Interpol shuts down thousands of fake pharmacies
The International Criminal Police Organization, coordinating with law enforcement, customs, and health regulatory authorities across 92 countries, took down 113,020 web links including websites and online marketplaces posing as online pharmacies as part of Operation Pangea XIV. These sites often peddled fake and illicit drugs and medicine. 277 arrests were made as part of the operation, with fake COVID-19 testing kits accounting for over half of the over 9 million so-called medical devices seized.
Chip shortage could lead to counterfeit chip crisis
The ongoing chip shortage is nothing new, impacting everything from consumer electronics to the automotive industry. Now Independent Distributors of Electronics Association founder Steve Calabria warns that spikes in demand and continued slow supply could lead to a surge in counterfeit low quality chips that could impact reliability of equipment for years to come. These could come in the form of knock-off chips, cheaply designed from scratch to use as drop-in replacements, or previously used chips removed from boards and cleaned to look new. Either could potentially pass initial tests in production, only to fail at increased rates under load. Industry experts predict that this rise in counterfeits is likely already happening as OEMs increasingly have difficulty sourcing components.
Windows 10 support ends in 2025
Microsoft edited support documents to state support for Windows 10 Home and Pro ends on October 14, 2025, previously the company only stated when specific Windows 10 versions would leave support. Windows 10 entered support on July 29, 2015, which Paul Thurrott notes puts it in line with Microsoft’s previous 10-year support lifecycle for Windows versions.
(Thurrott)
Irish bill gives police power to compel passwords
Irish Justice Minister Heather Humphreys published a bill which would give Irish police the power to compel people to provide passwords when executing a search warrant, with fines of up to €30,000 and up to five-years in jail for noncompliance. The bill would also require police to make a written record when doing a stop and search, which will include location, age, gender and ethnicity information to better document trends of who the procedure is being used on. The bill also expands authority to hold people under investigation for multiple offenses up to 48 hours, and is framed as a way to clean up Irish police law to make it clear, transparent and accessible.
(BBC)
Thanks to our episode sponsor, Keyavi
Bitcoin’s first upgrade in four years improves privacy
Bitcoin miners approved the Taproot upgrade to the cryptocurrency, set to roll out in November. This is the first upgrade in four years, adding improved efficiency to the cryptocurrency, the adoption of Schnorr signatures to make multi-signature transactions effectively unreadable, and support for smart contracts on the Lightning Network that are faster and less costly transactions. The upgrade will not provide greater anonymity for your individual bitcoin address on the public blockchain. A vast majority of miners support this upgrade, unlike the 2017 upgrade that introduced the Segregated Witness protocol upgrade.
(CNBC)
Stripe launches identity verification service
The payment processing service launched Stripe Identity, a new self-serve tool that companies can use to verify user identities. Stripe will manage encrypted customer data, using computer vision to match government IDs with user submitted selfies to confirm IDs within 15 seconds. The service is currently launching in beta in 30 countries, although partners like Discord, Peerspace, and Shippo have been quietly using the service for some time. Customers can choose to either integrate Stripe Identity into an existing workflow in code, or as a verification link issued when a high-risk transaction is detected.
Google Workspace offers client-side encryption
As part of Google rolling out its Workspace productivity suite to all Google accounts, the company also announced Workspace supports client-side encryption. This will allow enterprise organizations to have direct control of encryption keys, which identity services need to access in order to function. Customers can store the keys with Flowcrypt, Futurex, Thales, or Virtru, which offer compatible key management and access control capabilities. Google will also publish the key access service API specifications for organizations to build their own in-house key management systems.
We have to worry about vishing attacks too
This form of social engineering is on the rise, taking the tried and true approaches of email phishing over voice calls to get users to hand over sensitive information. Attacker use tools like Caller ID spoofing, multi-channel scams to get users connected from another platform, and social media scraping to come across over the phone as a trusted authority. The shift to remote work has made many organizations more vulnerable, as it is not uncommon to not have met many coworkers in real life. Researchers at Eset note that even savvy tech companies can fall victim to these tactics, with the 2020 breach of Twitter by crypto scammers the result of vishing.