Believe it or not no, the GameStop stock wasn’t the only story this week. The last few days have also been tumultuous for cyber security, especially after revelations that North Korean hackers targeted security professionals through a convincing DM campaign. Lots of people have shared screenshots on how they avoided the bullet, but it’s still unclear how many fell for the Russians.
Speaking of the fall, an international team of law enforcement agencies shot down the notorious Emotet botnet this week, arresting two alleged gang members behind it and confiscating servers in the process. Ransomware operators and other malicious actors who have used Emotet to spread their products will probably switch to other means of distribution, but at least “the most dangerous malware in the world”, as Europol called it, has been extinguished for the time being.
After all, these things tend to persist. Take Flash, the software that launched a thousand vulnerabilities. While Adobe killed him last week (actually this time), it will continue to persist and cause problems on some systems for years to come. Another potential cause of problems: Telegram, the messaging application that exploded in popularity as users ran away from WhatsApp due to privacy concerns and Parler due to its current state of non-existence. Although Telegram offers end-to-end encryption, it is not enabled by default and is not available for group chats at all, which may cause some users to expose themselves more than they might expect.
Plans for an encrypted federal gun registry also challenged the hypotheses this week, providing a potential way to balance responsibility with confidentiality for a hot stove subject. And we took a look at how Facebook allows advertisers to target military categories, which could have worrying consequences.
Finally, be sure to read the first installment of the serialized novel we’re running in WIRED this month and next. There follows a conflict with China in 2034 which is purely fiction, but feels too close to reality.
And there are more! Every week we gather all the news that we did not cover in depth. Click on the titles to read the full stories. And stay safe there.
Most iOS updates contain some sort of security fix. But it is a rarer occasion when the vulnerabilities it fixes are actively exploited by hackers. This is the case with iOS 14.4, released earlier this week, which addresses not one, but three bugs that attackers can use in kind, according to Apple’s accompanying security update. Also, these are not minor issues; these defects, present in the WebKit and the iOS kernel, would have allowed the arbitrary execution of the code remotely and, respectively, the escalation of privileges, which could give a hacker a lot of access to your device and its data. Does that mean you were hacked? Probably not! But it doesn’t make sense to risk it when you can protect yourself by already installing the dang update.
Not all data leaks are equal. In this case, ZDNet 2.28 million users of the MeetMindful dating app had information such as their real names, meeting preferences, geolocation, Facebook user IDs and login tokens and “body details” distributed as a free download on a hacking forum. According to ZNet, the forum thread that contained the download has been viewed more than 1,500 times since Sunday. Dating profile information is useful not only for identity theft, but also for more aggressive extortion schemes.
Ransomware has exploded recently, with hackers successfully targeting everything from hospitals to cities and international corporations. This week, the DoJ took action against one of the many groups responsible for that scourge, arresting a Canadian man allegedly using Netwalker ransomware to shake off victims for a total of $ 27.6 million. Unfortunately, Netwalker is ransomware-like-a-service; the feds arrested an alleged affiliate rather than a core member of the group behind it. However, progress is progress.
OK, well, it’s been a long week and this is an interview with a guy who had to use milling cutters to get rid of a chastity belt that a hacker locked from a distance. You deserve it.
More wonderful stories