Ca Biden The administration moves on a growing list of political initiatives, the White House this week issued sanctions for a list of Russian facts, including interference in the 2020 elections, poisoning of dissident Aleksey Navalny and SolarWinds piracy that swept US government agencies and many companies from the private sector. Although the retaliatory movement is complicated when it comes to SolarWinds, because it included a kind of espionage operation that would normally fall within the geopolitical norms.
Elsewhere in the US government, the Justice Department took a drastic step this week to stop Chinese piracy by authorizing the FBI to obtain a warrant and then directly wipe out the piracy infrastructure of attackers from the internal systems of hundreds of victims. Many in the security community praised the effort, but the move has also sparked some controversy, given the precedent it could set for future US government actions that could be more invasive.
In the world full of Internet of Things security, researchers released findings on Tuesday that more than 100 million embedded devices and IT management servers are potentially vulnerable to attack due to flaws in basic network protocols. The devices are manufactured by numerous vendors and used in environments from regular offices to healthcare and critical infrastructure, potentially exposing those networks to attack.
If you’re trying to block your accounts and reduce your password dependency, we have a guide for alternatives that will lead you across multiple platforms. And if you feel a general sense of existential fear about all sorts of threats, you’re not alone – the US intelligence community seems to feel the same way.
And there are more. Every week we gather all the news that WIRED did not cover in depth. Click on the titles to read the full stories. And stay safe there.
In 2016, the US government tried to force Apple to unlock the iPhone of one of the shooters in San Bernardino. The case could have set a precedent according to which the government could ask technology companies to undermine security protections in their products or introduce “back doors”. (Several law enforcement agencies and parliamentarians around the world are still advocating for this type of access). But proponents of privacy and security experts have unequivocally and consistently stated that back doors are dangerous and would expose people to unacceptable security and privacy risks. In the case of San Bernardino, the FBI eventually found a way into the device without Apple’s help. Reports at the time indicated that the FBI paid about $ 1 million to use an iPhone hacking tool developed by a private company. In this week, Washington Post revealed that the company that sold the instrument is not one of the best known players, but instead a small Australian company known as Azimuth, which is now owned by US defense contractor L3Harris. The news provides a useful detail, as companies oppose resistance to other such orders that could come from the US Department of Justice or other governments in the future.
As part of this week’s White House sanctions against Russia, the Biden administration has called for a list of cybersecurity providers who allegedly provided hacking tools and other services to Russian government offensive hackers. One of those companies, Positive Technologies, is a member of Microsoft’s Active Protection Program, a group of nearly 100 software vendors that receive warnings from Microsoft about vulnerabilities in Windows or other Microsoft products before a patch is released. . Microsoft sometimes shares conceptual evidence that a vulnerability can be maliciously exploited in an effort to coordinate public disclosure of the defect. The idea is for Microsoft’s trusted security partners to make the leap to the inevitable flood of malicious activity that comes with the release of patches, and attackers everywhere can turn them into reverse engineers to build their own hacking tools. If Positive Technologies had worked closely with the Russian government, it could have leaked information and allowed attackers to change their techniques or arm the flaws they didn’t know about. The company strongly denied the allegations.
The European Commissioner for Budget and Administration said this week that hacking of SolarWinds hackers could compromise six EU offices. In total, 14 EU agencies ran a version of the SolarWinds Orion software affected at the time of the hack. The EU Computer Emergency Response Team did not say which six agencies downloaded the contaminated update and did not explain how many of the six were in fact deeply compromised by Russian hackers. CERT-EU said, however, that for at least some of the six there was a “significant impact” and “some personal data breaches”.
More wonderful stories
- š© The latest technology, science and more: receive our newsletters!
- A boy, his brain and a medical controversy for decades
- How to wear clothes for your next outdoor adventure
- Falcons, Lokis, nerdy cannons and why you shouldn’t care
- Larry Brilliant has a plan to speed up the end of the pandemic
- Facebook’s “Red Team X” is hunting for bugs beyond its walls
- šļø Explore AI like never before with our new database
- š® WIRED games: get the latest tips, reviews and more
- š§ Things don’t sound good? Check out our favorite wireless headphones, sound bars, and Bluetooth speakers