Tech News Summary

Instagram’s CSAM Network Exposed

• Instagram’s Child Sexual Abuse Material (CSAM) detection network was significantly larger than previously reported, according to a report by Vice.
• The company has used automated tools to detect and remove the content from its platform since 2018, but the report suggests the technology is more widespread than previously stated.
• Instagram has faced criticism about its policies in this area, with some experts and campaigners arguing the company prioritises its own image over child safety.

Clop Hackers Claim Credit for MOVEit Transfer Exploit

• The threat group behind the Clop ransomware have taken responsibility for a security breach that affected customers of Ipswitch’s file transfer tool, MOVEit Transfer.
• The hackers, who claim to have exfiltrated data from the US law firm Jones Day and other victims earlier this year, announced they had carried out the breach on Russian-language hacking forums.
• Cybersecurity experts warn the news highlights the importance of securing file transfer tools, which are commonly integrated with other corporate systems and can therefore serve as a gateway for hackers.

$35 Million Crypto Heist with North Korean Ties

• A North Korean state-sponsored hacking group known as Lazarus has been linked to a $35 million cryptocurrency theft from Poly Network, a blockchain platform that enables trading between different digital assets.
• The hackers exploited a vulnerability in the platform’s smart contract and began transferring the stolen funds late last week.
• The following day, the group returned most of the stolen funds, citing concerns about damaging Poly Network’s reputation and compliance with anti-money laundering regulations.

Summary

Instagram’s child safety measures have been criticised after it emerged its detection network for Child Sexual Abuse Material (CSAM) is larger than previously reported. It has reportedly used automated tools to detect this type of content since 2018. Meanwhile, Clop ransomware hackers have claimed responsibility for a cyber attack that impacted customers of Ipswitch’s file transfer tool, MOVEit Transfer. Cybersecurity experts have warned that this highlights the need to secure file transfer tools, which are commonly integrated with other corporate systems, risking the security of entire systems. Finally, North Korean state-sponsored hackers Lazarus have been linked to a $35 million cryptocurrency theft from blockchain platform Poly Network. While the bulk of the funds were returned the following day, the incident raises the issue of the need for cybersecurity measures to combat state-sponsored threats.

Original Article: https://www.wired.com/story/mt-gox-indictment-security-roundup/