We’ll get to the rest of this week’s security news in just a second, but before all that you need to carve out a little chunk of your day to read WIRED senior writer Andy Greenberg’s profile of Marcus Hutchins, the hacker who stopped the berserking WannaCry ransomware three years ago. No spoilers! But you’ll be glad you gave it a read. (Bonus: It’s not about Covid-19.)
In more timely news, the US called out China this week for Covid-19-related hacking that DHS and the FBI jointly said could disrupt vaccine production. It’s unclear why the agencies specified China when pretty much every country is doing the same, but the episode raises the question of what exactly is considered “in-bounds” espionage during pandemic.
Intel’s popular Thunderbolt port has a flaw that could allow a hacker with hands-on access to bypass a victim computer’s lock screen and steal all of its data. It affects devices sold before 2019, and more importantly only really impacts people who might be targeted by sophisticated nation-state hackers. Which is not most people.
In the UK especially, false 5G conspiracy theories have led to a surge of attacks against telecom workers and others. In the US, online voting has seen a wellspring of support, even though security experts still say it’s not safe. And we talked you through how to control who sees what posts of yours on social media.
And there’s more. Every Saturday we round up the security and privacy stories that we didn’t break or report on in depth but think you should know about. Click on the headlines to read them, and stay safe out there.
Last week, ransomware hackers struck a law firm that has an extensive celebrity clientele list. The group known as REvil locked up the files Grubman Shire Meiselas & Sacks, claimed to have stolen 756 gigabytes of data, and demanded a $21 million ransom to restore order. The hackers further threatened to leak the files they had stolen if the firm refused to pay. Which it has. That brings us to this week, when REvil not only doubled the ransom to $42 million, but leaked what it says are 2.4 GB worth of Lady Gaga’s legal documents. Take this next part with a grain of salt, or even a boulder: The hackers also said they had “dirty laundry” on Donald Trump, that they would release in a week if they weren’t paid. Trump has apparently never been a GSMS client, though, making it entirely possible or even likely that REvil is bluffing. Given that GSMS has steadfastly refused to pay up, we should know for sure in a few days either way.
In a 59-37 vote, the Senate this week failed to pass an amendment that would have required law enforcement to get a warrant before surveilling online browsing and search data. It needed 60 to pass. It’s not quite a done deal yet; the chamber did approve another amendment that would improve oversight of the Foreign Intelligence Surveillance Court, meaning the whole bill has to go back to the House of Representatives and then to Donald Trump to sign before it becomes law. It’s a disappointing shortfall, though, especially given that some senators that could have made the difference—including Vermont’s Bernie Sanders—didn’t show up for the vote.
Texas officials this week revealed that the state’s court system had been attacked by ransomware. The state’s Office of Court Administration said in a statement that it had disabled the affected branch network to avoid further spread. Cloud-based services like document filing and review weren’t impacted, and the state says it has no interest in paying the ransom.
Zerodium is the most influential zero-day broker out there. This week, the company said it would stop accepting several classes of iOS vulnerabilities for the next two to three months, citing a glut in the market. There’s not a lot of visibility into what precisely that means, for obvious reasons, but it seems in line with a series of recent high-profile security issues that have plagued Apple devices. Please note, though: iOS is still plenty secure for almost every user.
More Great WIRED Stories