The two stories that made headlines in the United States in 2020, the Covid-19 pandemic and the presidential election, were still relevant this week as virus cases and death toll increase and the promise of a vaccine looms. However, new research indicates that phishers target vaccine development groups and in particular organizations working on the global cold chain, which will be crucial for the storage and shipping of vaccine doses around the world. Meanwhile, President Donald Trump has continued to spread lies and conspiracy theories about the validity of his loss to President-elect Joe Biden. On Tuesday, however, US Attorney General William Barr said publicly that the Department of Justice “did not find fraud on a scale that could have had a different outcome in the election.” a crucial statement this leaves Trump’s re-election campaign with even fewer options to challenge the outcome.
A “magic bug” in iOS, now fixed, could have left an attacker take full control of all iPhones within hacker’s Wi-Fi range then automatically deworm the infection on other nearby devices. Startups rush to develop tools veterinary artificial intelligence systems to find vulnerabilities and flaws before they can be exploited. And the hackers behind the famous TrickBot botnet have added malware capabilities to check if the firmware of a target device is vulnerable to attack and, if necessary, to dig deeper for long-term persistence.
Good news, a coalition of Internet infrastructure groups is make progress secure the fundamental Internet data routing system known as the Border Gateway Protocol. And as Google seeks to offer end-to-end encryption in the RCS messaging protocol, it plans to use the open source signal protocol, which already underpins Signal secure messaging app as good as giants like WhatsApp. Now that it can be deployed to Android’s 2 billion users, we took a look at how the protocol works and what you need to know about it.
And there’s more. Every Saturday, we put together the security and privacy stories that we haven’t exposed or reported in depth but you should know about. Click on the headlines to read them and stay safe there.
The U.S. government used Section 215 of the Patriot Act to justify allowing law enforcement to record who visits certain popular web pages, according to documents obtained by The New York Times. The government didn’t go so far as to collect users’ keyword searches from search engines, but it felt encouraged to monitor website visitors without a warrant. Section 215 and a few other oversight provisions of the Patriot Act expired in March as the United States fell into social distancing and pandemic lockdown measures, and Congress still has not moved forward on the way to restore or revise it. The law allows the FBI to seek clandestine court orders to collect all of a company’s data that connects to national security-related investigations.
The news regarding the identification of visitors to certain pages concerned privacy and digital rights advocates. “Our web browsing records are windows to some of the most sensitive information about our lives,” Patrick Toomey, a senior lawyer with the ACLU National Security Project, said in a statement Thursday. “The FBI should not collect this information without a warrant. If Congress plans to revive Section 215, it must prohibit the government from abusing this surveillance law to track the web browsing activities of people in the United States. “
Researchers at the Citizen Lab at the Munk School of Global Affairs at the University of Toronto this week published evidence that surveillance firm Circles was exploiting known loopholes in global phone networks to conduct phone surveillance in 25 countries. Circles is known to sell hacking tools that target vulnerable infrastructure, known as the SS7 network, and the company is a subsidiary of well-known mobile spyware maker NSO Group. Citizen Lab researchers say they were able to determine, with varying degrees of confidence, that Circle services were purchased by a wide range of countries, including Australia, Belgium, Botswana, Chile, Denmark. , Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, United Arab Emirates, Vietnam, Zambia and Zimbabwe.
In December 2017, Twitter took the long-awaited step to finally offer alternatives to receiving two-factor authentication codes via SMS. At the time, the company expanded its offerings to include third-party authentication apps, but didn’t go out of its way to add support for physical authentication tokens such as YubiKeys. This week, three years later, Twitter has finally taken the plunge – a welcome change, albeit late, as attackers are more tuned to the potential than ever before. trade-in value of a high profile Twitter account.
A hacker by the name of “Daniel” took control of top Spotify pages on Wednesday from artists like Dua Lipa, Lana Del Rey, Future and Pop Smoke. The striker replaced profile photos with photos apparently of himself and changed the biographies of the musicians. Daniel also promoted a Snapchat account to gain followers and included phrases like “Trump 2020”. Musicians use a tool called Spotify for Artists to claim ownership of their pages and upload content like photos and bios. It is not known how the attacker was able to access these accounts. “Better yet, cry out to my Queen Taylor Swift,” Daniel wrote before the no-shows were removed.
More WIRED stories
- 📩 Want the latest news on technology, science and more? Subscribe to our newsletter!
- The strange and twisted tale of hydroxychloroquine
- I plugged in my computer with a BIOS update. But there is hope!
- How to escape a sinking ship (like, say, the Titanic)
- The future of McDonald’s is in the drive-thru lane
- The few, the tired, open source coders
- 🎮 Wired games: get the latest tips, advice and more
- 💻 Improve your working game with our Gear team favorite laptops, keyboards, input alternatives, and noise canceling headphones