WIRED investigation this week it was discovered that the SweepWizard app, which is used by several US law enforcement agencies to coordinate raids, was publicly revealing sensitive data about hundreds of police operations until WIRED uncovered the flaw. The exposed data included personally identifying information about hundreds of officers and thousands of suspects, including the geographic coordinates of suspects’ homes and the time and location of raids, demographic and contact information, and the Social Security numbers of some suspects.
Meanwhile, police in the Indian state of Telangana are using public education initiatives to help people avoid digital scams and other online exploitation. And industrial control giant Siemens disclosed a major vulnerability in one of its most popular lines of programmable logic controllers this week. The company has no plans to fix the vulnerability because, in its view, it is only exploitable through physical access. However, researchers say it creates exposure to the industrial control environments and critical infrastructures that include any of the 120 models of vulnerable S7-1500 PLCs.
And there is more. Each week, we highlight the security news that we haven’t covered in depth ourselves. Click on the headlines below to read the full stories.
The United Kingdom’s Royal Mail service said on Wednesday that it had been hit by a ransomware attack and, as a result, could not process packages and letters for international shipping. The company asked customers not to attempt to send international mail until the attack was remedied. Royal Mail officials blamed the prolific cybercrime ransomware group LockBit, believed to be based in Russia, for the attack. The Royal Mail has not commented extensively on the matter but has called it a “cyber incident” and warned there would be “major disruption” as a result of the attack.
In November, aides to President Joe Biden found classified material from his time as vice president in an office he used before he began his 2020 presidential campaign and in his home of Wilmington, Delaware. Now, after combing through the President’s papers and offices, they have found more classified documents in an additional location. NBC News, which first reported the new details on Wednesday, wrote, “The classification level, number, and exact location of the additional documents were not immediately clear. It was also not immediately clear when the additional documents were discovered and whether the search for any other classified material Biden may have from the Obama administration has been completed.”
Microsoft said in March 2019 that it would support Windows 7 and that customers should migrate to newer versions of the operating system. Starting in January 2020, the company continued to provide security updates only to enterprise customers who paid for extended support. Microsoft said this would also disappear at the end of 2022. The company confirmed on Tuesday that security updates for Windows 7 have ended and that all users should upgrade if they haven’t already. Computers that continue to run Windows 7 will not receive updates and will be vulnerable to hacking. The operating system was first launched in 2009 and has been ubiquitous in its life. Like many versions of Windows, it will likely have a long tail. TechCrunch reports that some market share data analysts estimate that 10 percent of Windows PCs worldwide are still running Windows 10. Apparently due to lower adoption rates, Microsoft ended support for Windows 8 in January 2016 and also ended support for Windows 8.1 on Tuesday. . And the company will not offer extended support for Windows 8.1.
Cybercriminals are trying to commit identity theft by exploiting a very basic security weakness on the Experian credit bureau website. Experian designed its systems so that people requesting a copy of their credit report must correctly answer a number of multiple-choice questions about their financial history to validate their identity. Until the end of 2022, however, Experian’s website was allowing anyone to bypass the requirement by entering a person’s name, date of birth, Social Security number and address. This set of information is often easily accessible to cybercriminals due to past data breaches and a composite of breaches that have been put together.
Investigation September 2022 at the The New York Times included candid commentary from Russian soldiers about their criticism of Russia’s invasion of Ukraine and the ongoing war in the country. But the story appears to have accidentally exposed phone numbers and other identifying metadata about some of the sources, and the information in public source code for the story continued until Motherboard alerted the publication in January. Although unintentional, this event has real potential implications for the physical safety of the sources, which could have consequences for the Russian government or other entities.