Friday, Russia did the unimaginable before: it actually arrested a group of ransomware operators. Not only that, but members of the notorious group REvil, which has been behind some of the biggest attacks in recent years, including IT management company Kaseya and meat giant JBS. Russian President Vladimir Putin had previously gave ransomware hackers a free pass. It is not yet clear whether this was a calculated political move, a sign of a broader crackdown, or both, but it is certainly a watershed moment.
While everyone is jostling for find Log4j in their systems-no easy task even for well-endowed companies-the The FTC has set strict deadlines to patch the very bad, not good vulnerability in the ubiquitous logging library. It will be unlikely, if not impossible, for everyone to find it in time, which speaks more to the fragile and opaque nature of the open source software world than to the FTC’s aggressive timeline.
Telecoms around the world have pushed back against Apple’s private relay, a not quite VPN that bounces your traffic around a few servers to give you extra anonymity. T-Mobile in the US recently blocked it for customers with parental control filters. It is unclear why they took these actions against Apple and not the lots and lots of VPNs that work unhindered, but that may have to do with the potential scale of Apple customers who could sign up for the service.
In other Apple privacy news, iOS 15 brought with it a new report that shows you which sensors your apps are accessing and which domains they are contacting. That’s a lot of information at once; we helped figure out how to read it.
North Korean hackers had a ‘record year’ in 2021, steal nearly $400 million worth of cryptocurrency. And while Israeli spyware vendor NSO Group insists it has controls in place to prevent abuse of its product, dozens of journalists and activists in El Salvador have had their devices infected with Pegasus, NSO’s flagship product, as recently as November.
And that’s not all ! Each week, we round up all the security news that WIRED hasn’t covered in depth. Click on the titles to read the full stories.
A 19-year-old security researcher named David Colombo explained this week how he was able to remotely unlock doors, open windows, play music and start keyless driving for dozens of Teslas. The vulnerabilities he exploited to do this are not in the Tesla software itself, but in a third-party application. There are limits to what Colombo could accomplish; he couldn’t do anything to steer or speed up or slow down. But he was able to collect a lot of sensitive data on the vehicles concerned. Cars are computers now, maybe no more than Teslas, which means they come with computer issues like third-party software causing major problems.
As tensions mount along the Russia-Ukraine border, someone has defaced more than 70 official Ukrainian government websites this week, writing that people should “prepare for the worst”. While it’s tempting to assume it was the work of the Russian government, it’s not a particularly sophisticated hack despite the widespread impact and visibility. (that doesn’t mean either was not Russia; it’s just impossible to know right now.) The White House too notified this week that Russia was planning a “false flag” to justify an invasion, so probably more to come on that.
the The United States has not adopted Covid-19 contact tracing applications despite the basic functionality built into every iOS and Android phone. Other countries, however, have seen much wider adoption. This includes Germany, where police recently used data from the Luca contact tracing app to determine who had been at a specific restaurant on a specific night in November, and used that information to identify 21 potential witnesses. . Law enforcement said they would no longer use the data after a public outcry. But the incident represents exactly the kind of worst-case scenario that privacy advocates have been warning about, at a time when public confidence in contact tracing is more important than ever.
The developer behind two widely used open-source libraries actually broke its own code this week, disrupting thousands of projects in the process. The changes caused apps to print nonsensical messages in an infinite loop. The developer seemed motivated to make a statement about big corporations profiting from his work for free, but in doing so he made life pretty miserable for users of all persuasions.
More Great WIRED Stories
A teenager took over Teslas by hacking a third-party app
Source link A teenager took over Teslas by hacking a third-party app