It was a busy week. There is a lot to catch up on. But before you continue reading, please take a minute to make sure you updated your iPhone to iOS 14.5. And once you’ve done that, use its new AppTrackingTransparency feature to tell Facebook and other businesses to stop tracking your activity on other apps and websites. In fact, now they all have to give you a choice whether you like it or not. When do they do it? Opt out.
It wasn’t Apple’s only major update this week. On Monday, the company also pushed a patch for a macOS vulnerability that hackers actively exploited to deliver adware to Macs. The underlying flaw was not in macOS security backups, but rather in the logic of the operating system itself, and it would have let almost any software sneak in. Security researchers also highlighted how convenient Apple is AirDrop feature drops email addresses and phone numbers– but no fix is in sight for that one at the moment.
VPN hacks are under increasing threat companies in recent years, especially as the workforce has moved further away. The problem has come to a head, with loopholes in Pulse Secure VPN leading to hacks of government agencies, financial institutions and larger targets, likely by several state-sponsored Chinese groups. It’s still not as bad a situation as ransomware, which a new coalition hopes to tackle thanks to a good old-fashioned public-private partnership. Which, well, good luck!
IRS investigators have located and arrested alleged Bitcoin Fog administrator, the oldest cryptocurrency laundering service on the dark web. And Google’s sophisticated cookie destruction project is in the face of refoulement in the European Union.
And there’s more! Each week, we collect all the news that WIRED hasn’t covered in depth. Click on the titles to read the full stories. And stay safe there.
It’s been a crazy week for the Babuk ransomware group. First, they claim to have stolen 250 GB of data from the Metropolitan Police Department, some of which could expose informants. Then they say they’re going to retire completely. Then they revise that claim to say that they are simply leaving the ransomware side to focus on the extortion full time. What a journey! In truth, you can see a lot of ransomware trends converging in their little roller coater: increasingly outrageous targets, a focus on data theft rather than encrypting it, and constant press releases who try to provide a veneer of professionalism.
In what may be both a heartwarming story of ingenuity and an infuriating indictment of the U.S. health care system, a security researcher won a $ 50,000 bounty against the bugs just hours after researching vulnerabilities for help pay for heart surgery her unborn daughter will need when she arrives. He and a friend who helped find the bug put some of the money into a GoFundMe account that eventually went over $ 31,000.
During its operations, the NSA keeps track of a massive treasure trove of foreign communications. The FBI has apparently delved into this cookie jar looking for links to racially motivated national terrorists without first obtaining a warrant. The Daily Beast reports that a Foreign Intelligence Review Court judge blasted the agency for violating its standards dozens of times.
The problem of location data being widely available both law enforcement and private actors has long been established. But The Wall Street Journal This week looked at how the type of information collected by apps and passed on to third-party brokers can also be used to identify locations and movements of US troops. The report examines activity in Syria, in particular, a few years ago, since the United States has since pulled out of the country. But it sheds a troubling light on how much data even the most locked-down smartphone users give on a daily basis.
More WIRED stories