This week has started with Apple, Microsoft, and Google all patching up a bunch of vulnerabilities in day zero, which means we hope to take some time on Tuesday to update all your devices. If not? Go ahead and do it now. We will wait!
Okay, welcome back. Over the weekend, Apple and Google removed an opposition voting app from their app stores in Russia at the request of the Kremlin. As for precedents, this is not great, as authoritarian regimes are pursuing growing technology giants that are too entrenched to leave their markets in protest. Russia, in particular, is testing its borders, but India and China are not far behind.
A new app available in Iran helps people fight this type of censorship by allowing people to encrypt messages even during an internet eclipse. Called Nahoft, the app can turn messages into a random mess of Farsi or even embed them in an image to avoid being detected by the Iranian regime.
You can now remove the password from your Microsoft account. Zero trust has been the most important concept of cybersecurity for years, unless no one agrees on what it means. Do you think there may be hidden files on your phone or computer? Here’s how to find them. And Anonymous leaked much of the data from Epik, the domain registrar that attracted several far-right clients.
And there is more! Every week we gather all the security news that WIRED does not cover in depth. Click on the headlines to read the full stories and be safe.
Three former US spies have admitted to hacking into US computer networks on behalf of the United Arab Emirates this week in order to avoid persecution. Instead, they will have to pay cumulative fines of $ 1.69 million and will not be able to seek security in the United States in the future, which should severely limit their job prospects. Or maybe not so much; one of the trio is currently serving as ExpressVPN’s Chief Information Officer, supporting him throughout the ongoing response. For the full story of the American citizens who helped the UAE hack, be sure to read the story of Reuters, which first revealed Project Raven in 2019.
A busy week for the Ministry of Justice! A Pakistani was sentenced to 12 years in prison for a complex, lengthy scheme that unlocked nearly 2 million phones. He first bribed AT&T employees to make them unlock phones, which he would then resell. After AT&T banned the plan by changing its unlocking procedures, it bribed an employee to install malware in a call center.
Based in Austin, Texas, Exodus Intelligence is the so-called. Zero-day broker, a company that sells information about vulnerabilities in software that developers don’t know — and therefore can’t fix — and the exploits needed to compromise them. It usually sells exploits only to government agencies, but also maintains an ongoing list of vulnerabilities that anyone can subscribe to. Like Forbes reported exclusively this week, the Indian government appears to have used its access to the issue to find soft spots in networks in Pakistan and China and try to compromise them. Exodus has since cut off India’s access, but the damage has been done.
Using requests for public archives, the news site for nonprofit educational organizations, The 74, digs deep into the use of software to remotely monitor a student in a school district in Minneapolis. What he found was not beautiful: An invasive program that notifies school staff of content in a student’s personal files, online calls, and browsing. And while distance learning has declined at this stage of the pandemic, the use of surveillance software is not.
More great stories