detail ourselves. Click on the headlines to access the complete stories. And remember to prioritize your safety.
In recent news, a new draft of the US National Institute of Standards and Technology’s “Digital Identity Guidelines” has made progress in addressing unwanted password management strategies that are known to be counterproductive. These recommendations, which will become mandatory for federal government entities and will serve as guidelines for others, prohibit the requirement for users to frequently change their account passwords, often every 90 days.
The practice of frequently changing passwords originated from the intention to prevent individuals from selecting easily guessable or reused passwords. However, in reality, this has led to the adoption of simpler or more predictable passwords to facilitate memorization. The latest guidelines also prohibit “composition rules,” which dictate a necessary mix of uppercase letters, numbers, and symbols in each password. According to the draft from NIST, the aim of the Digital Identity Guidelines is to establish “foundational risk management processes and requirements that enable the implementation of secure, private, equitable, and accessible identity systems.”
On Friday, the US Department of Justice unveiled charges against three Iranian men accused of breaching Donald Trump’s presidential campaign and leaking stolen information to news organizations. Last month, Microsoft and Google alerted that an Iranian state-sponsored hacking group known as APT42 had targeted both the presidential campaigns of Joe Biden and Donald Trump, successfully infiltrating the Trump campaign. The DOJ asserts that the hackers compromised a dozen individuals during their operation, which included a journalist, a human rights activist, and several former US officials. Recently, the US government has also indicated that Iran is attempting to meddle in the upcoming 2024 election.
During a press conference on Friday, Attorney General Merrick Garland expressed, “The defendants’ own words made clear that they were attempting to undermine former President Trump’s campaign in advance of the 2024 U.S. presidential election. We know that Iran continues with its bold efforts to foster discord, diminish confidence in the US electoral process, and further its nefarious activities.”
The Irish Data Protection Commission imposed a fine of €91 million, approximately $101 million, on Meta on Friday due to a password storage issue in 2019 that breached the European Union’s General Data Protection Regulation. Following a report by Krebs on Security, the company disclosed in March 2019 that a flaw in its password management systems had resulted in hundreds of millions of Facebook, Facebook Lite, and Instagram passwords being stored in plaintext on an internal platform without any protection. Ireland’s privacy authority initiated its inquiry into the situation in April 2019.
“It is generally recognized that storing user passwords in plaintext poses significant risks due to potential unauthorized access to such information,” stated Graham Doyle, deputy commissioner of the Irish Data Protection Commission. “It’s important to keep in mind that the passwords in question are especially sensitive, as they grant access to users’ social media accounts.”
The Tor Project, a nonprofit dedicated to digital anonymity, is joining forces with Tails, an operating system focused on privacy and anonymity. Pavel Zoneff, the communications director of the Tor Project, mentioned in a blog post on Thursday that this merger will enhance collaboration, decrease expenses, and broaden the outreach of both organizations. “Tor and Tails offer vital tools that help individuals around the globe maintain safety online,” he explained. “By uniting, these two advocates for privacy will combine their resources to concentrate on what is most important: guaranteeing that activists, journalists, other vulnerable individuals, and everyday users gain access to better digital security solutions.”