Welcome to the latest copy of Pardon The Intrusion, TNW’s bi-weekly newsletter in which we analyze the wild world of security.

During the first wave of COVID-19, acquaintance archetype apps were touted as THE BIG SOLUTION to arrest the pandemic.

Most countries rolled out their own versions, and later Apple and Google calm built a unified acknowledgment notification API that works across Android and iOS.

This is all well and good, but there’s been no actual evidence yet they’re allowance to stop COVID-19.

Then there are the aloofness and aegis worries. Acquaintance archetype apps often rely on Bluetooth and area tracking as a means to alert people who’ve been near addition who has tested positive.

One such app is Aarogya Setu, which is the Indian government’s official civic coronavirus tracker.

After concerns were again raised about the app’s use of GPS data, the Android adaptation of the app was eventually open-sourced in May (the iOS adaptation has not been made accessible to date).

But apparently, there’s more to worry about. India’s Central Advice Commission has now warned the country’s Ministry of Electronics and Advice Technology (MeitY) for “obstruction of advice and accouterment an ambiguous reply” to questions raised by activist Saurav Das about the app’s conception, including capacity of clandestine sector involvement.

MeitY did put out a statement to abode the issue, insisting the “app has been developed in the most cellophane manner and all capacity and abstracts including Aloofness Policy and Aarogya Setu Data Access & Knowledge Sharing Protocols.”

While there is no abstinent acquaintance archetype apps can be useful to track real-time spikes in exposures, accuracy and accountability will go a long way appear instilling trust in the technology.

What’s trending in security?

The gang behind Maze ransomware shut down, offline messaging app Bridgefy added end-to-end encryption, and NSA bigmouth Edward Snowden was accepted permanent residency in Russia.

  • WIRED’s Lily Hay Newman profiled Maddie Stone, who works for Google’s Project Zero elite bug-hunting team, tracking down some of the most severe vulnerabilities. “For me the active factor of my work is how cool it would be if every person on Earth, behindhand of how cheap or big-ticket their device, is had safe and secure access to the internet. That could bear to so many altered parts of humanity,” says Stone. [WIRED]
  • Another long read. This time from Signal CEO Moxie Marlinspike, who is “trying to bring course to the Internet.” [The New Yorker]
  • NSA bigmouth and aloofness activist Edward Snowden was accepted abiding address in Russia. [Reuters]
  • Offline messaging app Bridgefy added abutment for end-to-end encryption, two months after advisers apparent a number of aegis flaws that could be used to deanonymize users, break and read direct messages, and even shut down the network. [TechCrunch]


  • The group behind Maze ransomware shut down operations for good. [TechCrunch]
  • Singapore adapted its Personal Data Protection Act (PDPA) to allow local businesses to use customer data after prior accord for careful purposes, such as business advance and research. The revised adjustment also allows for harsher banking penalties to be meted out for data breaches, above the antecedent cap of SG$1 million. [ZDNet]
  • A data breach broker is affairs annual databases absolute 34 actor user annal on behalf of a threat actor who broke into 17 companies this year. [Bleeping Computer]


  • The DHS, CISA, and FBI shared more info on how an Iranian state-sponsored hacking group was able to autumn voter allotment data from U.S. state websites, including acclamation sites. [CISA]
  • Grayshift, the maker of the GrayKey device used by law enforcment to break into encrypted iPhones, raised $47 million. [Grayshift]
  • Researchers managed to abstract the secret key that encrypts microcode updates Intel provides to fix aegis vulnerabilities and other types of bugs in its CPUs. [Ars Technica]
  • The last fortnight in data breaches, leaks and ransomware: Dr. Reddy’s, Folksam, Gunnebo Group, Lazada RedMart, Lupin, Mattel, Nitro PDF, Sopra Steria, The Press Trust of India, True, and Vastaamo.

Data Point

Even as the US government is admonishing of ransomware attacks adjoin healthcare systems, cybersecurity firm ESET’s Threat Report for Q3 2020 shows an almost 20% abatement in ransomware action in the quarter. Based on telemetry data, Win/Filecoder.WannaCryptor led the class with more than 52% of detections. The Win/Filecoder.Crysis family ranked second with 6.6%, followed by Win/Filecoder.Phobos with 4.7% of detections.


Tweet of the Week

Talk about an opsec fail! The US government charged 6 Russian intelligence officers last month for accustomed out some of the most annihilative cyberattacks. It turns out 3 of those indicted, and 46 others, all registered their cartage to a non-existent accommodation in Moscow: “Svobody 21?.”


That’s it. See you all in two weeks. Stay safe!

Read next: Millions of websites won't load on over 30% of Android accessories starting next year -- but there's a fix