On Friday, Russia did the previously unthinkable: It actually captured a bunch of ransomware operators. Not only that member of the notorious group REvil, has been behind some of the biggest attacks over the past few years, including IT management company Kaseya and giant meat JBS. Russian President Vladimir Putin previously give the ransomware hacker a free card. It remains unclear whether this is a calculated political move, a sign of a broader crackdown, or both, but it was certainly a watershed moment.
When everyone is fighting find Log4j in their system-Are not easy task for even well-resourced companies-the The FTC has set a strict deadline insole patch very bad, no good holes in the popular logging library. It’s unlikely if not everyone can find it in time, which speaks more to the fragile and opaque nature of the world of open source software than the FTC’s aggressive timeline.
Telecommunications in the world have pushed back from Apple’s Own Forward, a VPN doesn’t necessarily bounce your traffic through several servers to give you more anonymity. T-Mobile in the US recently blocked it for customers with parental control filters. It’s not clear why they took those measures against Apple and not a lot of VPNs work properly, but it may have something to do with the potential size of Apple customers who could sign up for the service.
In other Apple privacy news, iOS 15 brings it a new report shows you which sensors your app is accessing and which domains they are contacting. That’s a lot of information at once; we helped analyze how to read it.
North Korean hackers had a “banner year” in 2021, Stolen nearly 400 million dollars in cryptocurrency. And while Israeli spyware supplier NSO Group insists it has controls in place to prevent misuse of its products, Dozens of journalists and activists in El Salvador had their devices infected with Pegasus, NSO featured product, most recently in November.
And that’s not all! Each week, we compile all the WIRED security news not covered in depth. Click on the title to read the full story.
This week, a 19-year-old security researcher named David Colombo detailed how he was able to remotely unlock doors, open windows, play music, and start driving a car keyless. dozen Teslas. The vulnerabilities he exploited to do so were not in the Tesla software itself but in a third-party application. There is some limit to what Colombo can achieve; he can’t do anything in the way of steering or speeding up or slowing down. But he was able to gather a lot of sensitive data about the affected cars. Cars are computers now, probably none more so than Teslas, which means they come with computer problems like third-party software causing major problems.
As tensions rise along the border between Russia and Ukraine, someone deleted more than 70 official Ukrainian government websites this week, making an announcement that people should “prepare for the worst.” “. While it’s tempting to assume it’s the work of the Russian government, it’s not a particularly sophisticated hack despite its widespread impact and visibility. (That doesn’t mean either Not Russia; It’s just impossible to know right now.) The White House also warning this week that Russia is planning a “false flag” to justify an invasion, so there’s probably more to this.
The The US has not accepted Covid-19 contact tracing application though core functionality built into every iOS and Android phone. However, other countries have seen much wider adoption. That includes Germany, where police recently used data from contact-tracing app Luca to find out who went to a particular restaurant on a particular night in November and used that information to identified 21 potential witnesses. Law enforcement said it would no longer use that data after public outcry. But the case represents exactly the kind of worst-case scenario that privacy advocates have warned against, at a time when public trust in contact tracing is more important than ever.
The developer behind two widely used open source libraries effectively broke his own code this week, disrupting thousands of projects in the process. The changes caused apps to print out meaningless messages in an infinite loop. The developer seems motivated to make claims about big companies profiting from his work for free, but in the process, the user’s life is quite miserable.
Stories with WIRED are more amazing
