SlickWraps Was Hacked, But Hasn’t Done Anything About It

SlickWraps makes skins for iPhones and Androids. It was recently hacked, but fortunately by a white hat hacker without malicious intentions. The story behind it is fascinating, especially because the company has blocked him and so far has failed to do anything about it.

To say I went to great lengths to treat SlickWraps equitably would be an understatement. Candidly, after the staggering number of primitive security flaws exhibited by their administrators (e.g. the vulnerability to Dirty COW, an exploit which was patched in 2016), I question whether they deserved the leniency I am about to describe.

Update: Other people are hacking the company too. One of them sent emails to SlickWraps customers, telling them to tweet and email the company, which responded to the incident on Twitter.

Defense Information Systems Agency Suffers Data Breach

Between May and July 2019 sensitive data like Social Security Numbers were stolen from servers belonging to the Defense Information Systems Agency (DISA), a U.S. defense agency. Earlier this month it notified victims.

The Defense Information Systems Agency has begun issuing letters to people whose personally identifiable information may have been compromised in a data breach on a system hosted by the agency. While there is no evidence to suggest that any of the potentially compromised PII was misused, DISA policy requires the agency to notify individuals whose personal data may have been compromised.

Iran Hackers Put Backdoors in VPN Servers

A new report finds that hackers from Iran have been putting backdoors in VPN servers around the world in the “Fox Kitten Campaign.” It sounds like affected companies provide VPN for enterprise, rather than consumers. ZDNet suggests Pulse Secure, Palo Alto Networks, Fortinet, and Citrix.

Though [sic] the campaign, the attackers succeeded in gaining access and persistent foothold in the networks of numerous companies and organizations from the IT, Telecommunication, Oil and Gas, Aviation, Government, and Security sectors around the world.

US Reportedly Gave Allies Evidence of Huawei Backdoors

Although the U.S. hasn’t shared it publicly, it claims to have found actual evidence of Huawei backdoors.

The United States has long claimed that Huawei can secretly access networks through the networking gear it sells to telcos, but the goverment previously argued that it doesn’t need to show any proof. US officials still are not providing such evidence publicly but have begun sharing their intelligence with other countries.

The best part is that, according to The Wall Street Journal, the origin of this report, these backdoors were intentionally put into place for law enforcement. And yet, the DoJ wants Apple to put backdoors in iOS that they swear can only be accessed by law enforcement, and definitely not foreign state hacking groups.