Metacurity

Metacurity is a comprehensive source for cybersecurity news, tracking global cyber incidents across various sectors. It focuses on data breaches, state-sponsored hacking, cybercrime, legal actions against tech entities, digital espionage, and emerging security technologies. The platform offers insights into the mechanisms of cyberattacks and the evolving landscape of cybersecurity defense.

Cybersecurity Trends Data Breaches State-Sponsored Hacking Cybercrime and Legal Actions Digital Espionage Cybersecurity Technologies Global Cyber Incidents

The hottest Substack posts of Metacurity

And their main takeaways

NY AG Sues Citibank For Insufficient Data Security Measures, Failure to Address Scams

1434 implied HN points β€’ 31 Jan 24
πŸ’° Finance Security Measures Scams Data Breach
  1. The New York Attorney General sued Citibank for insufficient data security measures and failure to address scams.
  2. Citibank is accused of not doing enough to prevent unauthorized account takeovers and misleading customers about their rights after being hacked.
  3. The lawsuit alleges that Citibank has overpromised and underdelivered on security measures and failed to respond to red flags.

State-Backed Chinese Forensics Firm Claims It Cracked Apple's AirDrop to Police Speech

78 implied HN points β€’ 09 Jan 24
πŸ•Ή Technology Security Privacy Cybersecurity
  1. A Chinese forensics firm cracked Apple's AirDrop to help police track down 'inappropriate speech.'
  2. The firm prevented the spread of unacceptable content on the Beijing subway using technical breakthroughs.
  3. Apple's AirDrop allows file-sharing without revealing a user's identity, which raised privacy concerns during protests.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

Best Infosec-Related Long Reads for the Week of 2/3/24

39 implied HN points β€’ 10 Feb 24
πŸ•Ή Technology Security AI Cyberattacks Data Privacy
  1. London Underground is testing AI surveillance tools to monitor passengers, aiming to improve safety but facing challenges like recognizing objects accurately and potential privacy concerns.
  2. Transitioning from passwords to passkeys promises enhanced security but requires users to adapt to new ways of authentication and storage methods like dedicated password managers or physical security keys.
  3. Using SMS for account logins can lead to security vulnerabilities like SIM-swap attacks; companies should offer more secure alternatives like Authy or Google Authenticator to improve security measures.

Fake LastPass App Made Its Way Onto Apple's App Store, Likely Used to Steal Credentials

39 implied HN points β€’ 09 Feb 24
πŸ•Ή Technology Security App Store Cyber Operations Vulnerabilities
  1. A fake LastPass app managed to get onto Apple's App Store and was likely designed to steal user credentials.
  2. Iranian cyber operations against Israel are becoming bolder and more sophisticated, posing risks to American critical infrastructure and the 2024 elections.
  3. The FCC has cracked down on AI-generated voice calls, recognizing them as 'artificial' and restricting their use for non-emergency purposes without consent.

US Disrupted Volt Typhoon by Hijacking, Wiping Botnet Routers

39 implied HN points β€’ 01 Feb 24
πŸ•Ή Technology Cybersecurity Hacking Government
  1. The US government disrupted a dangerous Chinese hacking operation known as Volt Typhoon by taking over and wiping infected routers.
  2. Senior officials expressed concern over Beijing's attempts to infiltrate US networks for potential cyberattacks on critical infrastructure.
  3. The operation was part of efforts to prevent future cyberattacks, particularly around potential conflicts like the one involving Taiwan.

Russian Hacking Group MidnightBlizzard Stole Emails From Microsoft Execs, Employees

39 implied HN points β€’ 22 Jan 24
πŸ•Ή Technology Cybersecurity Hacking Data Breach Malware Digital Security
  1. Russian hacking group MidnightBlizzard, also known as Nobelium, breached Microsoft networks and stole emails from executives and employees.
  2. The breach was detected in November but Microsoft began notifying affected staff in January.
  3. Hackers used a password spray attack on an old test account to access multiple email streams.

Best Infosec-Related Long Reads for the Week of 2/3/24

19 implied HN points β€’ 10 Feb 24
πŸ•Ή Technology Security AI Surveillance
  1. London Underground is testing real-time AI surveillance tools to spot crime, a first for the transport body.
  2. AI is being used to generate alerts sent to frontline staff based on live video footage monitored by the system.
  3. Transport for London (TfL) operated the AI system at Willesden Green Tube station, which had 25,000 visitors per day before the pandemic.

China's Volt Typhoon Has Lived in Critical Networks for At Least Five Years

19 implied HN points β€’ 08 Feb 24
πŸ“° News Cybersecurity China Ransomware Hackers
  1. Chinese hacking group Volt Typhoon has been living in critical networks of some industries in the US for at least five years.
  2. Ransomware payments topped $1.1 billion in 2023, nearly doubling from the previous year, due to a surge in attacks.
  3. UN investigates 58 suspected cyberattacks by North Korea totaling $3 billion to fund its nuclear weapons program.

Draft Biden EO Seeks to Bar Adversaries From Accessing Americans' Sensitive Data

19 implied HN points β€’ 24 Jan 24
🌍 World Politics National Security US government Data Privacy
  1. Draft Biden administration is creating an executive order to prevent foreign adversaries from accessing sensitive American data.
  2. The order will involve new restrictions on data transactions that could threaten national security.
  3. Focus on preventing foreign adversaries from legally obtaining highly sensitive personal data of Americans.