Believe it or no, GameStop’s actions were not the only story in the world this week. The past few days have also been tumultuous for cybersecurity, especially after revelations that North Korean hackers attacked security professionals with a convincing DM campaign. Many people shared images of how they dodged the bullet, but it is still unclear how many other people fell for the trick.
Speaking of falling, an international team of law enforcement agencies took down the notorious botnet Emotet this week, arresting two alleged gang members behind it and seizing servers in the process. Ransomware operators and other malicious agents who used Emotet to spread their products are likely to switch to other means of distribution, but at least the “most dangerous malware in the world,” as Europol called it, has been phased out for now.
After all, these things tend to persist. See Flash, the software that released thousands of vulnerabilities. Although Adobe killed it last week (really this time), it will continue to persist and cause problems on some systems for years to come. Another potential troublemaker: Telegram, the messaging app that exploded in popularity as users fled WhatsApp for privacy reasons and Parler because of its current state of non-existence. Although Telegram offers end-to-end encryption, it is not enabled by default and is not available for group chats, which can lead some users to expose themselves more than they think.
Plans for an encrypted federal arms registry also defied assumptions this week, offering a potential way to balance responsibility with privacy for a hot stove topic. And we took a look at how Facebook allows advertisers to target military categories, which can have worrying consequences.
Finally, be sure to read the first part of the serialized novel that we’re running on WIRED this month and next. There follows a conflict with China in 2034 that is pure fiction, but it seems very close to reality.
And there’s more! Each week, we gather all the news that we do not cover in depth. Click on the headlines to read the full stories. And stay safe outside.
Most iOS updates contain some kind of security fix. But it is more rare that the vulnerabilities they fix are actively exploited by hackers. This is the case with iOS 14.4, released earlier this week, which addresses not one, but three bugs that attackers may be using freely, according to the security update that came with Apple. These are also not minor problems; the flaws in question, present in the WebKit and in the iOS kernel, would have allowed remote execution of arbitrary code and the escalation of privileges, respectively, which could give a hacker enough access to his device and data. Does that mean you were hacked? Probably not! But there’s no point in taking a chance when you can protect yourself by installing the damn update.
Not all data leaks are created equal. In this case, ZDNet 2.28 million users of the MeetMindful dating app had information such as their real names, dating preferences, geolocation, Facebook user IDs and authentication tokens and “body details” shared as a free download on one hacker forum. According to ZNet, the forum topic that contained the download was viewed more than 1,500 times until Sunday. Dating profile information is useful not only for identity theft, but also for more aggressive extortion schemes.
Ransomware has recently exploded, with hackers successfully attacking everything from hospitals to international cities and corporations. The DoJ this week acted against one of the many groups responsible for that scourge, arresting a Canadian who claimed to have used the Netwalker ransomware to shake up victims for a combined amount of $ 27.6 million. Unfortunately, Netwalker is ransomware-as-a-service; the feds arrested an alleged affiliate instead of a central member of the group behind him. Still, progress is progress.
OK, well, it was a long week and this is an interview with a guy who had to use pliers to get rid of a chastity belt that a hacker had locked remotely. You deserve it.
More great stories from WIRED