Someone Snuck a Card Skimmer Into Costco to Steal Shopper Data

Google security researchers discovered a watering hole attack on Apple devices in Hong Kong this week. Hackers placed a backdoor to allow them to steal data, download files and more, as well as compromise media and pro-democracy websites. Google did not attribute the campaign to any particular actor but noted that "the activity & targeting are consistent with a government supported actor." This incident echos the 2019 revelations that China had targeted thousands more iPhones and Macs in the region. It is a wake up call that iOS security may not be as reliable as people think.
The Justice Department announced its largest ransomware enforcement action yet. It arrested one hacker linked to the REvil group, and took $6.1 million in cryptocurrency from another. While there is still much to be done to curb the wider ransomware threat and to make law enforcement more effective, it's a good start to show that law enforcement can extract consequences.

You're not the only one who noticed that TikTok encourages you to connect with more friends and family, rather than limit your feed to engaging and talented strangers. In recent months, the platform took unprecedented measures to find out your real friends. This raises concerns about privacy and whether TikTok's changes could make the social network less appealing.

At this week's RE-WIRED conference, Jen Easterly, Director of the Cybersecurity and Information Security Agency spoke to us about the threats facing the US government from more sophisticated adversaries. Easterly has been through the ranks of the NSA, the Pentagon and is familiar with offensive cyber operations. Her job now? Do some defense. She suggests that you do so with the support of the wider hacker community.

There's more! Every week, we bring you all the security news WIRED missed. To read the complete stories, click on the headlines. Stay safe out there.

Card-skimmer attacks, which impersonate credit cards readers to steal your payment information, are often associated with ATMs or gas pumps. Recently, however, a Costco warehouse was hacked by a card-skimming device. According to BleepingComputer, an employee found the intrusive equipment while performing a routine check. The company informed those whose credit cards may have been stolen. It is a reminder to check where your credit card information is stored, or use NFC payments.

Robinhood revealed earlier this week that a hacker had accessed a 5 million-person email list, including the full names and addresses of 2 million people. He also obtained the zip codes, date of birth, name and address of 310 people. Motherboard reported that attackers had accessed internal tools that could have allowed them to disable two-factor authentication, log them out, and see their trading and balance information. Robinhood claims that customer accounts were not tampered with. However, this doesn't change the fact that they could have been.

Spyware manufacturer NSO Group has been a source of controversy in recent times. It was recently added to the US Entity List for allegedly "developing and providing spyware to foreign governments that used this tool to maliciously target government officials. Journalists, journalists, businesspeople. activists, academics and embassy workers." Researchers at Frontline Defenders claim they have found the Pegasus malware on six Palestinian activists' phones. Although they couldn't prove that the malware was originated in any particular country or organization, the incident is the latest in a long list of surveillance malware being used when it shouldn't.

Here are more great WIRED stories