This is not all bad news, however. In the past few months, the FBI has once again lobbied Apple to undermine its encryption so that it can break into a mass shooter’s iPhones. And just like in 2016, the agency finally gave in after being able to determine the passwords on its own. Go figure!
Facebook also did some good this week, successfully adding security alerts to its Messenger app to let people know when a scammer or worse could be at the other end of the chat, all without breaking end-to-end encryption. end of its Secret Conversations function. . And while researchers have concocted a dangerous new amplification technique for distributed denial of service attacks – which could potentially cripple large parts of the Internet – the companies involved seem to have protected themselves from it before a bad actor do not become wise. And Chrome has taken a big step to stop cryptojacking and other resource-draining ads.
We took a look at ShinyHunters, a hacking group that hit more than a dozen businesses in early May in search of profits on the dark web. A hardware wallet is still the safest place to store your cryptocurrency, but new research is a healthy reminder that it is not foolproof. And if you’re tired of spam, consider using one of these apps that provides an email burner to get around it.
WIRED contributor Garrett Graff took a close look at Secretary of State Mike Pompeo this week – and how deeply deputy Mike Pompeo would have disapproved of his behavior.
And there’s more. Every Saturday, we summarize the security and privacy stories that we have not detailed or commented on, but that you should know about. Click on the titles to read them and stay safe.
Yes, this is another Covid-19 scam. Microsoft detailed this week a phishing effort that began on May 12. The campaign deploys emails supposedly from the John Hopkins Center – the university’s Center for Systems Science and Engineering has maintained a popular Covid-19 tracker – and includes an Excel attachment file that presents itself as American cases of disease. If opened, the file downloads a macro and runs NetSupport Manager RAT, a legitimate remote assistance tool that can be used for malicious purposes, especially to download malware to a targeted device. So don’t open any Johns Hopkins Excel files! And if you want to see their Covid-19 card, go ahead and mark it.
Apple keeps new versions of iOS a closely guarded secret; even when an iPhone 4 leaked before launch, the software remained a mystery. But it looks like an initial version of iOS 14 has fallen into the hands of the iOS jailbreak community, according to a report published this week in Motherboard. There had already been some clues that iOS 14 was there; Apple news site 9to5Mac reported seeing a code leak in March. But the apparent extent of the leak means that hackers have plenty of time to produce the vulnerability update, which could be problematic when launching iOS 14.
European airline EasyJet revealed this week that a cyber attack had stolen the personal information of nine million customers. More than 2,000 victims have also had access to their credit or debit card information, making them more vulnerable to theft or fraud. EasyJet said “highly sophisticated” hackers were behind the transaction and suspected that the target was intellectual property rather than customer data, but it is unclear what it bases this assessment on .
And another! Wishbone is a site that allows you to do an online survey; this week, a hacker put 40 million of its user records for sale on the dark web. ShinyHunters (hello, again!) Took credit for the breach, which appears to have taken place in January. Shortly after ZDNet first posted the list of dark websites, the database was released as a free download.
More beautiful WIRED stories