Tag Archive for: private

Higher Wages of War: A Look at the Private Military-Industrial Complex

/in


For more crisp and insightful business and economic news, subscribe to
The Daily Upside newsletter.
It’s completely free and we guarantee you’ll learn something new every day.

In 400 BC, Artaxerxes II was set to take over the Persian throne, but his younger brother, Cyrus, said “Over my dead body.”

Oh, how right he was.

With the promise of riches, Cyrus created the Ten Thousand, a large band of Greek soldiers-for-hire he would use to try to usurp his brother. While the Ten Thousand were victorious at the Battle of Cunaxa near modern-day Baghdad, Cyrus died that day, leaving the group without a leader, thousands of miles from home, and out of a job.

These days, such royal familial squabbles would more likely play out on the Twittersphere than on the battlefield. But one aspect of warfare from Cyrus’ era that endures is the mercenary – or private military contractor, as we call them today.

Outfits like Constellis, Aegis, and the Wagner Group have breathed new life into one of the oldest professions in the world, putting the value of the global private military market at more than $250 billion.

History Repeats Itself
PMCs and mercenaries have been standard military practice pretty much since the Ten Thousand:

  • When Alexander the Great invaded Asia with his Macedonian army in 334 BC, he also hired mercenaries from what is now modern day Albania, Bulgaria, and Turkey.
  • Though it’s an economic powerhouse these days (bank failures aside), Switzerland used to be one of the poorest countries in the world, forcing natives to look abroad for work. The Swiss Guard – those blue and orange-clad pope protectors – began as a group of mercenaries fighting in the Italian Wars during the 15th and 16th centuries.
  • The British crown hired roughly 30,000 German Hessians to fight in the American Revolution. King George III paid the German state of Hesse-Kassel the equivalent of about 13 years of tax revenue for their services.

Unsurprisingly, hired swords and guns weren’t big on moral values. They’d fight your war as long as you were paying, but when that was all over, they’d go rob merchants on trade routes, ransack a village, or hold a city hostage because their allegiances lay with the highest…

Source…

Throne fixes security bug that exposed creators’ private home addresses

/in


A recently fixed security bug at a popular platform for supporting creators shows how even privacy-focused platforms can put creators’ private information at risk.

Throne, founded in 2021, bills itself as “a fully secure, concierge wishlist service that acts as an intermediary between your fans and you.” Throne claims to support more than 200,000 creators by shipping out thousands of their wish list items per day, all the while protecting the privacy of the creators’ home address.

The idea is that online creators, like streamers and gamers, can publish a wish list of gifts that supporters can buy, and Throne acts as the go-between. “Your fans pay for the gifts and we handle the rest,” its website reads. “We make sure that the payment gets processed, that the item gets sent, and most importantly, that your private information stays private.”

But a group of good-faith hackers found a vulnerability that undermined that claim and exposed the private home addresses of its creator users.

Enter Zerforschung, the German collective of security researchers behind its latest discovery. You may remember the collective from December when they found and disclosed major security bugs in social media alternative Hive, which sprung to popularity in the exodus from Twitter under Elon Musk’s new ownership. Hive briefly shut itself down to fix the vulnerabilities found by Zerforschung, which allowed anyone to modify anyone else’s posts and access other people’s private messages.

Zerforschung told TechCrunch that they discovered the vulnerability in how the company set up its database, hosted on Google’s Firebase, to store data. The researchers said that the database was inadvertently configured to allow anyone on the internet to access the data inside, including session cookies for its Amazon accounts from the database, which can be used to break into an account without needing the password.

Session cookies are small bits of code that sit on your computer or device to keep users logged into apps and websites without having to repeatedly re-enter a password or sign-in with two-factor authentication. Because session cookies keep the user logged in, they can be an…

Source…

Private medical information may have been compromised in Chippewa County security breach

/in


Medical history and other private information about Chippewa County residents may have been compromised in a security breach of a Chippewa County employee’s computer.

The breach began Feb. 28 and continued on March 1, according to office of the Chippewa County Administrator.

On Tuesday, Feb. 28, a remotely controlled application was accidentally downloaded by a Chippewa County employee.

“The County cannot confirm how this occurred, but we believe it was by accidentally clicking on an internet pop-up or malicious link in error that downloaded the application,” County Administrator Randy Scholz said in a press release.

Then, on Wednesday, March 1 the employee was working on their office computer and someone else started to use the remote-control application and began typing.

People are also reading…

“That person gained access to the computer for approximately five minutes until the Information Technology Department was able to stop the access,” the press release states.

The department was able to confirm that 25 to 35 megabytes of data was sent through the application between 9:20 and 9:25 a.m. March 1.

“The County believes the data that was obtained was most likely documents that had been saved on the employee’s desktop,” Scholz said.

There were seven total documents saved on the employee’s desk top that contained private medical information.

A letter notifying people who may have been impacted was mailed to them today.

There are several names on one spreadsheet that the county no longer has addresses for because those people have not been clients of the county in over 10 years and no longer reside at the addresses the county has on file.

This spreadsheet contained a medical history number, client name, drug prescribed, date signed and doctor’s initials.

No Social Security numbers were included on any of the documents potentially breached, the release said.

Source…

This macOS malware can steal your private data, passwords, and credit card info — what we know

/in


While macOS doesn’t have as big of a target on its back for hackers as Windows, it isn’t actually immune from malware and a new threat has emerged for modern Macs.

The aptly named MacStealer malware targets macOS laptops and desktops running macOS Catalina or above. That includes those running Intel, M1, or M2 chips. The goal is to steal a wide variety of data from you including iCloud Keychain data, credit card info, passwords, files, images, and more (via The Hacker News).

How does MacStealer work?

The Uptycs researchers that discovered the malware and covered it in their blog were unable to determine how it is being distributed, but it relies on a DMG (macOS installer file) called weed.dmg, which once triggered will open a password prompt that can then be used to gain access to your data. 

Fake password prompt created by MacStealer malware

(Image credit: Uptycs)

The malware was spotted in online hacking forums earlier this month and its authors intend to expand on its current features to add support for capturing data from the Safari browser and Apple Notes app. It is currently focused on Google Chrome, Mozilla Firefox, Brave browsers, Microsoft Office files, image files, PDFs, archives, and Python scripts. 

How to protect your Mac from MacStealer

Source…