Believe it or no, GameStop stock wasn’t the only story in the world this week. The past few days have also been tumultuous for cybersecurity, especially after revelations that North Korean hackers targeted security professionals with a campaign of persuasive DMs. A lot of people shared screenshots of how they dodged the bullet, but it’s still unclear how many more fell for the ruse.
Speaking of traps, an international team of law enforcement agencies this week brought down the infamous Emotet botnet, arrested two alleged members of the gang behind it and seized servers. Ransomware operators and other evil actors who used Emotet to distribute their wares are likely to switch to other distribution means, but in any case, the “world’s most dangerous malware”, as Europol called it, has been banned for the time being.
After all, these things tend to persist. Take Flash, the software that caused a thousand vulnerabilities. While Adobe killed it to death last week (for really this time), it will persist and cause problems on some systems for years to come. Another potential bug-maker: Telegram, the messaging app that has become hugely popular now that users have fled WhatsApp due to privacy concerns and Parler due to its current state of non-existence. While Telegram offers end-to-end encryption, it is not enabled by default and is not available at all for group chats, which can cause some users to expose themselves more than they might think.
Plans for an encrypted federal gun registry this week also challenged assumptions, offering a possible way to balance accountability with privacy for a hot-stove topic. And we looked at how Facebook allows advertisers to target military categories, which can have worrying consequences.
Finally, make sure to read the first episode of the novel in series we’ll be using in WIRED this month and next month. It follows a conflict with China in 2034 that is pure fiction but seems too close to reality.
And there is more! Every week we collect all the news that we have not discussed in detail. Click on the headlines to read the full stories. And stay safe out there.
Most iOS updates include some sort of security fix. But it is more common for the vulnerabilities they patch to be actively exploited by hackers. Such is the case with iOS 14.4, released earlier this week, which, according to Apple’s accompanying security update, addresses not one but three bugs that attackers can exploit in the wild. These aren’t minor problems either; the flaws in question, present in WebKit and the iOS kernel, would have enabled arbitrary remote code execution and privilege escalation respectively, both of which could give a hacker a lot of access to your device and its data. Does this mean you have been hacked? Probably not! But there’s no point in risking it if you can protect yourself by installing the dang update already.
Not all data breaches are the same. In this case, ZDNet 2.28 million users of the MeetMindful dating app had shared information such as their real names, dating preferences, geolocation, Facebook user IDs and authentication tokens, and body details as a free download on a hacking forum. According to ZNet, the forum thread with the download was viewed more than 1,500 times on Sunday. Dating profile information is useful not only for identity theft, but also for more aggressive extortion plans.
Ransomware has exploded in recent times, with hackers successfully attacking everything from hospitals to cities to international companies. The DoJ took action this week against one of the many groups responsible for the plague by arresting a Canadian man who he said had used Netwalker ransomware to take down victims totaling $ 27.6 million. Unfortunately, Netwalker is ransomware-as-a-service; the FBI arrested an alleged affiliate rather than a core member of the group behind it. Yet progress is progress.
Okay, it’s been a long week and this is an interview with a guy who had to use a bolt cutter to free himself from a chastity belt that a remote hacker had locked. You deserve this.
More great WIRED stories