This week saw the first known appearance of malware written specifically for Apple’s M1 processors, in an inevitable but still somewhat worrisome development, especially given how little time it took for the bad guys to adjust to the new ARM architecture. Fortunately this week Apple has also released its latest platform security guide., which should help security researchers and businesses protect themselves against the latest and greatest macOS and iOS threats.
International piracy also made headlines this week. France tied Sandworm’s destructive hackers in Russia to a campaign that used a Centreon IT monitoring tool, a company based there. And the Justice Department indicted three North Korean hackers this week, alleging their involvement in a series of heists and scams that include the 2014 attack on Sony Pictures and attempted thefts total $ 1.3 billion.
Elsewhere we took a look at how to avoid phishing scams and how Talking is back online despite being cut off by big tech companies. We published the last installment of 2034, a novel that looks at a future fictitious war with China that seems too real. And you should set aside time this weekend to read this excerpt by Nicole Perlroth This is how they tell me the world ends, which examines the unlikely and previously unknown origins of the so-called zero-day bug market.
And there’s more! Every week, we collect all the news that we haven’t covered in depth. Click on the titles to read the full stories. And stay safe there.
To be very clear, the technique we’re about to explain for sites to follow you around the web, even if you clear your cache or use an incognito window, is one the researchers found, not necessarily. the one that sites actually use, especially not on a large scale. (Again there is not much that these analytics companies won’t do.) The technique works by focusing on favicons, the little icon your browser displays to represent the site you’re on. Since most browsers store these favicons separately from your browsing history and cookies, traditional ways of avoiding tracking like using a private mode or clearing your cache don’t affect them. Which in turn means, according to researchers at the University of Illinois at Chicago, that sites could use a unique set of favicons to identify and follow you around the web, no matter what. Chrome, Safari, and Edge are all currently vulnerable to the attack, although both Google and Apple have said they are reviewing it.
LastPass has long been one of the go-to password managers, in part thanks to its relatively generous free tier, which has so far worked on mobile and traditional computers. Starting March 16, however, you’ll need to choose either one for free unlimited access, or pony for LastPass Premium or LastPass Families. This is understandably frustrating for existing users, but also puts LastPass in line with many of its competitors. However, you still have many free options available to you, including Wired pick Bitwarden. And whatever happens, it’s a good reminder that everyone needs a password manager, even if it costs you a few dollars a month.
The Clubhouse audio social network is all the rage among a certain subset of Silicon Valley Dean. But as it broadens its reach, security researchers have raised a host of concerns about its privacy and security measures. The Stanford Internet Observatory took a close look at Clubhouse’s relationship with China and didn’t like what he found. The researchers found that Clubhouse uses a Shanghai-based company for part of its backbone infrastructure, transmits user IDs and room IDs in plain text, and may inadvertently expose its raw audio to the Chinese government. Combined with the app’s aggressive grip on your contact list, it’s probably best not to participate in the beta until it fixes some of its security concerns.
John Deere has long been a focal point of the right to repair movement, given its refusal to let farmers repair their own tractors when high-tech components fail. In response to the growing backlash, the company promised in 2018 to give its customers the tools they need to be self-sufficient. But an investigation by the nonprofit US Public Interest Research Group found little or no progress had been made on this. Overall, farmers still do not have the tools and diagnostics they need to remedy software malfunctions and other failures associated with John Deere’s proprietary technology. In the meantime, right to repair legislation has accelerated in dozens of states. It seems that this may be the only way to give farmers the means to repair the equipment they own the way they want.
More WIRED stories