advertisement

Cryptocurrency tracing has become a key tool for police investigating everything from fraud and ransomware to child abuse. But its accuracy may soon be put to the test.

This week, we reported on new court filings from the legal team representing Roman Sterlingov, whos been in jail for 15 months, accused of laundering $336 million in cryptocurrency as the alleged owner and operator of dark-web crypto mixer Bitcoin Fog. Sterlingov not only maintains he is innocent, but his defense attorney claims that the blockchain analysis that served as evidence that Sterlingov set up Bitcoin Fog is flawed.

Elsewhere, we highlighted Microsofts newly bolstered Morse bug-hunting team, which aims to catch flaws in the companys software before they cause problems for the companys 1 billion users. We dove into the spectacular failure of a new post-quantum encryption algorithm. We listed all the big security updates you need to be on top of from July, and we detailed all the data that Amazons Ring cameras collect about you.

advertisement

Finally, a new report from cybersecurity company Mandiant found an attack on Albanias government has the hallmarks of state-sponsored Iranian hackinga notable moment of escalation in the history of cyberwar, given that Albania is a NATO member. And we got into the weeds of a Slack error that exposed hashed passwords for five years.

But thats not all. Each week, we highlight the news we didnt cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

This is not a test. Software used to transmit US government-issued emergency alerts on television and radio contains flaws that could allow an attacker to broadcast false messages, according to the Federal Emergency Management Agency and the security researcher who found the vulnerabilities. The company that makes the software, Digital Alert Systems, has issued patches, and FEMA has alerted the TV and radio networks that use the software to update their devices immediately. Of course, patches may not be universally adopted, leaving the system at risk. Theres no evidence that an attacker has exploited the flaws so far. But considering the mayhem false emergency alerts can cause, well just have to hope that it stays that way.

One major theft of cryptocurrency in a week would be bad, and this week saw two. First, thanks to a flaw in the Nomad bridgea type of application that lets users move digital tokens across blockchains that are prime hacker targetshundreds of people were able to steal a collective $190 million in cryptocurrencies. Nomad now says that anyone who returns 90 percent of the funds they swiped will be considered a white hat and can keep the remaining 10 percent as a bounty. Some $22 million of the stolen funds had been recovered so far.

The second crypto hack of the week came just a day later, on Tuesday night, with hackers draining around 8,000 hot wallets (cryptocurrency storage apps that are connected to the internet) connected to the Solana ecosystem, allowing them to steal around $5 million worth of crypto. Solana said in a tweet that the exploit was due to a bug in software used by several software wallets popular among users of the network, not the Solana network or its cryptography.

Its one thing to be told what NSO Groups spyware can do, but its quite another to see it for yourself. Reporters at Israels Haaretzgot their hands on never-before-seen screenshots of Syaphan, a prototype of NSOs now-infamous Pegasus spyware, which has retained much of the look and functionality of its precursor. The screenshots show that operators have the ability to access call logs and messages and remotely enable cameras and microphones to turn an infected device into a real-time spying tool.

Government use of Pegasus and other spyware has resulted in a growing number of scandals, particularly in Europe. Yesterday, Panagiotis Kontoleon, the head of Greeces intelligence service, and Grigoris Dimitriadis, general secretary of the prime ministers office, resigned. Their departures follow a complaint filed by Nikos Androulakis, the head of the socialist PASOK party, who alleged that his phone had been targeted by Predator spyware created by Cytrox, which is based in neighboring North Macedonia. Greeces prime ministers office maintains, however, that the resignations and the spyware allegations are unconnected. In no case does it have anything to do with Predator (spyware), to which neither he nor the government are in any way connected, as has been categorically stated, it said in a statement.

Remember a few months ago when everyone was mad at DuckDuckGo? Well, that thing you were angry about has now been (mostly) fixed, according to the company. Back in May, security researcher Zach Edwards found that DuckDuckGos privacy browsersnot its search engine, for which the company is better knownallowed some third-party Microsoft tracking scripts. DuckDuckGo, which has a partnership with Microsoft, says it has expanded its 3rd-Party Tracker Loading Protection to include 21 more domains, thus blocking the bulk of Microsoft tracking scripts on websites accessed via its mobile DuckDuckGo Privacy Browser or while using its Privacy Essentials extension, which can be used with all major browsers. However, DuckDuckGo will still allow advertisers to track clicks from DuckDuckGo through scripts from the bat.bing.com domain. Is it perfect? Noeven DuckDuckGo admits that. But its still a privacy improvement over mainstream browsers and search engines.