Sorry anyone who had hoped for a quiet December on the cybersecurity front. Weekend, ah vulnerability in Apache’s Log4j logging framework leaving many people on the Internet vulnerable to a relatively simple attack. There’s not much you can do to protect yourself here, as the problem is mostly server-centric, but a full breakdown will likely affect many of the services you use every day. Worse still, malicious hackers have developed ways to exploit it and are actively hunting for potential victims. Congratulation!
This week also marks a year SolarWinds hack anniversary, or at least the first public hints of it. We’ve looked at the progress that has been made to prevent this type of supply chain attack in the future, and all that remains to be done. The good news is that this campaign serves as a wake-up call to spur real commitments from the public and private sectors. The bad news? There isn’t a single fix and the options available will take a long time to meaningfully implement.
In the good news, Microsoft this week said seizing domains used by a Chinese attack group, the latest in a series of corporate actions that have resulted in more than 10,000 websites being taken down. It’s part of Microsoft’s strategy to disrupt these groups through the legal system, obtaining a court order that would allow them to shut down domains used for command and control servers.
Russia has taken steps towards block anonymous browser Tor This week, it asked the country’s internet service providers to block access to Tor’s website and disrupt some access points. This is the latest in a series of moves that the Kremlin has made recently its internet isolation from the rest of the world.
And if you’re a Verizon customer, you may have been opt-in to a gnarly data tracking number even if you’ve previously opted out. Surprise! Here’s how to turn it off for the time being.
But please wait a moment. Each week, we compile all the WIRED security news not covered in depth. Click on the title to read the full story.
Since his arrest in April 2019, Wikileaks founder Julian Assange has resisted US efforts to extradite him to faces charges of hacking and under the Espionage Act. While before he was win a lower court decision To refuse to send him to the US because of the possible impact on his mental health, Britain’s Supreme Court on Friday overturned that order, putting Assange back on the extradition track. Assange can still appeal, but press freedom advocates globally have criticized the ruling, saying the charges should not have been brought in the first place and expressing skepticism about the Justice Department’s assertions. law that Assange will receive humane treatment while in US custody.
The Brazilian government has delayed new pandemic-related requirements for travelers entering the country after the country’s Health Ministry was attacked early Friday morning. The agency said on its website that several of its systems were knocked down by the attack, including those that issue digital vaccine cards and track the country’s national immunization program. country. The statement said that the attack had “temporarily compromised some of its systems” and that they were unavailable. A ransomware gang known as the Lapsus$Group took credit for Friday’s attack, boasting that it stole and deleted about 50 terabytes of data from the Department of Health’s systems. “Contact us if you want your data back,” the group said in the ransom note, with email and Telegram details. The agency told reporters on Friday that it has backup copies of all data that was deleted by hackers.
Prominent Russian ransomware gang Conti listed Australian power company CS Energy in their victims’ diaries this week, undermining a slew of media reports that the hackers were backed by the Chinese state. National backing caused the attack. “China’s cyberattack nearly shuts down the power to THREE MILLION Australians in a terrifying demonstration of what belligerent regimes can do in time of war.” Daily mail Written on Tuesday. Australia and China have been locked in a trade war and relations have become increasingly cold in recent months, but CS Energy, which serves millions of customers in northeastern Australia and is owned by the state of Queensland , said Tuesday that “there is currently no indication that the cyber incident is a state-based attack.”
On Monday, Politico cited its West Wing Playbook with a report that Vice President Kamala Harris is a “Bluetooth enthusiast” and “insistent on using wired headphones” because of the risks associated with wireless standards. decades of wire. It’s presented as a false joke, but… she’s really right! Bluetooth is a security nightmare and has been for many years. We told you Turn off Bluetooth when you’re not using it since 2017. The The National Security Agency agrees with us. If the next person to become president of the United States wants to take a little extra precaution, well, let’s just say it’s a welcome improvement over the previous administration’s cybersecurity hygiene.
Stories with WIRED are more amazing
